search

Bioconductor / legacy.support.bioconductor.org

LEGACY!!! Bioconductor's fork of the BiosStar Q&A site. This repo was used prior to Oct 2020. See support.bioconductor.org for ACTIVE site maintenance!
http://www.biostars.org/
Other
3 stars 4 forks source link

User account identity management #60

Open wolfganghuber opened 5 years ago

wolfganghuber commented 5 years ago

As there are recurrent spam posts from user accounts that appear to have specifically created for that purpose, or that have been hacked(?), do we want more stringent identity management - e.g. partner with an identity management provider that links IDs to real people, or uses mainstream logins like github, google, facebook?

I haven't thought through this well, nor the possible consequences for people, e.g., in China or Iran.

mtmorgan commented 5 years ago

Users sign up using social logins (Google, etc) to create accounts, or use email signup that requires a reCAPTCHA confirmation. I'm not sure that there are other approaches to lock this down, maybe @ialbert has some further insight?

In addition to the spam posts, there are users who create a profile that contains spam profile information and are seeming happy to leave it at that -- no posts, etc.

ialbert commented 5 years ago

we had that problem of profile spam as well.

On the main site we do not display the profile information for new users, a user must have gotten at least one upvote to have their profile displayed https://github.com/ialbert/biostar-central/blob/master/biostar/server/templates/user_details.html#L165

On Mon, Jan 14, 2019, at 11:49 AM, Martin Morgan wrote:

Users sign up using social logins (Google, etc) to create accounts, or use email signup that requires a reCAPTCHA confirmation. I'm not sure that there are other approaches to lock this down, maybe @ialbert[1] has some further insight?> In addition to the spam posts, there are users who create a profile that contains spam profile information and are seeming happy to leave it at that -- no posts, etc.> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub[2], or mute the thread[3].

Links:

  1. https://github.com/ialbert
  2. https://github.com/Bioconductor/support.bioconductor.org/issues/60#issuecomment-454075637
  3. https://github.com/notifications/unsubscribe-auth/AAC0qexZt0zNVqeiJvLQpIVYQiT2qYY7ks5vDLUGgaJpZM4Z8reo
lshep commented 5 years ago

Thanks @ialbert - I'll look at reimplementing this!

lshep commented 5 years ago

Reimplemented - I altered slightly instead of the second exception to be is_moderator to be target.status = 1 which is the trusted user indication.

mtmorgan commented 5 years ago

It looks like these faux users add links to other parts of their profile, like twitter handle and even 'location'. oops, maybe that's visible to me as I moderate them, but not visible to others... sorry for that noise)

In addition to the new user business, what about implementing a moderation flag for first posts -- they must be moderator-approved, rather than being automatically posted?