Add better spam controls

I started getting spam comments on my posts and every time I have to remove many comments by the same user going to my profile.

Add an option to mark as spam when deleting. This should do the following,

  1. Remove all comments by the user
  2. Send a notification to podmin.
    a. podmin should be able to see all spam requests in one place and bulk remove all spam users.

In addition, automatic spam detection and notification would be even better. When a user is notified of spams, they should be aable to clear all spam in one place.


Note: This discussion was imported from Loomio. Click here to view the original discussion.

Some discussion about it https://pod.geraspora.de/posts/1889434

There is already an option on the develop branch to report a post to the podmin. Please see this issue

Another point is that the podmin should be able to delete a user easily, and that should delete the posts of this user too. Best of all, it should send the delete event to the federation to clean other pods.

The biggest problem right now are spam comments. AFAIK we don’t support remote deletion of comments so it would be great if the podmin could easily tell the pod of the original post to delete some comments and to tell everyone else to delete them.

I’m pretty sure Maxwell did this with a spammer recently, and I’ve asked him how he did it, because if we can publicise it, perhaps on the wiki, it could really help podmins combat spam.

There is this great plus and minus system for comments on news articles used by http://tweakers.net. When there are crap posts/comments the community can simply tab “-1”. If the overal score of the comment isn’t equal to or more than 0, the post is hidden. You have to click ‘a red bar’ to open the -1 comment. Example here: http://tweakers.net/nieuws/94168/vodafone-verhoogt-downloadsnelheid-b+s+w-abonnementen-naar-14-komma-4mbit-s.html (scroll through the comments and see for yourself).

It’s the busiest tech website in The Netherlands and I must say they’ve managed to keep their website and comments quite clean! It’s a great way to involve the community and to unburden the podmins.

Sorry, the ‘red bar’ is actually just a bar where a red “-1” can be seen. You’ll see :slight_smile:

And to add something. Maybe, when a user gets ‘a lot of’ -1’s the podmin has to be notified and must be able to easily remove a user.

This will prevent to much overhead for podmins when he/she has to check every user(spam)-notification that’s made by the pod’s users. -> For the podmin only gets mail when ‘many’ users have given posts from a certain user a “-1”.

I say email verification - that would make it substantially more difficult to register spam bots.

Thanks for approving me to this group.

One thing, a German user bring to my attention is this problem:

What if a spammer creates an own pod, set up some bots and flooding the rest of the network from this pod? As podmin, he could exclude everyone else (maybe except the users he’s annoying) from deleting the spam comments …

As countermeasure, podmins could grant some trusted community members the right to help removing spam comments as proposed here: https://pod.geraspora.de/posts/1889434

Marek tried to define some filters which could apply to users marked by the community as spammer: https://pod.geraspora.de/posts/1800498

This way, a podmin would have a little less burden to carry.

Last bullet by me: I’ve discussed with Faldrian a bit in German: https://pod.geraspora.de/posts/1875934
The idea is to take the current spam waves to define some heuristics to determine the spam comments. Of course, this would be always behind the wave, but could somewhat automate the process …

On the other hand, continuosly self-rewriting code seems to be the next big thing (?) http://news.thefirefoxos.org/2014/01/27/ex-google-mozilla-bods-to-outwit-evil-bots-with-polymorphic-defence/

@ryunoki AFAIK the post authors pod is responsible for distributing/deleting comments. A bad podmin could be a problem but he can’t prevent others from deleting his comments. Nevertheless we could think about an easy way for podmins to ignore accounts or pods.

If the had some kind of community governed central hub (krhm) - we could easily maintain a blacklist of bad pods that would be pulled in to all pods (opt-in) daily.

Even if we enable easy pod blocking in settings - it would not really help that much since it would require every single podmin to be active when bad pods appear.

Yes, because it can become a problem, I wanted to bring it up here, so we can think about a solution.

@jasonrobinson Do you think, it can be automated even further? So that all podmins would have to do is being up-to-date?

@jasonrobinson How about managing those lists via github? We could add lists of bad users and bad pods on diasporafoundation.org. Changing those lists could be done via pull requests on github and we could add a line in the config file where the podmin is able to enable the feature and specify the source of the blacklists.

@steffenvanbergerem sure that would work - as long as the podmin only has to activate the feature. Nice idea.

It would also be worth alerting the podmin if a spam account has either been invited by another account or has itself sent out invites before being closed, and giving the podmin the option to close these ‘linked’ accounts (and cancel the invites) as well as closing the spam account.

One thing which might be possible and which could help would be the inability to post the same comment more than twice in a set period of time. This would at least slow the spammers up and make it harder for bots to spam. Say, if you post the same comment (or within 95% the same, if it’s not too difficult to do the logic for that) within a space of ten minutes, you then can’t post a similar comment for a set period of time after that.

At least this would limit the reach any spammer can achieve, although it wouldn’t stop them.

If someone does try to post a similar comment a third time, the podmin of their pod could be alerted to possible spam so they get chance to check it out and deal with it asap, rather than only finding out when another user complains.

@goob Before doing anything like that we should implement easy steps for podmins to remove a user which signed up on that specific pod including all posts and comments and all posts and comments already send to other pods. We should also implement an easy way for podmins to delete a user with all posts and comments from a pod and block future posts and comments from that user or from a whole pod. After that we can talk about what needs to be done to inform a podmin about spam accounts / spam pods.

Yep, I agree (said the same elsewhere). I’m thinking aloud about all the possible things that could be done to combat spam on the network.

Hm, I’m not sure, wether your last thought would work, since one has to assume a certain distance to another pod. So the time gap could be too inaccurate.

For me, we can collect ideas here meanwhile …