The real solution -- and let me preface, I have no idea how we as a society get to a point of implementing it -- but the solution is the same as it has always been for business models that don't...
The real solution -- and let me preface, I have no idea how we as a society get to a point of implementing it -- but the solution is the same as it has always been for business models that don't follow the rules.
If someone sends you a spam email, they are fined $100. If a person working for a business creates a bot that lies and says it is not a bot when it signs up for something, that person and that entire company face significant civil penalties -- fines, revocation of business licenses, etc.
Yes, I know how the Internet works. I know there are whole industries devoted to this stuff, in countries that laugh at other countries' demands of civil penalties. And that's even assuming you can develop a system to reliably identify the originating parties.
Like I said, IDK how to change the Internet and/or our global society to be able to implement the solution.
I do believe we are on a road where "The Internet" is largely replaced by nation-bounded networks, each setting up their own rules, some more enforceable than others. That's the closest to an actual solution I see happening, looking at our current global arrangement.
But yeah ... barring real-world consequences, this never ends.
This statement alone describes so much of the nightmare that capitalism has inflicted upon us in an increasing intensity over the last fifty or so years. It can easily be applied to any of the...
barring real-world consequences, this never ends.
This statement alone describes so much of the nightmare that capitalism has inflicted upon us in an increasing intensity over the last fifty or so years. It can easily be applied to any of the various enshittifications we've experienced in our lifetime whether it comes to products sold directly by companies, to public spaces we frequent, or even to governments which supposedly represent us. The world has increasingly become devoid of consequences for problematic behavior, and everyone is paying the price.
Yes the profits are always private while the costs are public. A lot of the richest people in the world get huge subsidies and/or their employees are underpaid so they rely on public services.
Yes the profits are always private while the costs are public. A lot of the richest people in the world get huge subsidies and/or their employees are underpaid so they rely on public services.
This is basically the cheating problem in videogames, writ large - preventing cheating requires making the client trustable on the customer's PC that they have admin control on), which is not...
This is basically the cheating problem in videogames, writ large - preventing cheating requires making the client trustable on the customer's PC that they have admin control on), which is not possible in a conventional security paradigm. F2P games make it impossible to permanently.ban cheaters, since a new account is free, but even paid games are limited to basically $50 for caught cheaters to get a new account.
Currently, EA etc are trying to push kernel-level anticheat, which gives the game company complete control over your computer (and doesn't really work on Linux, so they tend to just not support Linux) and is a huge security vector obviously. All to mitigate a problem that is impossible due to the assumptions in the problem as defined.
Meanwhile, South Korea has solved the problem quite nicely: you need a govt ID to sign up for online videogames (for reasons of videogame addiction laws), and anyone caught cheating will be fined by the govt. I think the fine is ~$1000 IIRC. Now the problem is reduced down to identity theft and keeping an eye on past offenders (if you didn't permaban them).
You think that requiring a govt account system is worse privacy-wise than 1) having a corporate account system (the PSN in particular is notorious for having swiss cheese for security and privacy)...
You think that requiring a govt account system is worse privacy-wise than 1) having a corporate account system (the PSN in particular is notorious for having swiss cheese for security and privacy) and 2) having to install a literal rootkit whose behavior is opaque by design?
Yes. You can insulate yourself from consequences of those options failing by setting up a dedicated billing account or gaming machine that isn't linked to anything sensitive. This is far...
Yes. You can insulate yourself from consequences of those options failing by setting up a dedicated billing account or gaming machine that isn't linked to anything sensitive. This is far preferable to the government having the ability to log everything you do online and tie it to your real identity.
Look at it this way, the worst PSN can do is ban you, delete your account, and remove access to all your games. What if the Government decides to outlaw JRPGs because they're a 'threat to...
Look at it this way, the worst PSN can do is ban you, delete your account, and remove access to all your games.
What if the Government decides to outlaw JRPGs because they're a 'threat to humanity' and they know you bought the Hyperdimension Neptunia series on Steam? How are you gonna say "wasn't me" when they come knocking?
If the govt wanted to do that they would call up Sony, and ask for access to the PSN database to see if you're a threat to humanity. Or, y'know, just ask for access to that rootkit. Meanwhile, at...
What if the Government decides to outlaw JRPGs because they're a 'threat to humanity' and they know you bought the Hyperdimension Neptunia series on Steam? How are you gonna say "wasn't me" when they come knocking?
If the govt wanted to do that they would call up Sony, and ask for access to the PSN database to see if you're a threat to humanity. Or, y'know, just ask for access to that rootkit.
Meanwhile, at least in democratic countries, your government won't do that; if they do, then call up your local MP and complain.
To be honest, yeah. For one, the information Sony has is limited and so is their ability to do anything with that information. The government has ultimate power within their sovereignty in the...
To be honest, yeah. For one, the information Sony has is limited and so is their ability to do anything with that information. The government has ultimate power within their sovereignty in the end.
And, would I trust Sony to be better stewards of my data than the Trump administration? Yeah, yeah I would.
