22 votes

If Tildes goes public, how will it keep spammers away while still respecting privacy?

Right now google owned recaptcha literally looks at your browser history, data, including your google account, to determine whether or not you are human.

This isn't what Tildes can or should use.

How can Tildes keep bot accounts out w/o additional javascript?

52 comments

  1. [20]
    cadadr Link
    I don't think it is possible, not only for Tildes, but for any place. Spamming is not the old annoying thing it used to be, it has become some sort of warfare in this day. And even the big players...

    I don't think it is possible, not only for Tildes, but for any place. Spamming is not the old annoying thing it used to be, it has become some sort of warfare in this day. And even the big players are basically just skimming the foam off of the boiling pot that is all sorts of spam and organised manipulation. In Turkish twitter it can't handle apparently machine-generated tweets like "potato sandwich #SomeHashTag crisscross g-string pineapples" pushing that tag into trending topics.

    Honestly I hope Tildes stays the way it is now: publicly viewable, permanently invite only.

    28 votes
    1. [13]
      FZeroRacer Link Parent
      This is exactly how it should be. Once you open up the floodgates you start getting a lot more bad actors nowadays whose sole purpose is to spread objective bullshit. It's remarkably unfortunate,...

      This is exactly how it should be. Once you open up the floodgates you start getting a lot more bad actors nowadays whose sole purpose is to spread objective bullshit. It's remarkably unfortunate, but it's something I've seen growing across forums that can't manage their userbase at scale. As much as I keep harping on HN, they're a prime example of this occurring because the moderation team is seemingly scared of being more strict with their userbase.

      10 votes
      1. [8]
        hungariantoast Link Parent
        It's been beat to death already but I want to keep bringing up the idea that, were Tildes to enable open registration, there's no reason we couldn't revert that open registration system, or only...

        Once you open up the floodgates you start getting a lot more bad actors nowadays whose sole purpose is to spread objective bullshit.

        It's been beat to death already but I want to keep bringing up the idea that, were Tildes to enable open registration, there's no reason we couldn't revert that open registration system, or only keep it open for a limited amount of time or for a limited number of signups.

        Shoot, there's no reason we couldn't go back to requiring users to be logged in to view the site, if we really wanted to.

        Personally, I can't imagine that any period of open registration would last very long or accommodate very many new users, but especially during slower periods of the site's existence, I don't see why we shouldn't at least experiment with the idea, especially as a way to test the trust based moderation system.

        Because that's the thing, there's a lot of big talk about how resilient the trust based system should be and how we should be able to avoid an "Eternal September" but we really don't have any way of knowing that for sure unless we experiment with some controlled tests and maybe stress the community's ability to curate once or twice.

        Basically, I think we're going to need to rock the boat at least one good time to see if these ideas will really work, and more importantly, how to improve them. Open registration in controlled bursts is a good way to do that.

        29 votes
        1. Amarok Link Parent
          This is likely to happen. It works for metafilter, it works for many private trackers, it's a proven method. Plus, I do like the indignation of a crowd showing up and seeing the door slammed shut...

          This is likely to happen. It works for metafilter, it works for many private trackers, it's a proven method. Plus, I do like the indignation of a crowd showing up and seeing the door slammed shut in their faces. :D

          11 votes
        2. [5]
          Nitta Link Parent
          If every 5th account is a spam one, then opening registration for 1000 accounts will bring 200 spammer ones in. What's typically done after that? Is the benefit from letting let's say 400 shy...

          If every 5th account is a spam one, then opening registration for 1000 accounts will bring 200 spammer ones in. What's typically done after that? Is the benefit from letting let's say 400 shy people (who wouldn't get invites otherwise) in still justifying the ingress of 200 spammers? I hope I don't misunderstand this all too much.

          4 votes
          1. hungariantoast Link Parent
            Well, in order for spammers to do their thing, they need to be somewhat active and their activity leaves a trail that can be followed. Ideally, moderators would be able to pick up on that fairly...

            Well, in order for spammers to do their thing, they need to be somewhat active and their activity leaves a trail that can be followed. Ideally, moderators would be able to pick up on that fairly quickly and elevate the issue higher up the chain until someone takes administrative action.

