242

Raddle Needs Protection Against Vote Manipulation

Submitted by dele_ted in meta

Raddle seems to be growing pretty quickly, which means it'll soon begin to attract attention from our enemies. To avoid a complete shitstorm when a techy fascist finds out about us, we should put some better measures in place to protect against vote manipulation. Here's my suggestions:

  • Update the captcha on the sign-up page, it can be solved somewhat easily with a variety of Python libraries

  • Make sure that one email can't make more than one account. Right now you can make as many accounts as you want using only one email.

  • Require email confirmation before allowing voting and posting.

  • Make a cooldown on account creation, possibly by IP-banning (not sure if that goes against Raddle's privacy policy though...)

There's probably a lot more we can do, but this is a good start. I made a simple Python script that creates accounts and mass-upvotes using the zombie accounts in an hour or so, and it's way too easy. Let's prepare for an attack before it gets here.

Comments

You must log in or register to comment.

19

ziq wrote (edited )

We're not going to require users provide an email address - That would go against everything the site stands for.

Vote manipulation isn't a big deal since the algorithm gives far more weight to comments than votes. And if spam bots are commenting, we'll quickly see it and remove their comments.

IPs are only stored (for 24 hrs) if the user is untrusted. We mark users as trusted as soon as they post; assuming they're not a spammer. So we can IP ban spam accounts. But since they all use Tor, it's pretty pointless.

2

dele_ted wrote

What's the point of the email field when registering then?

People still consider votes to be of importance when scrolling through posts, and tend to be more positively oriented towards posts with a higher number of upvotes than usual. One single user can control, to a pretty large extent, what people see on here; this user can control what people notice first, and drive posts that he doesn't want people to see into the ground.

Maybe it's not needed now, but i think it will become a necessity if Raddle keeps growing.

13

ziq wrote (edited )

What's the point of the email field when registering then?

The registration page explains that. It's optional; for in case you forget your password and need to reset it. The reset link is sent to the email address if you provide one.

Putting restrictions on the usage of the site to fight potential vote manipulation would be like cutting off your nose to spite your face. Just ignore the votes, they're meaningless anyway. Hierarchies are for fools.

Pretty impressed by your bot though :)

6

dele_ted wrote

That's the perfect attitude towards voting systems, i can see what you mean. I just assumed votes was treated much like they are on Reddit. Glad to see it being done properly.

Thanks! It was pretty fun to make, i love having small projects such as this to cool down after a long day.

-133

ziq wrote (edited )

Can I get my 200 downvotes now?

I'll get it kickstarted..

Fuck Chomsky.

11

Defasher wrote

Really though, Chomsky is shit. Bloke needs to get off his pedestal.

7

Ant wrote (edited )

This was fun

dellitsni now holds the new record for most upvotes on a post!

Meaningless records are among the best kind

So far as vote manipulation goes, I think it's worthwhile to keep an eye out against in at least this kind of case: Where it's used to systematically demoralise raddle posters in general or individual posters on raddle as part of a divide and conquer approach. Here there would not be 200+ votes in one go, just the right amount of downvotes well-placed

8

Defasher wrote

I saw emma undo downvote brigades before, back when we were on voat's radar. Thank Soros for our renewed obscurity.

5

dele_ted wrote

I'm very honored to be the lucky holder of this completely useless record, thank you!

Exactly, I'm just worried that it'll be used stealthily to destroy the otherwise very comfortable atmosphere we have around here by carefully downvoting here and there, downvoting new users etc. But i think ziq is right, we need to change our attitude towards these votes altogether.

2

boringskip wrote

Maybe a CAPTCHA with java script GPU-resistent proof-of-work, like Scrypt.

2

emma wrote (edited )

BORN TO DIE

WORLD IS A FUCK

鬼神 Kill Em All 1989

I am trash man

410,757,864,530 DEAD COPS

2

dele_ted wrote (edited )

I started writing one, and i think it's entirely possible, but i was a little too lazy and ended up just making it fill out the fields abd so on, and solving captchas manually.

4

emma wrote (edited )

BORN TO DIE

WORLD IS A FUCK

鬼神 Kill Em All 1989

I am trash man

410,757,864,530 DEAD COPS

4

dele_ted wrote

Yep, it didn't take too long, probably around ten minutes.

2

emma wrote (edited )

BORN TO DIE

WORLD IS A FUCK

鬼神 Kill Em All 1989

I am trash man

410,757,864,530 DEAD COPS

3

dele_ted wrote

As long as the community is this small, it wouldn't be much more than a step on the way. As little as ten accounts can have a huge effect right now.