This is a controversial opinion, and I'm not even going to say that it's a good thing or that I trust them, but Google's idea for Web Environment Integrity may have been on to something. (in...
This is a controversial opinion, and I'm not even going to say that it's a good thing or that I trust them, but Google's idea for Web Environment Integrity may have been on to something. (in short, it was a DRM, but in theory it was a way to know if the browser surfing the web was a genuine person)
enforcement that granular is nearly impossible, but yes. A lot of things in society would line up if companies were fined for action. The other way to hold users accountable is to make them pay to...
enforcement that granular is nearly impossible, but yes. A lot of things in society would line up if companies were fined for action.
The other way to hold users accountable is to make them pay to opt in. SomethingAwful was known for this (10 bux) long long ago. You make a one time fee, it can even be as small as $1, and any enforcement does cost that user money. Ban evasion has a financial cost and pretty much eliminates spam as a concept.
At this rate with rampant spam and AI, I think it's inevitable that I eventually migrate to a "premium community" for these reasons.
The barrier to this is the consequences need to be applied to those who are least vulnerable to having enacted and enforced consequences. An FDR and Lincoln come by one in a while to kinda sorta...
The barrier to this is the consequences need to be applied to those who are least vulnerable to having enacted and enforced consequences. An FDR and Lincoln come by one in a while to kinda sorta equalize things, but the trend is always toward concentration of the means of production in the hands of a few.
Not sure the solution, either. Chop wood and carry water I suppose.
I live in Czech Republic and our (Czech) domain registry operator (as in Network information center, in this case CZ.NIC) made a service called MojeID. This service is completely voluntary, you...
Exemplary
I live in Czech Republic and our (Czech) domain registry operator (as in Network information center, in this case CZ.NIC) made a service called MojeID. This service is completely voluntary, you can use it or you may not, up to you. This service let's you to register yourself using e-mail and from there you can add telephone number, your home address and go up to be fully authenticated as a real person in the real world (you have to go to he office to give consent to let CZ.NIC use your personal data for authenticating that you are indeed the person you deem to be). The level you authenticate to is up to you, you can stop with e-mail or you can add more. Why would you do that, you ask?
I can use MojeID (fully authenticated) to access my data on the state level (I can ask for renewal of my driving licence for example, or when Covid was everywhere I could have logged in and accessed proof that I had been vaccinated). I can also log in to e-shops and they ask for consent to get my information from MojeID (address to deliver orders etc.) and I can select to give it or to just use the service for log in purposes (and add the address the old way). E-shops and forums doesn't need high levels of authentication though.
Where I'm going with this - MojeID could easily act as the middle man for authenticating me to various other services. If my personal MojeID account has some problem (ie. lying, cheating in games, not paying for orders or whatnot) it could be flagged and I can't use it anymore until I redeem myself in some way (to my knowledge this isn't the case as of now, but I can see it being used/useful in this way). And because it can be connected to real person, this real person cannot make new account and could possibly bear the real consequences (ie. police investigation).
What I'm saying is there should be such a service for worldwide use. It should still be voluntary! But services (webpages) may opt-in and want you to have this service active to be able to participate or at the very least to be able to stand out as real person (once again - this being voluntary; if you wanted to have that "verified" badge).
Consider Tildes. I believe we are all real here, no bots (or if any, they are under control of someone trustworthy and they have their use). Why is that? Because we do just what I described - we allow only certain people in. We don't care about them being real or not having multiple accounts, we don't care about their real identity. But we have functioning system based on trust, we are actually middle man for our own website, we "verify" the access by sending invitations personally to people we (personally) know.
On the side note - Do I believe CZ.NIC isn't sharing my data on their own? Yes, I absolutely fully believe in that, they are very trustworthy nonprofit organization here, very capable, very technically advanced, they know what they're doing (they are the authors of Turris router for example which is a project where router owners may opt-in to capture various attack vectors on their router and share it with CZ.NIC to make defending against them easier). If such a service should become worldwide, it would have to carried out by such technically knowledgeable nonprofit organizations (like a consortium of them or whatever). If this existed, I would be using that. It would stand as a middle man for me and the website to handshake my identity without the website actually knowing it. There is no need for each country to make their own flawed systems if there could be one really good and robust one. Well, we have 14 competing standards...
Reasons why I use MojeID and why I would use such service worldwide are easy for me - I tend to conduct myself on the internet as I would have in real life. I'm not saying things I wouldn'ŧ say in person and I stand behind my words, even if I'm not right (meaning that I can accept being corrected on something and not hiding my previous error). I tend to use my nickname across the internet and if possible, I use MojeID for that as it verifies it is not someone else who just registered with my nickname for whatever purpose it may have (ie. false accounts to look like someone else and act on that fact). This is why I would use such a service if it was available worldwide. I would be the real Pavouk106 (verified) everywhere I register. This is what I miss on the internet - identity theft (or obfuscation or re-registering) is soooo easy! If it wasn't, it would bear consequences even for people that blatantly lie about things or try to cheat in games or whatever. But it must not be made by a state/country. This should be made by people who know something about it, hence why NICs could/should be the authority who makes it happen.