            However, even if the moderation system fails to eliminate bad accounts in a satisfactory way, that still leaves a lot of useful data for improvements to be made with.

            As far as whether or not 200 spam accounts are worth 400 lurkers, it really comes down to how effectively they can be handled. If the 200 spammers can get squashed by the moderation system without rocking the boat, then there really isn't much of a reason to not want 400 new lurkers.

            If those 200 spammers do rock the boat, then it really comes down to how effectively the moderation system can be adjusted to deal with that kind of stuff in the future to decide if it's worth it or not.

            If Tildes just goes to shit for 24 hours with bots, spammers, and all kinds of bad accounts running rampant, but it eventually gets squashed and the system gets improved so that it could easily deal with a similar situation later on, then I think it would be worth it, but only if we learn from it.

            Of course, we also don't need real humans to generate problems for the site, test them, or solve them, but that's an entirely different conversation (and one I'd love to explore someday).

            Alternatively, if the return rates from open registration really are so bad and Tildes doesn't find itself needing new users (as in, the invitation system keeps the influx nice and manageable), then I don't really see a reason to enable open registration, unless we just wanted to (and I kind of want to, at least once, for just a little bit, but that's just me).

            Sure, open registration might give us good data to polish the moderation system, but if it doesn't need polishing if we were to just preserve the invitation system, then we're solving a problem that we created, for reasons that didn't exist. There's also the issue that improvements to the moderation system brought on by data from open registration might not translate to solving issues with other parts of the site.

            Sorry, but the best answer I can give is "it depends."

            6 votes
          2. [3]
            Amarok Link Parent
            The way Tildes maps the invite tree, finding any single one of these spammers is going to expose all of them, and the users, codes, and links used to bring them in, which can then all be vetted by...

            The way Tildes maps the invite tree, finding any single one of these spammers is going to expose all of them, and the users, codes, and links used to bring them in, which can then all be vetted by the admins. The only way for a spammer to avoid this is to avoid spamming, or to spam in such a way that no one can tell they are spamming, in which case I don't see it as a problem. The rules on clearly labeling self promotion will also help with this.

            Most spam is coming from artificial stupids, and those simplistic engines only work on places with no quality control or reputation or consequences attached to the user accounts (like reddit). Tildes isn't one of those places. As for humans who are being paid to spam, they'll have to learn how to spam without being noticed, which is kinda the opposite of the purpose of spam. The only real option they have here is 'honesty in promotion' which means clearly labeling their content as such. Failure to do so will bring the hammer down.

            It's going to be interesting watching spammers break like waves on this system, which is something they've never encountered before, designed to take away all of their power. Spammers are going to have to be very, very clever here - and I doubt most of them are, or they'd be finding a more profitable and productive use of their mental faculties than working for some click-farm.

            Spam is not hard to beat. It's just that no one ever really tries.

            3 votes
            1. [2]
              Wes Link Parent
              All of this assumes the existence of an invite tree, though. I think realistically Tildes will eventually be open to registration, and traditional spam-fighting methods will be necessary.

              All of this assumes the existence of an invite tree, though. I think realistically Tildes will eventually be open to registration, and traditional spam-fighting methods will be necessary.

              1 vote
              1. Amarok Link Parent
                Not exactly traditional, by then the trust system should be watching how accounts behave - and this goes beyond just what you post and say and vote on and what reputation is earned. It'll also be...

                Not exactly traditional, by then the trust system should be watching how accounts behave - and this goes beyond just what you post and say and vote on and what reputation is earned. It'll also be watching ip addresses, frequently posted/spammed sites, copypasta in submissions and comments, and probably a whole pile of other criteria we haven't even thought up yet.

                1 vote
        3. DashEquals Link Parent
          Another idea is something that many Mastodon instances are using: application-only entry. If you have to apply for entry, most low level spammers will get left out, while those that get approved...

          Another idea is something that many Mastodon instances are using: application-only entry. If you have to apply for entry, most low level spammers will get left out, while those that get approved will get banned quickly. For a legitimate user, on the other hand, applying wouldn't be too much of a hassle.

