New Discourse forum accounts

@guystewart responded to me in old forum and I missed it because it doesn’t notify its users. Whole point is to move the discussion here so I aswer here as well.

https://community.victronenergy.com/questions/315968/announcing-the-new-community-starting-with-modific.html

image

Email verification doesn’t solve anything, you can pull new addresses like hand tissue every time you need and throw it away. And service owners are the ones who crawl colleting these used tissues.

This very issue was studied and understood in Sweden (IDENTIFIERING OCH IDENTITET I DIGITALA MILJÖER, based on US and German work) in SEIS-project and they found out that merging virtual network subjects to real life requires some link in between SEIS – DigiWiki

However, they did nothing about it. Then came the Finns who actually created personal X.509 certificates but didn’t use them. Estonians followed this whole comedy aside (1990 - 2002) and copied the Finnish work and started using it. Now they save 2% of their GDP and whole world (Norway, Japan, Ukraine, Africa, Middle-East) visit Estonia and study what and how they did it.

The key answer that Swedes found out is implemented here today eIDAS Dashboard Supporting these strong methods would give you, what - 450 million people from EU area.

But that doesn’t solve the spam issue as long there are less strong methods to create accounts and start posting. That combined to the wide variety of authentication methods, the answer should be something in between, just like when fighting SMTP-spam. Some gray area, like treating accounts and posting differently depending their link to real life and behaviour history.

How all that is done in each platform, is a good question. But the legos are there.

There is no silver bullet, it’s all a calculus of cost:benefit for the spammers, and for us to control it.

Any extra tool we have (like captchas, keyword filtering, pattern identification, etc etc) raises the cost and complexity required for spammers to target us, and reduces their return for doing so.

This site is still brand new so not a target yet, but there are some additional tools in the toolbox here that should help tilt the scales further in our favour.

1 Like

Sure, but I hope the Captcha is not the way to go. They have become so hard that I fail them frequently.

Typically only if there is some other flag for your account that it has a reason to suspect you

A second line of defence

Just like the stronger auth methods I linked to eIDAS QWAC Trust list above. That would remove everyone using them out of the suspected group.