Tildes is mostly protected by being so small, and by Deimos keeping a lot of who's invited who: it takes a bit of effort to set up an account, and then spam links can be nuked pretty quickly....
Tildes is mostly protected by being so small, and by Deimos keeping a lot of who's invited who: it takes a bit of effort to set up an account, and then spam links can be nuked pretty quickly.
Anything bigger and I truly believe the state needs to get involved like your MojeID. Even mediocre state authorities are still more trustworthy than the average spam farm.
The thing is that MojeID is not owned or controlled or managed by state. CZ.NIC might get (as a nonprofit) its funds from state, but it's not contrlled by it either (on a sidenote I think they...
The thing is that MojeID is not owned or controlled or managed by state. CZ.NIC might get (as a nonprofit) its funds from state, but it's not contrlled by it either (on a sidenote I think they actually have a lot of money). I really think that state shouldn't have anything to say into such things because it could be easily misused (ie. in case of political change). And if something like MojeID worked worldwide with many such nonprofit organizations behind it, it wouldn't be misused by any politics or states (well, at least not that easily).
At least we can dream of service like that.
And yes, Tildes is kept up to standard by at least Deimos. But I believe everyone of us thinks twice before sending invites thus doing their job to keep Tildes in shape. I sent none up to this day as I don't really have people who would be interested enough or who would be up to our standards here.
It's something several countries do, especially in Asia. But historically, the US has always denied attempts to create national ID. The Social Security was never designed for that, ut became a...
It's something several countries do, especially in Asia. But historically, the US has always denied attempts to create national ID. The Social Security was never designed for that, ut became a sort of backdoor for it ( a very weak one, at that).
But perhaps the digital age will play the US's hand. even a digital ID would solve a lot of problems if popular sites can integrate it.
We have something in Singapore like this called SingPass, but administered at state level rather than by a third party like NIC- it’s a government run app which is tied to your national ID. It’s...
We have something in Singapore like this called SingPass, but administered at state level rather than by a third party like NIC- it’s a government run app which is tied to your national ID. It’s secure, stable and used to access both government functions (e.g. access to economic stimulus vouchers) as well as high security private functions e.g. submitting your personal date to insurers or banks.
In the Netherland we have something similar called DigiD used to log into government agency websites (taxes, student loans, etc) but also various other organizations like my health insurance, the...
In the Netherland we have something similar called DigiD used to log into government agency websites (taxes, student loans, etc) but also various other organizations like my health insurance, the portal used by my GP and pharmacy. It works quite well but, when you use it to log into a service it also provides your citizen service number, which is a unique identifier for each person and somewhat privacy-sensitive.
Ideally, if this was used for more than just the earlier mentioned agencies and services there would be a way for websites to authenticate you through the service without disclosing that ID.
Yes, unfortunately we were quite casual about using our national IDs as identifiers in all sorts of places until a few years back so now the official line is that the ID number and the physical...
Yes, unfortunately we were quite casual about using our national IDs as identifiers in all sorts of places until a few years back so now the official line is that the ID number and the physical itself is not secure information, it can be used to identify but not to verify, which can only be done through biometric systems like those the app uses.
Its a bit of a mess in terms of data protection admittedly, but the front end works great.
That's great! So it can be run by state as well! Actually we have electroni ID cards here, it could be used like that too. If only state wouldinvest in it. But MojeID already does such thing so...
That's great! So it can be run by state as well!
Actually we have electroni ID cards here, it could be used like that too. If only state wouldinvest in it. But MojeID already does such thing so why bother... And banks jumped in as wel with BankID which can also tie the login with real.person.
In the comments following the article, someone suggested an annual membership fee as an effective way to weed out spammers. Is the marketing firm behind the LLM willing to invest fifty dollars to...
In the comments following the article, someone suggested an annual membership fee as an effective way to weed out spammers. Is the marketing firm behind the LLM willing to invest fifty dollars to participate in a small independent website? Likely not.
I don't love this solution but I believe that it solves the problem.
I think requiring people to put some skin in the game solves a lot of problems. I'll always have fond memories of the golden age of the internet when good discussion was free, but I don't mind...
I think requiring people to put some skin in the game solves a lot of problems.
I'll always have fond memories of the golden age of the internet when good discussion was free, but I don't mind paying if it preserves websites that still have that feel.
This is the place where I wonder what happened to microtransctions? There are plenty of sites where I wouldn't pay $5 to sign up, but I would pay ten cents to read the article or 1 cent to post a...
This is the place where I wonder what happened to microtransctions? There are plenty of sites where I wouldn't pay $5 to sign up, but I would pay ten cents to read the article or 1 cent to post a comment, assuming I can quickly process the transaction in a few clicks without crazy additional overhead.
I feel like a few of the larger newspapers could get together and bankroll this and it would be a win for them and everyone else. But maybe they would just jack fees up and try to own everything instead of letting it exist as a public good.