          4 votes
      2. [4]
        UntouchedWagons Link Parent
        But what would prevent a bad actor from getting an account, inviting 5 other bad actors and they each invite 5 bad actors etc...

        But what would prevent a bad actor from getting an account, inviting 5 other bad actors and they each invite 5 bad actors etc...

        1 vote
        1. Tau_Zero Link Parent
          While hidden to us end users, the invitation relationships are tracked and visible to Tildes admin. When a user is found to be a bad actor, it's easy to scrutinize the full "family tree" the user...

          While hidden to us end users, the invitation relationships are tracked and visible to Tildes admin. When a user is found to be a bad actor, it's easy to scrutinize the full "family tree" the user belongs to and, if necessary, kill the entire thing (or, less severe, prevent any of them from inviting)

          18 votes
        2. [2]
          cfabbro (edited ) Link Parent
          Yeah, as @Tau_Zero said, "Invited by" used to be publicly visible but was hidden due to privacy concerns, however it's still tracked internally. So, while there is nothing stopping bad actors from...

          Yeah, as @Tau_Zero said, "Invited by" used to be publicly visible but was hidden due to privacy concerns, however it's still tracked internally. So, while there is nothing stopping bad actors from doing that... there is also nothing stopping Deimos from chopping the invite trees down whenever he discovers a rotten one.

          And also worth keeping in mind is that Deimos was the anti-evil engineer at reddit for quite some time, so he knows what he is doing when it comes to detecting bad faith actors and spam networks.

          8 votes
          1. Amarok Link Parent
            He's still the anti-evil engineer. He just went freelance. ;)

            He's still the anti-evil engineer. He just went freelance. ;)

            5 votes
    2. Hypersapien Link Parent
      Metafilter charges a one-time $5 fee to sign up. You can read but not post without signing up. That tends to keep the bots out.

      Metafilter charges a one-time $5 fee to sign up. You can read but not post without signing up. That tends to keep the bots out.

      2 votes
    3. [5]
      NaraVara Link Parent
      Eventually that'll break down too. Once a patient spammer gets in they can slowly bring more and more spammers in. Who knows if it's actually worth it to be a patient spammer though. Their whole...

      Honestly I hope Tildes stays the way it is now: publicly viewable, permanently invite only.

      Eventually that'll break down too. Once a patient spammer gets in they can slowly bring more and more spammers in.

      Who knows if it's actually worth it to be a patient spammer though. Their whole business model is based on a shotgun approach.

      1 vote
      1. [3]
        cadadr Link Parent
        This way it is quite easy to take them down, tho. We know who brought who, and who creates faux accounts for ill purposes. If we make sure it does not grow out of hand (i.e. not too fast), then we...

        This way it is quite easy to take them down, tho. We know who brought who, and who creates faux accounts for ill purposes. If we make sure it does not grow out of hand (i.e. not too fast), then we can rather easily deal with it. Whereas with public registration people come from nowhere and everywhere, and not data is there to link one to another.

        9 votes
        1. [2]
          NaraVara Link Parent
          Yeah I didn't realize when I posted that Deimos can track the whole "family tree" of each member. That seems like a good way to do forensics on brigading. It does seem like a lot of work though,...

          Yeah I didn't realize when I posted that Deimos can track the whole "family tree" of each member. That seems like a good way to do forensics on brigading.

          It does seem like a lot of work though, so I wonder how it can scale.

          6 votes
          1. cfabbro (edited ) Link Parent
            It's significantly less work and easier to detect than when there is no obvious connections between accounts, like on reddit. And on reddit a user can just create a new account immediately after...

            It does seem like a lot of work though, so I wonder how it can scale.

            It's significantly less work and easier to detect than when there is no obvious connections between accounts, like on reddit. And on reddit a user can just create a new account immediately after they are banned, but thanks to invite only here, bans actually have teeth and it takes far more effort and requires subterfuge to rejoin the community.

            7 votes
      2. hamstergeddon Link Parent
        With invite-only comes a lower (and hopefully more active?) population on the site, which means less appeal to spammers. I think the trick would be to find a sweet spot where the population is low...

