elusiveat: (Default)
elusiveat ([personal profile] elusiveat) wrote in [site community profile] dw_suggestions2009-11-11 11:52 pm
  • Add Memory
  • Share This Entry
Entry tags:

html and OpenID

Title:
html and OpenID

Area:
OpenID

Summary:
I think you're going to develop a more receptive user base if you give OpenID folks the ability to use html in comments.

Description:
I recently had some OpenID folks expressing unhappiness with their inability to use html in a thread in my journal. I've already met with quite a bit of resistance to my decision to switch to dreamwidth from livejournal, and I suspect that others are meeting with similar resistance. I don't know whether OpenID is handled differently when posting to paid accounts (I do have a second account that is paid but have not done much with it so far). I think that at minimum you should try to fix this for paid account users, but will do best to elliminate the problem entirely.

Here's the thread: http://elusiveat.dreamwidth.org/325169.html?thread=1730609#cmt1730609

Note: I chose not to report this as a bug because I don't know whether it was a deliberate design decision.

Poll #1690 html and OpenID
Open to: Registered Users, detailed results viewable to: All, participants: 42

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
13 (31.0%)

Should be implemented with changes. (please comment)
15 (35.7%)

Shouldn't be implemented.
11 (26.2%)

(I have no opinion)
2 (4.8%)

(Other: please comment)
1 (2.4%)

Flat | Top-Level Comments Only
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-11-12 07:06 am (UTC)(link)
Spam is a problem for the service as a whole, as well as an individual account owner. It eats up resources and makes the service unattractive to people who are considering signing up with it.
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 07:20 am (UTC)(link)
The attractiveness issue seems like a moot point if individual users are choosing what to allow (unless you're suggesting that the spammers would eat up so much bandwidth that the site would cease to function properly). I mean if you're talking about individual aesthetics, I can make my journal plenty unattractive without the help of spammers if I'm so inclined. I don't know why I'd do that, though.

Similarly, if I thought spammers were making my journal unattractive to my readers, I would select options that allowed me more control over content, maybe even screening non-DW users. Or (heck), only allowing comments from OpenID folk that I have on my Access List.

As for the using up resources issue, if that's really a consideration, I'd think that would be solved by making it only an option for paid accounts.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 07:35 am (UTC)(link)
Spam is a collective nuisance. The techniques spammers adopt aren't adopted because they want to deface a particular page, a particular journal, or a particular website; it is a firehose tactic where they attempt to deface millions of pages because they know only 1% will get through, and every one that does get through gives them more benefit, and every additional instance that does get through increases that benefit.

'Attractiveness' in this case, despite how [personal profile] zvi used it, has nothing to do with a particular aesthetic -- "spam on my journal makes my journal ugly" -- but the overall success rate of spam attempts on a service. If a spammer attempts one million spam comments on Website X and only one gets through, Website X will be less attractive to the spammer than Website Y, where five hundred thousand of their spam comments get through. The success rate on Website Y means that more of the spammer's attention will be devoted to it.

For real-world examples, look at wikis out there without any sort of spam deterrant; those that revert vandalism quickly and block spambots are not targeted at anywhere near the same rate as those that don't. (Not just in the sense of "there is less overall spam because it is being removed", but in the sense of "there are fewer spamming attempts made against the wiki".) Each individual act of spam is the vangard for a thousand zombie botnets waiting to spew filth.

I don't know if you ever look at LiveJournal's latest posts feed, but a month ago, you couldn't load that page without 85% (conservatively) of posts being spam. LiveJournal now suspends around 30,000 spambot accounts per day, after some recent changes. The spambots are evolving; if a site like DW were to say "okay, what if OpenID accounts could post links in comments and have them linked normally," the next step could very likely be for those botnet networks to create the accounts on LJ, where there is little obstacle to account creation (reCAPTCHA has not only been cracked, it's common to have "CAPTCHA forwarding" where the botnet farms out the human tests to humans who are paid pennies for every CAPTCHA solved), and then rather than use those botnet-controlled accounts on LJ, where spam activity could be detected by the spamtraps now in place, use them as OpenID accounts on other services. It's already happening, quite frequently, because most sites don't cooperate with each other to detect and block spam cross-network.
owl: Stylized barn owl (Default)

[personal profile] owl 2009-11-12 09:34 am (UTC)(link)
Non-essential buses to spammers!
pauamma: Cartooney crab holding drink (Default)

[personal profile] pauamma 2009-11-12 02:56 pm (UTC)(link)
Does a 1MV power bus count as "essential"? :-)
justhuman: (bunny2)

[personal profile] justhuman 2009-11-12 01:32 pm (UTC)(link)
Thanks for this, it really makes the situation more understandable.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 01:40 pm (UTC)(link)
It's kinda frightening how fast spam networks adapt and evolve. And I think a lot of people don't realize that the goal isn't to deface an individual journal, but to collectively get as many links into their home website (which will boost the rankings in search websites) as possible.

If you've ever wondered why sometimes you get spam that's nothing more than a string of nonsense characters that look like somebody walked over the keyboard, for instance, that's the reason. They do a test run of gibberish that's easily Googled, and hit (say) a million pages, then wait a month and Google the gibberish and see what kind of visibility they get, so they know what kind of Google juice a URL in that location would give them.
triadruid: Apollo and the Raven, c. 480 BC , Pistoxenus Painter (Default)

[personal profile] triadruid 2009-11-12 03:37 pm (UTC)(link)
That makes sense. I'd wondered about the linkless spam on a wiki I administer. Thanks!
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 03:21 pm (UTC)(link)
Thanks for the clarification. I still think that DW is going to have big problems taking off without being friendlier to OpenID, but I don't have an obvious answer.

I do wonder about the degree to which invisibly converting html to text is going to deter spambots. How much difference does it make to the spammer whether their hyperlink shows up as a link rather than as text? I guess a lot of users are "click-happy"? Has any analysis been done about how much difference it makes?
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 03:24 pm (UTC)(link)
There's a clarification further down this thread which explains why invisibly converting html to text deters spambots.
Flat | Top-Level Comments Only