elusiveat: (Default)
elusiveat ([personal profile] elusiveat) wrote in [site community profile] dw_suggestions2009-11-11 11:52 pm

html and OpenID

Title:
html and OpenID

Area:
OpenID

Summary:
I think you're going to develop a more receptive user base if you give OpenID folks the ability to use html in comments.

Description:
I recently had some OpenID folks expressing unhappiness with their inability to use html in a thread in my journal. I've already met with quite a bit of resistance to my decision to switch to dreamwidth from livejournal, and I suspect that others are meeting with similar resistance. I don't know whether OpenID is handled differently when posting to paid accounts (I do have a second account that is paid but have not done much with it so far). I think that at minimum you should try to fix this for paid account users, but will do best to elliminate the problem entirely.

Here's the thread: http://elusiveat.dreamwidth.org/325169.html?thread=1730609#cmt1730609

Note: I chose not to report this as a bug because I don't know whether it was a deliberate design decision.

Poll #1690 html and OpenID
Open to: Registered Users, detailed results viewable to: All, participants: 42


This suggestion:

View Answers

Should be implemented as-is.
13 (31.0%)

Should be implemented with changes. (please comment)
15 (35.7%)

Shouldn't be implemented.
11 (26.2%)

(I have no opinion)
2 (4.8%)

(Other: please comment)
1 (2.4%)

denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 07:35 am (UTC)(link)
Spam is a collective nuisance. The techniques spammers adopt aren't adopted because they want to deface a particular page, a particular journal, or a particular website; it is a firehose tactic where they attempt to deface millions of pages because they know only 1% will get through, and every one that does get through gives them more benefit, and every additional instance that does get through increases that benefit.

'Attractiveness' in this case, despite how [personal profile] zvi used it, has nothing to do with a particular aesthetic -- "spam on my journal makes my journal ugly" -- but the overall success rate of spam attempts on a service. If a spammer attempts one million spam comments on Website X and only one gets through, Website X will be less attractive to the spammer than Website Y, where five hundred thousand of their spam comments get through. The success rate on Website Y means that more of the spammer's attention will be devoted to it.

For real-world examples, look at wikis out there without any sort of spam deterrant; those that revert vandalism quickly and block spambots are not targeted at anywhere near the same rate as those that don't. (Not just in the sense of "there is less overall spam because it is being removed", but in the sense of "there are fewer spamming attempts made against the wiki".) Each individual act of spam is the vangard for a thousand zombie botnets waiting to spew filth.

I don't know if you ever look at LiveJournal's latest posts feed, but a month ago, you couldn't load that page without 85% (conservatively) of posts being spam. LiveJournal now suspends around 30,000 spambot accounts per day, after some recent changes. The spambots are evolving; if a site like DW were to say "okay, what if OpenID accounts could post links in comments and have them linked normally," the next step could very likely be for those botnet networks to create the accounts on LJ, where there is little obstacle to account creation (reCAPTCHA has not only been cracked, it's common to have "CAPTCHA forwarding" where the botnet farms out the human tests to humans who are paid pennies for every CAPTCHA solved), and then rather than use those botnet-controlled accounts on LJ, where spam activity could be detected by the spamtraps now in place, use them as OpenID accounts on other services. It's already happening, quite frequently, because most sites don't cooperate with each other to detect and block spam cross-network.
owl: Stylized barn owl (Default)

[personal profile] owl 2009-11-12 09:34 am (UTC)(link)
Non-essential buses to spammers!
pauamma: Cartooney crab holding drink (Default)

[personal profile] pauamma 2009-11-12 02:56 pm (UTC)(link)
Does a 1MV power bus count as "essential"? :-)
justhuman: (bunny2)

[personal profile] justhuman 2009-11-12 01:32 pm (UTC)(link)
Thanks for this, it really makes the situation more understandable.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 01:40 pm (UTC)(link)
It's kinda frightening how fast spam networks adapt and evolve. And I think a lot of people don't realize that the goal isn't to deface an individual journal, but to collectively get as many links into their home website (which will boost the rankings in search websites) as possible.

If you've ever wondered why sometimes you get spam that's nothing more than a string of nonsense characters that look like somebody walked over the keyboard, for instance, that's the reason. They do a test run of gibberish that's easily Googled, and hit (say) a million pages, then wait a month and Google the gibberish and see what kind of visibility they get, so they know what kind of Google juice a URL in that location would give them.
triadruid: Apollo and the Raven, c. 480 BC , Pistoxenus Painter  (Default)

[personal profile] triadruid 2009-11-12 03:37 pm (UTC)(link)
That makes sense. I'd wondered about the linkless spam on a wiki I administer. Thanks!
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 03:24 pm (UTC)(link)
There's a clarification further down this thread which explains why invisibly converting html to text deters spambots.