        With invite-only comes a lower (and hopefully more active?) population on the site, which means less appeal to spammers. I think the trick would be to find a sweet spot where the population is low enough to not appeal to spammers, but high enough to maintain a healthy community.

        You outright cannot keep spammers out, they will find a way in. But you can mitigate their impact and how much the site appeals to them.

        4 votes
  2. [20]
    lionirdeadman Link
    From my knowledge it can't look at browser history unless through your google account.

    Right now google owned recaptcha literally looks at your browser history, including your google account, to determine whether or not you are human.

    From my knowledge it can't look at browser history unless through your google account.

    8 votes
    1. [13]
      Adys Link Parent
      Yeah it can't. I'm not sure where this is coming from. Google's Recaptcha is probably the better solutions out there in terms of stopping spam on any public forum, but it is problematic for other...

      Yeah it can't. I'm not sure where this is coming from. Google's Recaptcha is probably the better solutions out there in terms of stopping spam on any public forum, but it is problematic for other reasons such as the false positives with Tor. It's really not that bad privacy wise, but people freak out because the results of the captchas benefit Google. I think Google should release those results for the public but we don't live in that world right now.

      I kinda wish Cloudflare would do an antispam solution, they have a lot of the tools they need to do that.

      12 votes
      1. [9]
        cwagner Link Parent
        ReCaptacha is horrible. In most cases when I encounter it and the checkmark-check doesn't work, I decide the site is not that important. I really don't feel like wasting my time on the Sisyphean...

        ReCaptacha is horrible. In most cases when I encounter it and the checkmark-check doesn't work, I decide the site is not that important. I really don't feel like wasting my time on the Sisyphean task of clicking a lot of images for several minutes. People who don't use chrome with a logged in google account don't understand how horrible it is.

        5 votes
        1. [6]
          kfwyre Link Parent
          Can confirm. I also suspect that it's biased against non-Chrome browsers independent of being logged in to a Google account. I use Firefox with some privacy addons as my default browser, and I...

          Can confirm. I also suspect that it's biased against non-Chrome browsers independent of being logged in to a Google account.

          I use Firefox with some privacy addons as my default browser, and I will get some ReCaptchas that simply will not let me through. I'll spend a good minute clicking stairs, then cars, then second-guessing what counts as a "storefront" based on the limited view from a tiny, grainy thumbnail, and then it will simply fail and restart. I can do this again and again to no avail. Even if I carefully perform whatever tasks it demands to perfection each and every time, it simply will not go through. I suspect it has me in an "unwinnable" state based on my configuration and whatever it deems to be unacceptable about it. Probably Firefox.

          Because if I switch over to Chromium it'll let me through despite having a nearly identical setup on that browser. Works every time, to the point that I keep Chromium installed not because I use it regularly but because I need it around to be able to get into a few of my reCaptcha-walled accounts.

          10 votes
          1. cwagner Link Parent
            Try the audio file. It feels like there is no verification whatsoever because the audio is as audible as the pictures are clear, but whatever I type gets accepted (for some reason audio doesn't...

            Try the audio file. It feels like there is no verification whatsoever because the audio is as audible as the pictures are clear, but whatever I type gets accepted (for some reason audio doesn't work all the time though).

            5 votes
          2. [3]
            3_3_2_LA Link Parent
            I use this extension and it has worked well for me. It uses voice dictation to decode the audio file and solves the audio challenge: Buster: Captcha Solver for Humans

            I use this extension and it has worked well for me. It uses voice dictation to decode the audio file and solves the audio challenge: Buster: Captcha Solver for Humans

            4 votes
            1. [2]
              Soptik Link Parent
              Once you encounter voice recaptcha, you can get through it. I've never experienced voice recaptcha that made you fill more than one captchas. On the other hand, if google doesn't like you (what's...

              Once you encounter voice recaptcha, you can get through it. I've never experienced voice recaptcha that made you fill more than one captchas. On the other hand, if google doesn't like you (what's this weird browser that has no google cookies, blocks fingerprinting, says it's chrome on windows (while it lacks chrome features) and blocks analytics scripts?), the captcha simply doesn't have voice version. If you click on the voice button, it simply says that this computer might be sending automated queries and to try that later.