I mean, you can’t. At least if the money is coming from a bank account. Stripe’s pricing is 30c + 3%, so the transaction would cost more than the 10c. Of a dollar, a third would go to the payment...
assuming I can quickly process the transaction in a few clicks without crazy additional overhead.
I mean, you can’t. At least if the money is coming from a bank account. Stripe’s pricing is 30c + 3%, so the transaction would cost more than the 10c. Of a dollar, a third would go to the payment processor.
Same story with crypto.
The only exception would be wallet systems where money never has to move from a bank. Bits flipping in a database is close enough to being free. Venmo, for instance, has no transaction fee. But adoption in the US is too low for that. You could probably try it in like China, where alipay is sufficiently used.
I imagine the way the micro transaction operator would work in that ecosystem is that a user would "top up" their account with $5 or so (with incentives to get them to fill it with more money at a...
I imagine the way the micro transaction operator would work in that ecosystem is that a user would "top up" their account with $5 or so (with incentives to get them to fill it with more money at a time, to amortize those transaction fees). The site getting paid would get paid on a regular basis, or when their payments reached a certain level, also to amortize those fees. Eventually the micro transaction operator could get big enough to become their own bank / payment processor.
Flattr might have been ahead of it's time maybe? Patreon might be able to expand their model to also include the possibility to pay for one-off content within their current user base (both...
Patreon might be able to expand their model to also include the possibility to pay for one-off content within their current user base (both creators and consumers)?
This makes me really wish HTTP 402 were adopted at all. Anywhere. I'd love to load up $5 into my browser and visit a news site for 2c, or post to a forum for .05 cents.
This makes me really wish HTTP 402 were adopted at all. Anywhere. I'd love to load up $5 into my browser and visit a news site for 2c, or post to a forum for .05 cents.
That's a financial issue. Transactions have a cost, and payment processors (on top of charging merchants to begin with) tend to penalize vendors who charge very small amounts. $1 is effectively...
I would pay ten cents to read the article or 1 cent to post a comment, assuming I can quickly process the transaction in a few clicks without crazy additional overhead.
That's a financial issue. Transactions have a cost, and payment processors
(on top of charging merchants to begin with) tend to penalize vendors who charge very small amounts. $1 is effectively the minimum anyone can charge for any single transaction.
And of coursae, inflation doesn't help. a quarter for a newspaper doesn't go as far as it used to, even with digital media cutting printing costs.
Some authors on Substack will put part of their content behind a paywall and/or limit comments to paid subscribers, and they do have some success. But I think small forums without a good writer to...
Some authors on Substack will put part of their content behind a paywall and/or limit comments to paid subscribers, and they do have some success. But I think small forums without a good writer to attract new subscribers would have a tougher time of it. I’d worry that they won’t attract any new members at all.
Metafilter and Something Awful have a one-time $5 signup fee, and it seems to work pretty well. But they have also decades worth of activity and users, starting from scratch with a fee is...
Metafilter and Something Awful have a one-time $5 signup fee, and it seems to work pretty well. But they have also decades worth of activity and users, starting from scratch with a fee is practically impossible. Tildes way of doing it with invite only also seems to work reasonable well, but it doesn't remove the moderation problems with ever more sophisticated LLM bot users.
There's tons of ways to address this. Tildes does referrals (or you can go out of your way to request for access). Other things require phone number validation, or signup/subscription fees, or...
There's tons of ways to address this. Tildes does referrals (or you can go out of your way to request for access).
Other things require phone number validation, or signup/subscription fees, or require a smart phone with hardware attestation (and usually a phone number too)... Etc.
Basically you raise the bar a bit where large scale spam isn't practical. It won't keep all the spam out, but that's never the point. It's to find that sweet spot that doesn't add too much friction to user signups but just enough so spam is curtailed to the point that moderation is still practical.
The other side of that coin is LLMs enable a type of real time moderation that was unthinkable before. A user can post something and an LLM can prescreen it and flag it for moderator approval. Overtime you can build a custom data set of allowed vs unallowed comments and tailor an auto mod to your specific site.
I like the idea of fighting LLMs with LLMs. It's not a perfect solution, but as the technology gets cheaper, it benefits the cat too, not just the mouse. In general, I think spam filters and other...
I like the idea of fighting LLMs with LLMs. It's not a perfect solution, but as the technology gets cheaper, it benefits the cat too, not just the mouse.
In general, I think spam filters and other behavior-observing approaches are underutilized. Look at the behavior that aphyr documented: just enough fakery to get in the door, and then the first post is something an LLM could easily flag. And actually, an LLM would be overkill. Even a simple Bayesian filter would know most users on that site do not write all about batteries in their first post.
Granted, a determined spammer could continue the fakery for several posts and try to build a persona. But my point is that by observing behavior over time, you've successfully raised the bar for spammers in a way that mostly doesn't impact users. A spammer can automate some of the work, but they have to make sure their bot never slips up in any of its interactions. A user just has to be themselves.
I’ve had similar thoughts about catching bots in MMOs. No matter how determined a bot operator is to look “real”, their bots are inevitably going to exhibit behavior patterns that are unlike those...
