Terence Eden

A bit of a moan, but I need some advice.

Currently https://openbenches.org allows *anyone* to upload a bench & photo without registration.

It has been mostly fine but yesterday an anonymous user added some stupid photos. Only the 4th time that's happened.

I wanted to restrict adding & editing to registered users. But today a GitHub user went in and deliberately vandalised one of the entries.

The users have been banned and the changes reverted.

Is there a realistic way to stop this?

OpenBenches Welcome!

Feb 23 at 1:52pmWeb
Show threadTerence EdenFeb 24

Reluctantly restricting edits on OpenBenches to those who have previously contributed photos.

It will stop drive-by vandalism, but will also stop casual editing.

If you are affected by this, please let me know and I'll work something out.

Show threadBen HardillFeb 23

@Edent Given the timing do you think they are related?

All the solutions I can think of at the moment require moderation overhead e.g. anonymous submissions requiring review

Show threadTerence EdenFeb 23

@ben unlikely - both seem unrelated and have different IP addresses.

I think it's just coincidence. But has riled me up a bit.

Show threadWouter LindenhofFeb 23
@Edent Basically you need moderation. And the next question is what can be automated and what requires a human touch.
Show threadTerence EdenFeb 23
@DevWouter yeah, that sounds about right.
Show thread@[email protected]Feb 23

@Edent An idea: only allow people edit/delete attributes if they have been vetted by at least one existing contributor who has been active for X amount of time? And showing the vetted relationship. This might create a social guard rail preventing people from being jerks?

Not my original thought, but based on how lobste.rs did (does?) this when requesting an account.

Show threadTerence EdenFeb 23
@BjornW it is a good plan. I'm worried about the balance between ease of use and locking it down.
Show thread@[email protected]Feb 23
@Edent understandable, but perhaps sharing the vetting process between trustworthy contributors may retain this balance?
Show threadBen CFeb 23
@BjornW @Edent just for the data point, I probably wouldn’t have started contributing if this was the case.
Show threadKate BowlesFeb 23
@Edent @BjornW I think good faith users would accept this trade off because the whole premise of the site involves images that matter deeply and personally to actual people.
Show threadJez NicholsonFeb 23
@Edent ditto. I had someone uploading "plaques" glorifying themself. Very odd.
Show threadTerence EdenFeb 23
@jez all hail Emperor Jez!
Show threadJez NicholsonFeb 23
I do of course have a plaque.....
Show threadKhleedrilFeb 23
@Edent Provide a Captcha-type service and ask people to click on any benches? Maybe this could be a requirement before making a new post, so the contributors validate each other?
Show thread210561 ✨ [Q]Feb 23
@Edent if it was me, send the first few contributions to a review queue until the user is marked probably good
Show thread🦉Feb 23
@Edent Pretty impressive to have gone so long with minimal vandalism
Show thread🦉Feb 23
@Edent (although looking over my contributions has reminded me of a nice walk along the river from Worcester that I'd forgotten about)
Show thread🦉Feb 23
@Edent although would be nice if I could transfer the credit from my twitter account to masto/bluesky instead
Show threadTerence EdenFeb 24
@ignoredambience if you let me know your usernames, I'll manually merge them.
Show thread🦉Feb 24
@Edent Thanks, not actually logged any since 2021, but the next bench I log will keep in mind
Show threadSamir Al-BattranFeb 23

@Edent terrible people ruin it for everyone!

My suggestion is to reduce authentication options, and use social stats to determine if the user needs moderation or not. also give different weights to different platforms
i.e. if they connected LinkedIn and have > 100 followers then no moderation, X then 200, Github 10 contributions and must be over a period etc

Show threadMikeFeb 24
@samir @Edent could use an even simpler heuristic of account age. The majority of spam is from "young" accounts that have existed for less than e.g 1y (arbitrary starting choice - pick any time period that balances ease with spam).
Show threadTerence EdenFeb 24
@blu3id @samir
Sadly the GitHub spam came from a user with an account there from 2024.
Show threadSamir Al-BattranFeb 24

@Edent @blu3id

ugh, spam is an industry

I remember years ago a group of users used our service to coordinate twitter attacks by creating massive threads (at the time, we were the only service that lets you schedule threads), dozens of accounts creating 100+ post threads of , so it's thousands of spam tweets/second

The result? We limited threads to only 10 posts in the free plan and the service sucked for all free users...
Few rotten applies just had to ruin it for everyone else

Show threadSemitonesMar 3
@Edent Just an idea, if an existing user in good standing vouches for you, maybe you get to skip the mod queue?