              Today, every time I encounter recaptcha, I first check if it offers me voice captcha. If it doesn't, there's no point trying to solve it.

              Anyway this extension looks really good! Thank you for the link. Here's the extension in firefox store.

              5 votes
              1. cfabbro (edited ) Link Parent
                God help you if you use a VPN with a shared IP too. If you do, recaptcha is annoying as hell, often requiring multiple solves before it finally accepts you're human, and it often shows up as a...

                what's this weird browser that has no google cookies, blocks fingerprinting, says it's chrome on windows (while it lacks chrome features) and blocks analytics scripts?

                God help you if you use a VPN with a shared IP too. If you do, recaptcha is annoying as hell, often requiring multiple solves before it finally accepts you're human, and it often shows up as a barrier on even the most common of actions... repeatedly. :/

                I am definitely going to check out that Firefox version and see if it works, so thanks for that.

                5 votes
          3. brighteyes720 Link Parent
            One thing I feel works best is don't think too much. Go for the first instinct, generally that let's you go through.

            One thing I feel works best is don't think too much. Go for the first instinct, generally that let's you go through.

            2 votes
        2. [2]
          lionirdeadman Link Parent
          As a Firefox and Gnome web user, I can confirm this too but it would only be on signup theoretically so it wouldn't be that bad, you'd only need to go through hell once.

          As a Firefox and Gnome web user, I can confirm this too but it would only be on signup theoretically so it wouldn't be that bad, you'd only need to go through hell once.

          2 votes
          1. cwagner Link Parent
            My reflexive revulsion upon seeing someone promoting ReCaptcha made me miss that ;) Yeah, you are right. I'm usually okay when it's for registration only.

            My reflexive revulsion upon seeing someone promoting ReCaptcha made me miss that ;) Yeah, you are right. I'm usually okay when it's for registration only.

            2 votes
      2. zaarn Link Parent
        Recaptcha isn't that effective anymore. I have the Firefox Addon "Buster" installed, which solves them automatically. It has been working without any issue (other than the occasional badly filled...

        Recaptcha isn't that effective anymore. I have the Firefox Addon "Buster" installed, which solves them automatically. It has been working without any issue (other than the occasional badly filled out captcha, which is always resolved by trying again) since start of this year.

        4 votes
      3. lionirdeadman Link Parent
        Honestly, I think Google and Cloudflare are terrible for the web because of how much power it gives them on what is supposed to be a free-for-fall. They control and have way too much information...

        Honestly, I think Google and Cloudflare are terrible for the web because of how much power it gives them on what is supposed to be a free-for-fall. They control and have way too much information on everyone and it's kinda disturbing.

        3 votes
      4. Nmg Link Parent
        I'm no expert. I listened to a Planet Money podcast on how recaptcha works. If you have more pertinent information, feel free to correct me.

        I'm no expert. I listened to a Planet Money podcast on how recaptcha works.

        If you have more pertinent information, feel free to correct me.

    2. [4]
      Wes Link Parent
      I'm pretty sure you're right. There's no mechanism that I know of that reCaptcha would be able to access your browser history. Even the old tricks like making visited links to see if they're...

      I'm pretty sure you're right. There's no mechanism that I know of that reCaptcha would be able to access your browser history. Even the old tricks like making visited links to see if they're purple have been patched out by browsers.

      Google themselves might have access to that information through Chrome's session sharing (eg. synced tabs), but not as a JS-level feature.

      6 votes
      1. [2]
        Diff Link Parent
        They do check your Google account though. I'm pretty sure I remember Google advertising that fact on one of their pages for Recaptcha. And if it's asking Google whether the JS-visible factors are...

        They do check your Google account though. I'm pretty sure I remember Google advertising that fact on one of their pages for Recaptcha. And if it's asking Google whether the JS-visible factors are suspicious, no reason your browsing history and other account data can't factor in on the other JS-invisible end.

        6 votes
        1. lionirdeadman Link Parent
          Yup, but then that's not reCaptcha being privacy-invasive, you already gave that information to Google by using your Google account in Chrome, that's the point.