I’ve had similar thoughts about catching bots in MMOs. No matter how determined a bot operator is to look “real”, their bots are inevitably going to exhibit behavior patterns that are unlike those of any real player, and the more realistic the bots are made the less lucrative they become to run, so there’s always going to be tells that can be pattern matched on.
I presume MMOs are trying these things to some degree. If I were running an MMO, I'd be concerned not just about catching bad actors at account creation time, but also catching legit users who get...
I presume MMOs are trying these things to some degree. If I were running an MMO, I'd be concerned not just about catching bad actors at account creation time, but also catching legit users who get tired of grinding and install a bot/cheat/etc.
the more realistic the bots are made the less lucrative they become to run
Thanks for putting that into words so concisely. I hope it stays true for a while!
Can't answer for Tildes, but as someone who runs a federated instance, I can vouch for and agree with the sentiments of the author. I've seen a fair deal of obvious and less obvious LLM written...
Can't answer for Tildes, but as someone who runs a federated instance, I can vouch for and agree with the sentiments of the author. I've seen a fair deal of obvious and less obvious LLM written applications as well as ones where it's hard to tell. Luckily a report button exists and it's not that huge of an effort to ban/weed out bad actors. But I do see it as a problem which will get exponentially worse with time.
Indeed, although the difference with Tildes might be that it requires a bit more manual effort. My other interest was because, looking back, I wonder how "AI-like" my application, or others, have...
Indeed, although the difference with Tildes might be that it requires a bit more manual effort. My other interest was because, looking back, I wonder how "AI-like" my application, or others, have come off.
Did you directly email one of the admins an application or something? I got my account basically from posting "me too" or something equally low effort on one of the regularly-posted "who wants an...
Did you directly email one of the admins an application or something? I got my account basically from posting "me too" or something equally low effort on one of the regularly-posted "who wants an account" Reddit threads.
Yes, exactly. I always missed those threads so decided to reach out directly. I wonder which method of joining has brought more people on, it has to be peer-to-peer invites, surely?
Yes, exactly. I always missed those threads so decided to reach out directly. I wonder which method of joining has brought more people on, it has to be peer-to-peer invites, surely?
@cfabbro manages those invites and I believe that some time ago he said that pretty much anyone who sends a message gets in. Unless you have a Nazi Flag on your profile or something, you're in....
@cfabbro manages those invites and I believe that some time ago he said that pretty much anyone who sends a message gets in.
Unless you have a Nazi Flag on your profile or something, you're in. It's not a deep inspection.
Still is. :) I give a cursory glance at people's profiles using ModToolbox's History Button and Profile Pro features, and so long as I don't see any major red flags I send an invite.
Or at least that was the case some time ago.
Still is. :) I give a cursory glance at people's profiles using ModToolbox's History Button and Profile Pro features, and so long as I don't see any major red flags I send an invite.
The real solution -- and let me preface, I have no idea how we as a society get to a point of implementing it -- but the solution is the same as it has always been for business models that don't follow the rules.
Consequences. Real, consistent, financial consequences.
If someone sends you a spam email, they are fined $100. If a person working for a business creates a bot that lies and says it is not a bot when it signs up for something, that person and that entire company face significant civil penalties -- fines, revocation of business licenses, etc.
Yes, I know how the Internet works. I know there are whole industries devoted to this stuff, in countries that laugh at other countries' demands of civil penalties. And that's even assuming you can develop a system to reliably identify the originating parties.
Like I said, IDK how to change the Internet and/or our global society to be able to implement the solution.
I do believe we are on a road where "The Internet" is largely replaced by nation-bounded networks, each setting up their own rules, some more enforceable than others. That's the closest to an actual solution I see happening, looking at our current global arrangement.
But yeah ... barring real-world consequences, this never ends.
This statement alone describes so much of the nightmare that capitalism has inflicted upon us in an increasing intensity over the last fifty or so years. It can easily be applied to any of the various enshittifications we've experienced in our lifetime whether it comes to products sold directly by companies, to public spaces we frequent, or even to governments which supposedly represent us. The world has increasingly become devoid of consequences for problematic behavior, and everyone is paying the price.
Yes the profits are always private while the costs are public. A lot of the richest people in the world get huge subsidies and/or their employees are underpaid so they rely on public services.
This is basically the cheating problem in videogames, writ large - preventing cheating requires making the client trustable on the customer's PC that they have admin control on), which is not possible in a conventional security paradigm. F2P games make it impossible to permanently.ban cheaters, since a new account is free, but even paid games are limited to basically $50 for caught cheaters to get a new account.
Currently, EA etc are trying to push kernel-level anticheat, which gives the game company complete control over your computer (and doesn't really work on Linux, so they tend to just not support Linux) and is a huge security vector obviously. All to mitigate a problem that is impossible due to the assumptions in the problem as defined.
Meanwhile, South Korea has solved the problem quite nicely: you need a govt ID to sign up for online videogames (for reasons of videogame addiction laws), and anyone caught cheating will be fined by the govt. I think the fine is ~$1000 IIRC. Now the problem is reduced down to identity theft and keeping an eye on past offenders (if you didn't permaban them).
