I knew we could rely on you! Sorry to mislead about passwords and ramp up the paranoia even more.
I had an idea to mess up the spammers....put a block on any user posting more often than, say, every 5 or even ten minutes. If we knew about it it would not inconvenience too much (few are so prolific) , but it might mess up the productivity of the spammers, having to wait 10 minutes or create a new ID all the time. Just an idea....prolly won't work.
I just got Captcha'd again! That's okay, it was a useful experience. Since the Captcha was unbranded (which I'm assuming means the Captcha bit itself did not identify that it was generated by Mollom) WMG is probably using a version of the Paid service rather than the Free service. Woohoo! This spam crap is annoying enough to them where they're actually willing to throw money at it! Nice to see it won't be another GagaLive solution.
My post probably got snagged because it contained links. That's a good first step. However, those links refer to the site where the post was being made to begin with. Um, guys, think we can be a bit brighter about that? MMMkay?
Silly Deadheads, they trackses us with the Precious....
Sorry, couldn't resist!
I haven't the time to do a full Graham and Dodd on them, nor was I consulted in either their selection or implementation, but from what they claim they appear to be well-intentioned reasonably competent white hat types. I have chosen to view them as benign. As for what potentially personally identifying information they retain and for how long, they claim to anonymize content (ie separate what was posted from the identity that posted it) after two months. Further, the identity information (IP address, User ID, email address, time of posting) is only as identifying as the credentials the user creates on the site that uses the service.
One special point I would make, since Brother Badger may have left some with an incorrect impression, is that one piece of data that is most certainly NOT being tracked is user passwords. This is because there is no way for this site to provide them as they don't have them stored in plain text. As with all unix-like systems, only the results of encrypting users passwords are actually stored. The unix password encryption algorithm design is a totally secure one way trapdoor. Actually kind of a thing of beauty, if design elegance does anything for you. Passwords encrypted with this technology cannot be decrypted, hence the term one way trap door. This is why on most sites if you forget your password they can't just give it to you but they can cheerfully reset it to something else anytime you want. I could go on at length about this but I'll spare you furthur dizzying detail unless you PM me begging for more because you just can't seem to get to sleep.
Anyway, back to the new technotoy. The service analyzes all proposed new posts and initially classifies them as "Good," "Bad" or "Unsure." Items marked as "Good" get posted directly and items marked "Bad" get returned to the site's moderation queue. When something gets classified as "Unsure," the posting user is then confronted with our old pal, Captcha, and if the Captcha is satisfied correctly the item posts directly. I got confronted with one of those yesterday when I commented on the "What Would Be The Answer" thread. What I said didn't strike me as particularly spammy. Maybe a little snarky, but whatever. Obviously the thing is plugged in.
As to how effective it may be, let's think about the social engineering involved. They have been using Captchas here for a while and that did thin out the purely Bot based spam, but we seem to be plagued by dedicated little Hormel subcontractors who aren't deterred by Captchas at all. I haven't read the specs for the API or the Drupal plugin code Mollom makes available, but I can't help wondering out loud if perhaps any items that get returned as "Unsure" should probably go to the moderation queue regardless of whether the user satisfies the Captcha or not. That approach may from time to time result in legitimate user posts being delayed in public release but will most assuredly curtail all the human generated spam.
Once again, it simply becomes a question of how much freedom are we willing to sacrifice in order to obtain a perception of security, in this case security from being deluged with dreck. OK, I'll stop there before I have to cross-post in Life, The Universe and Everything.
The spam on this site is getting ridiculous. These people appear typically around 4-6am est with multiple user names. The Chinese spammers I find to be totally ridiculous. Are they so ethnocentric that they believe there are Chinese reading people on this site? Well, yes, I know there are a few but what in God's name do they hope to accomplish?
Short of dead.net hiring a mod. 24 hours a day to monitor who is online there is no way to entirely stop the spammers. Especially the more clever spammers who start with a few words on topic and then go into their spiel.
I vote for 4 hour shift mods. compensated at minimum wage as credits to be spent on the dead.net store. Giving away free product to keep this commercial site free of clutter is really cool way to go. Anybody who would volunteer to spend 4 hours with their finger on the nuke button for a $32 credit in the store is to be commended.
..Mollom don't seeem to work so well as the whole place has been spammed to hell again. Maybe it has to take time to learn to recognise the invaders.
Very frustrating for us and for the mods and tech folks too I bet.
The Spam Captcha has gone and you will now see a notice at the bottom of the page that says:
Well I am glad they are trying to eliminate the spammers, but I am not sure I like this. Or am I being paranoid. Can someone who knows about this kind of thing give an opinion.......that means you Mr Pid :-) pleeeease.
Going on for ever, but still great!
Thanks for the spin-off, marye.