          Yup, but then that's not reCaptcha being privacy-invasive, you already gave that information to Google by using your Google account in Chrome, that's the point.

          5 votes
      2. lionirdeadman Link Parent
        Yeah, through Chrome's google account feature it could be used but really, at that point they already had the information so it's not any more privacy-invading than it was when you decided to sync...

        Yeah, through Chrome's google account feature it could be used but really, at that point they already had the information so it's not any more privacy-invading than it was when you decided to sync your browser information with them.

        2 votes
    3. [2]
      teaearlgraycold Link Parent
      If you browse the web signed into Chrome then Google knows your browsing history. I'm sure they look at that data during the reCaptcha.

      If you browse the web signed into Chrome then Google knows your browsing history. I'm sure they look at that data during the reCaptcha.

      3 votes
      1. lionirdeadman Link Parent
        Then your information was stored in the google account, it doesn't actually look at the browsing history of the browser, it just happens that both are the same because you gave them that...

        Then your information was stored in the google account, it doesn't actually look at the browsing history of the browser, it just happens that both are the same because you gave them that information by being logged into your google account in chrome.

        2 votes
  3. [8]
    Eva Link
    Javascript isn't by-default a negative thing; regardless, Tildes isn't likely to need complex anti-spam features for the foreseeable future, even after going "public." There's not a large enough...

    Javascript isn't by-default a negative thing; regardless, Tildes isn't likely to need complex anti-spam features for the foreseeable future, even after going "public."

    There's not a large enough user-base for it to be worth writing custom scripts for spamming with, and it's not using software as a base that already has said scripts written for it. Beyond that, the trust system (when implemented) and standard rate-limiting should be fine.

    6 votes
    1. [6]
      tindall Link Parent
      No, but ReCAPTCHA is one of the worst things to happen to the internet. It's slow, it's bandwidth-intensive, it's very inaccessible for users who have visual impairments or motor impairments or...

      No, but ReCAPTCHA is one of the worst things to happen to the internet. It's slow, it's bandwidth-intensive, it's very inaccessible for users who have visual impairments or motor impairments or are in a headless browser for some reason (it happens!), sometimes it breaks even in up-to-date Firefox and leaves users with no way to authenticate, and it forces users to do free labor for Google. Text CAPTCHA is a good alternative.

      2 votes
      1. [2]
        mat Link Parent
        It's not perfect by any means, especially for accessibility, but it's a long way from one of the worst things to happen to the internet. I used to run a moderately popular site which was slowly...

        ReCAPTCHA is one of the worst things to happen to the internet.

        It's not perfect by any means, especially for accessibility, but it's a long way from one of the worst things to happen to the internet. I used to run a moderately popular site which was slowly being buried in spam, despite my best efforts otherwise, including using things like textCaptcha and writing my own bot-detection stuff. Then I installed reCaptcha and the spam ended. Almost completely, overnight. Same for probably millions of other sites.

        7 votes
        1. Wes Link Parent
          Can confirm. It's one of the only anti-spam techniques I've found that works, and works well. If I don't use it on a contact form, that form receives thousands of spam messages and gets my server...

          Same for probably millions of other sites.

          Can confirm. It's one of the only anti-spam techniques I've found that works, and works well. If I don't use it on a contact form, that form receives thousands of spam messages and gets my server blocked by blacklists.

          2 votes
      2. [2]
        NeoTheFox Link Parent
        I also have an issue with being used to train the AI for Google. I swear, some times I get extra time for the ReCAPTCHA, I hate when it does "select the X on pictures", but instead of having that...

        I also have an issue with being used to train the AI for Google. I swear, some times I get extra time for the ReCAPTCHA, I hate when it does "select the X on pictures", but instead of having that grid of squares it just fades the one I clicked on and shows another, very slowly. It's really irritating.
        There had been an interesting idea floating around - just do away with any human/non-human verification, and instead make a captcha-like crypto solver that would load your CPU really badly for a few seconds. This would mean a minor stutter for users on their PCs, but it would significantly drive up the expenses for people trying to spam. You can also make the solution harder exponentially if you send multiple requests from the same IP. It's not a "green" solution, but it should work.