Well, the additional (and larger) problem with the Korean solution is the total loss of digital privacy.
You think that requiring a govt account system is worse privacy-wise than 1) having a corporate account system (the PSN in particular is notorious for having swiss cheese for security and privacy) and 2) having to install a literal rootkit whose behavior is opaque by design?
Yes. You can insulate yourself from consequences of those options failing by setting up a dedicated billing account or gaming machine that isn't linked to anything sensitive. This is far preferable to the government having the ability to log everything you do online and tie it to your real identity.
Look at it this way, the worst PSN can do is ban you, delete your account, and remove access to all your games.
What if the Government decides to outlaw JRPGs because they're a 'threat to humanity' and they know you bought the Hyperdimension Neptunia series on Steam? How are you gonna say "wasn't me" when they come knocking?
If the govt wanted to do that they would call up Sony, and ask for access to the PSN database to see if you're a threat to humanity. Or, y'know, just ask for access to that rootkit.
Meanwhile, at least in democratic countries, your government won't do that; if they do, then call up your local MP and complain.
To be honest, yeah. For one, the information Sony has is limited and so is their ability to do anything with that information. The government has ultimate power within their sovereignty in the end.
And, would I trust Sony to be better stewards of my data than the Trump administration? Yeah, yeah I would.
This is a controversial opinion, and I'm not even going to say that it's a good thing or that I trust them, but Google's idea for Web Environment Integrity may have been on to something. (in short, it was a DRM, but in theory it was a way to know if the browser surfing the web was a genuine person)
I think it's a bad idea that could be used for good effect. It's too bad I trust virtually no modern actors to wield such power.
enforcement that granular is nearly impossible, but yes. A lot of things in society would line up if companies were fined for action.
The other way to hold users accountable is to make them pay to opt in. SomethingAwful was known for this (10 bux) long long ago. You make a one time fee, it can even be as small as $1, and any enforcement does cost that user money. Ban evasion has a financial cost and pretty much eliminates spam as a concept.
At this rate with rampant spam and AI, I think it's inevitable that I eventually migrate to a "premium community" for these reasons.
The barrier to this is the consequences need to be applied to those who are least vulnerable to having enacted and enforced consequences. An FDR and Lincoln come by one in a while to kinda sorta equalize things, but the trend is always toward concentration of the means of production in the hands of a few.
Not sure the solution, either. Chop wood and carry water I suppose.
I live in Czech Republic and our (Czech) domain registry operator (as in Network information center, in this case CZ.NIC) made a service called MojeID. This service is completely voluntary, you can use it or you may not, up to you. This service let's you to register yourself using e-mail and from there you can add telephone number, your home address and go up to be fully authenticated as a real person in the real world (you have to go to he office to give consent to let CZ.NIC use your personal data for authenticating that you are indeed the person you deem to be). The level you authenticate to is up to you, you can stop with e-mail or you can add more. Why would you do that, you ask?
I can use MojeID (fully authenticated) to access my data on the state level (I can ask for renewal of my driving licence for example, or when Covid was everywhere I could have logged in and accessed proof that I had been vaccinated). I can also log in to e-shops and they ask for consent to get my information from MojeID (address to deliver orders etc.) and I can select to give it or to just use the service for log in purposes (and add the address the old way). E-shops and forums doesn't need high levels of authentication though.
Where I'm going with this - MojeID could easily act as the middle man for authenticating me to various other services. If my personal MojeID account has some problem (ie. lying, cheating in games, not paying for orders or whatnot) it could be flagged and I can't use it anymore until I redeem myself in some way (to my knowledge this isn't the case as of now, but I can see it being used/useful in this way). And because it can be connected to real person, this real person cannot make new account and could possibly bear the real consequences (ie. police investigation).
What I'm saying is there should be such a service for worldwide use. It should still be voluntary! But services (webpages) may opt-in and want you to have this service active to be able to participate or at the very least to be able to stand out as real person (once again - this being voluntary; if you wanted to have that "verified" badge).
Consider Tildes. I believe we are all real here, no bots (or if any, they are under control of someone trustworthy and they have their use). Why is that? Because we do just what I described - we allow only certain people in. We don't care about them being real or not having multiple accounts, we don't care about their real identity. But we have functioning system based on trust, we are actually middle man for our own website, we "verify" the access by sending invitations personally to people we (personally) know.
On the side note - Do I believe CZ.NIC isn't sharing my data on their own? Yes, I absolutely fully believe in that, they are very trustworthy nonprofit organization here, very capable, very technically advanced, they know what they're doing (they are the authors of Turris router for example which is a project where router owners may opt-in to capture various attack vectors on their router and share it with CZ.NIC to make defending against them easier). If such a service should become worldwide, it would have to carried out by such technically knowledgeable nonprofit organizations (like a consortium of them or whatever). If this existed, I would be using that. It would stand as a middle man for me and the website to handshake my identity without the website actually knowing it. There is no need for each country to make their own flawed systems if there could be one really good and robust one. Well, we have 14 competing standards...
