search

internetarchive / openlibrary

One webpage for every book ever published!
https://openlibrary.org
GNU Affero General Public License v3.0
5.2k stars 1.35k forks source link

RFC: What is a book? How should UI change to constrain "Add a Book" page? #525

Closed mekarpeles closed 4 years ago

mekarpeles commented 7 years ago

Related to #523 -- what constraints should be placed on a user who wants to add a book?

hackerfactor commented 7 years ago

  1. Create a reputation metric. New accounts have 0 reputation, so all edits must be reviewed. Each approved review increments the reputation counter; each rejection decrements the counter (negative is permitted). A value of at least "+4" (arbitrary, make it configurable) can add new content without a review. Cap the reputation range to [-10,+10]. This way, someone who suddenly becomes abusive can be moved back to needing reviews.

  2. Track accounts with IP addresses. This permits banning by IP, and allows finding other accounts created by the same IP address. (Trolls will create lots of accounts.)

  3. I don't know if you use a double opt-in. (To create an account, supply an email address. Click on the confirmation email before creating the account.) If you don't have double opt-in, then create it.

  4. For double opt-in: Do not permit anonymous email accounts (e.g., hushmail.com -- I've got a list of these services). Normalize Gmail "+text" tracking email addresses. Only 1 account per email address. This will make it harder for trolls to create accounts for abuse.

hackerfactor commented 7 years ago

  1. Track abusive IP addresses. I can tell you already that Tor will be more abusive than helpful. (If you want to permit Tor, then let me know and I'll create a .onion service for OpenLibrary.)

  2. fail2ban is your friend. Multiple failed logins? ban for 10 minutes. Multiple 10 minute bans? Ban for 2 days. (I call that second rule "slow learners", and it's a lifesaver.)

hackerfactor commented 7 years ago
  1. For abusive accounts, consider NOT BANNING. Instead, make their edits only viewable by them. This is trolling the trolls; they'll spend hours thinking they are being abusive before realizing that they are not doing anything.
xayhewalo commented 5 years ago

The description of this issue is a little beyond the scope of the title. I interpret "constrain the 'Add a Book' page" as restricting what forms the user has access to. The point outlined above is more like a counter spamming/vandalism feature.

I'm tagging this as an epic and assigning @mekarpeles per slack discussions.

@seabelis With regards to reducing spam/trolling, what features would be useful from the Librarian perspective?

edit: typos, clarity

seabelis commented 5 years ago

My interpretation of this question is not about who can do what, but what formats constitute a "book" and fit within the scope of the site. There has been some discussion on slack, i.e. govt docs, periodicals, audio formats. I have started some related discussions in terms of how books should be grouped and discussions of various formats is on the agenda. I think @mekarpeles does need to clarify what he meant for this particular discussion as it seems to be going in a few directions.

To answer @guyjeangilles, the truth is I come across l surprisingly little spam. If I'm remembering correctly @hornc has already implemented some anti-spam measures and they seem to be working for the most part. I don't think librarians should be able to ban users.

mekarpeles commented 4 years ago

Relates to @seabelis's #2662. Closing this issue.