        3 votes
        1. Amarok Link Parent
          Heh, that's an interesting idea I've never seen before. Wonder if we could figure out how to make those cpu cycles do something productive too.

          Heh, that's an interesting idea I've never seen before. Wonder if we could figure out how to make those cpu cycles do something productive too.

          4 votes
      3. Eva Link Parent
        I'm aware of what ReCAPTCHA is and why it's disliked - I'm no fan myself (and as a uMatrix user, certainly aware of all of the ways it breaks)! But I was specifically referring to a claim in the...

        I'm aware of what ReCAPTCHA is and why it's disliked - I'm no fan myself (and as a uMatrix user, certainly aware of all of the ways it breaks)! But I was specifically referring to a claim in the original post, note.

        2 votes
    2. Nmg Link Parent
      Tildes is intended to be functional without JavaScript, however.

      Tildes is intended to be functional without JavaScript, however.

      1 vote
  4. [4]
    Bullmaestro Link
    I don't think there's a simple solution other than to keep Tildes invite-only and keep it as an ever growing private community. The benefit of this approach is that it's easy to remove spam. If...

    I don't think there's a simple solution other than to keep Tildes invite-only and keep it as an ever growing private community. The benefit of this approach is that it's easy to remove spam.

    If you add ReCAPTCHA support, bots will evolve to crack its challenges. In fact, this has already been possible since 2017 which renders Google's technology obsolete.

    Require phone verification like with Dota 2 ranked matchmaking and this will lead to Tildes holding more personal information on the end user which is a privacy concern for those seeking a quality alternative to Reddit. This can also be easily bypassed through the use of burner phones.

    Even doing a SomethingAwful or a Steemit and paywalling registration in some way won't get rid of spammers. It may give them a buy in requirement but it sure doesn't stop them from causing havoc. Just look at the sheer amount of hackers and botters present in premium games like Overwatch and WoW - where a high buy-in price or even a subscription fee does not act as a deterrent.

    Look on the bright side, let's say that hypothetically Reddit implodes within the next few weeks, perhaps through the admins shutting down a popular subreddit or by forcing their loathed redesign upon the community (much like how Digg fell.) Would you really want an exodus of Redditors magnitudes higher than the entire Tildes community flooding into here and driving down the quality of any discussions?

    5 votes
    1. [3]
      cfabbro (edited ) Link Parent
      For the record I have actually shut down invite threads on /r/tildes before when that happened and will likely continue to keep doing that. I don't want people coming here for the wrong reasons or...

      Look on the bright side, let's say that hypothetically Reddit implodes within the next few weeks, perhaps through the admins shutting down a popular subreddit or by forcing their loathed redesign upon the community (much like how Digg fell.) Would you really want an exodus of Redditors magnitudes higher than the entire Tildes community flooding into here and driving down the quality of any discussions?

      For the record I have actually shut down invite threads on /r/tildes before when that happened and will likely continue to keep doing that. I don't want people coming here for the wrong reasons or with the wrong impression of the site either. This is not a reddit replacement and many of the quarantined and banned subs (and the content posted in them) would not be welcome here either.

      And if/when Tildes does go open registration, it's probably not beyond the realm of possibility that Deimos will temporarily shut down registration here too (similar to a torrent tracker or Metafilter) if/when another mass exodus from another site happens in order for Tildes to ride out the storm.

      9 votes
      1. MetArtScroll Link Parent
        I would add that even Voat shut down open registration during the recent exodus of certain banned subreddits.

        I would add that even Voat shut down open registration during the recent exodus of certain banned subreddits.

        4 votes
      2. Bullmaestro Link Parent
        And Deimos has very good reason to keep the site locked down. Just look at what happened to Voat after racist communities were purged from Reddit. The site pretty much became another Stormfront.

        This is not a reddit replacement and many of the quarantined and banned subs (and the content posted in them) would not be welcome here either.

        And Deimos has very good reason to keep the site locked down. Just look at what happened to Voat after racist communities were purged from Reddit. The site pretty much became another Stormfront.

        1 vote