Reasons why I use MojeID and why I would use such service worldwide are easy for me - I tend to conduct myself on the internet as I would have in real life. I'm not saying things I wouldn'ŧ say in person and I stand behind my words, even if I'm not right (meaning that I can accept being corrected on something and not hiding my previous error). I tend to use my nickname across the internet and if possible, I use MojeID for that as it verifies it is not someone else who just registered with my nickname for whatever purpose it may have (ie. false accounts to look like someone else and act on that fact). This is why I would use such a service if it was available worldwide. I would be the real Pavouk106 (verified) everywhere I register. This is what I miss on the internet - identity theft (or obfuscation or re-registering) is soooo easy! If it wasn't, it would bear consequences even for people that blatantly lie about things or try to cheat in games or whatever. But it must not be made by a state/country. This should be made by people who know something about it, hence why NICs could/should be the authority who makes it happen.
Tildes is mostly protected by being so small, and by Deimos keeping a lot of who's invited who: it takes a bit of effort to set up an account, and then spam links can be nuked pretty quickly.
Anything bigger and I truly believe the state needs to get involved like your MojeID. Even mediocre state authorities are still more trustworthy than the average spam farm.
The thing is that MojeID is not owned or controlled or managed by state. CZ.NIC might get (as a nonprofit) its funds from state, but it's not contrlled by it either (on a sidenote I think they actually have a lot of money). I really think that state shouldn't have anything to say into such things because it could be easily misused (ie. in case of political change). And if something like MojeID worked worldwide with many such nonprofit organizations behind it, it wouldn't be misused by any politics or states (well, at least not that easily).
At least we can dream of service like that.
And yes, Tildes is kept up to standard by at least Deimos. But I believe everyone of us thinks twice before sending invites thus doing their job to keep Tildes in shape. I sent none up to this day as I don't really have people who would be interested enough or who would be up to our standards here.
It's something several countries do, especially in Asia. But historically, the US has always denied attempts to create national ID. The Social Security was never designed for that, ut became a sort of backdoor for it ( a very weak one, at that).
But perhaps the digital age will play the US's hand. even a digital ID would solve a lot of problems if popular sites can integrate it.
The US already has ID.me, it's used by quite a few government agencies like the IRS
We have something in Singapore like this called SingPass, but administered at state level rather than by a third party like NIC- it’s a government run app which is tied to your national ID. It’s secure, stable and used to access both government functions (e.g. access to economic stimulus vouchers) as well as high security private functions e.g. submitting your personal date to insurers or banks.
In the Netherland we have something similar called DigiD used to log into government agency websites (taxes, student loans, etc) but also various other organizations like my health insurance, the portal used by my GP and pharmacy. It works quite well but, when you use it to log into a service it also provides your citizen service number, which is a unique identifier for each person and somewhat privacy-sensitive.
Ideally, if this was used for more than just the earlier mentioned agencies and services there would be a way for websites to authenticate you through the service without disclosing that ID.
Yes, unfortunately we were quite casual about using our national IDs as identifiers in all sorts of places until a few years back so now the official line is that the ID number and the physical itself is not secure information, it can be used to identify but not to verify, which can only be done through biometric systems like those the app uses.
Its a bit of a mess in terms of data protection admittedly, but the front end works great.
That's great! So it can be run by state as well!
Actually we have electroni ID cards here, it could be used like that too. If only state wouldinvest in it. But MojeID already does such thing so why bother... And banks jumped in as wel with BankID which can also tie the login with real.person.
Fellow Turris router user chiming in here, and yeah, I agree that CZ.NIC seems like a trustworthy venture.
In the comments following the article, someone suggested an annual membership fee as an effective way to weed out spammers. Is the marketing firm behind the LLM willing to invest fifty dollars to participate in a small independent website? Likely not.
I don't love this solution but I believe that it solves the problem.
I think requiring people to put some skin in the game solves a lot of problems.
I'll always have fond memories of the golden age of the internet when good discussion was free, but I don't mind paying if it preserves websites that still have that feel.
This is the place where I wonder what happened to microtransctions? There are plenty of sites where I wouldn't pay $5 to sign up, but I would pay ten cents to read the article or 1 cent to post a comment, assuming I can quickly process the transaction in a few clicks without crazy additional overhead.
I feel like a few of the larger newspapers could get together and bankroll this and it would be a win for them and everyone else. But maybe they would just jack fees up and try to own everything instead of letting it exist as a public good.
I mean, you can’t. At least if the money is coming from a bank account. Stripe’s pricing is 30c + 3%, so the transaction would cost more than the 10c. Of a dollar, a third would go to the payment processor.
Same story with crypto.
The only exception would be wallet systems where money never has to move from a bank. Bits flipping in a database is close enough to being free. Venmo, for instance, has no transaction fee. But adoption in the US is too low for that. You could probably try it in like China, where alipay is sufficiently used.
I imagine the way the micro transaction operator would work in that ecosystem is that a user would "top up" their account with $5 or so (with incentives to get them to fill it with more money at a time, to amortize those transaction fees). The site getting paid would get paid on a regular basis, or when their payments reached a certain level, also to amortize those fees. Eventually the micro transaction operator could get big enough to become their own bank / payment processor.
Flattr might have been ahead of it's time maybe?
Patreon might be able to expand their model to also include the possibility to pay for one-off content within their current user base (both creators and consumers)?
This makes me really wish HTTP 402 were adopted at all. Anywhere. I'd love to load up $5 into my browser and visit a news site for 2c, or post to a forum for .05 cents.
That's a financial issue. Transactions have a cost, and payment processors
(on top of charging merchants to begin with) tend to penalize vendors who charge very small amounts. $1 is effectively the minimum anyone can charge for any single transaction.
And of coursae, inflation doesn't help. a quarter for a newspaper doesn't go as far as it used to, even with digital media cutting printing costs.
Some authors on Substack will put part of their content behind a paywall and/or limit comments to paid subscribers, and they do have some success. But I think small forums without a good writer to attract new subscribers would have a tougher time of it. I’d worry that they won’t attract any new members at all.
Metafilter and Something Awful have a one-time $5 signup fee, and it seems to work pretty well. But they have also decades worth of activity and users, starting from scratch with a fee is practically impossible. Tildes way of doing it with invite only also seems to work reasonable well, but it doesn't remove the moderation problems with ever more sophisticated LLM bot users.
That is a good idea. It might drive off third-worlders like me with undervalued currencies though.
I hope other solutions can be found.
Your voice adds benefit and value to this community
There's tons of ways to address this. Tildes does referrals (or you can go out of your way to request for access).
Other things require phone number validation, or signup/subscription fees, or require a smart phone with hardware attestation (and usually a phone number too)... Etc.
Basically you raise the bar a bit where large scale spam isn't practical. It won't keep all the spam out, but that's never the point. It's to find that sweet spot that doesn't add too much friction to user signups but just enough so spam is curtailed to the point that moderation is still practical.
The other side of that coin is LLMs enable a type of real time moderation that was unthinkable before. A user can post something and an LLM can prescreen it and flag it for moderator approval. Overtime you can build a custom data set of allowed vs unallowed comments and tailor an auto mod to your specific site.
I like the idea of fighting LLMs with LLMs. It's not a perfect solution, but as the technology gets cheaper, it benefits the cat too, not just the mouse.
In general, I think spam filters and other behavior-observing approaches are underutilized. Look at the behavior that aphyr documented: just enough fakery to get in the door, and then the first post is something an LLM could easily flag. And actually, an LLM would be overkill. Even a simple Bayesian filter would know most users on that site do not write all about batteries in their first post.
Granted, a determined spammer could continue the fakery for several posts and try to build a persona. But my point is that by observing behavior over time, you've successfully raised the bar for spammers in a way that mostly doesn't impact users. A spammer can automate some of the work, but they have to make sure their bot never slips up in any of its interactions. A user just has to be themselves.
I’ve had similar thoughts about catching bots in MMOs. No matter how determined a bot operator is to look “real”, their bots are inevitably going to exhibit behavior patterns that are unlike those of any real player, and the more realistic the bots are made the less lucrative they become to run, so there’s always going to be tells that can be pattern matched on.
It’s a mystery to me why this hasn’t been tried.
I presume MMOs are trying these things to some degree. If I were running an MMO, I'd be concerned not just about catching bad actors at account creation time, but also catching legit users who get tired of grinding and install a bot/cheat/etc.
Thanks for putting that into words so concisely. I hope it stays true for a while!
I hope I'm not bothering you @Deimos ... have you received any applications to Tildes that you felt were AI written?
Can't answer for Tildes, but as someone who runs a federated instance, I can vouch for and agree with the sentiments of the author. I've seen a fair deal of obvious and less obvious LLM written applications as well as ones where it's hard to tell. Luckily a report button exists and it's not that huge of an effort to ban/weed out bad actors. But I do see it as a problem which will get exponentially worse with time.
Indeed, although the difference with Tildes might be that it requires a bit more manual effort. My other interest was because, looking back, I wonder how "AI-like" my application, or others, have come off.
Did you directly email one of the admins an application or something? I got my account basically from posting "me too" or something equally low effort on one of the regularly-posted "who wants an account" Reddit threads.
Yes, exactly. I always missed those threads so decided to reach out directly. I wonder which method of joining has brought more people on, it has to be peer-to-peer invites, surely?
@cfabbro manages those invites and I believe that some time ago he said that pretty much anyone who sends a message gets in.
Unless you have a Nazi Flag on your profile or something, you're in. It's not a deep inspection.
Or at least that was the case some time ago.
Still is. :) I give a cursory glance at people's profiles using ModToolbox's History Button and Profile Pro features, and so long as I don't see any major red flags I send an invite.
Also curious about this.
As far as I am aware almost no one is denied entrance on Tildes. Perhaps that changed with the development of LLMs.