add trusted email

[moolight-seashell]

add to trusted email domains

from protonmail : protonmail.com proton.me pm.me

from mailfence mailfence.com

from murenna prevously named /e/ or eelo murena.io e.email

[GresilleSiffle]

Hello @jean-raphael

Thanks for taking the time to open an issue :+1:

Unfortunately at Tournesol we don't consider Proton Mail as a safe email provider. It's easy for one person to create several accounts on Proton Mail and then create several accounts on the Tournesol platform.

To allow Proton Mail users to increase their trust score we developed a vouching system. A user can vouch for one or more other users to increase their trust score. See the dedicated interface here: https://tournesol.app/vouching

It's important to note that the comparisons of every contributor is taken into account by the algorithm to compute the final score of a video, even those made by users with an email domain non considered trustworthy.

I don't know murena.io and e.email, we will give them a look.

[moolight-seashell]

@GresilleSiffle i'ts easy to create proton account, but proton have a strong detection of fake acounts https://proton.me/support/account-disabled

[GresilleSiffle]

By fake accounts do you mean accounts created by robots, or accounts created by a single person?

It's possible for a human to create several accounts on Proton Mail, as a human can easily bypass the human verification methods used by Proton Mail (CAPTCHA, email, or SMS).

Extract from https://proton.me/support/human-verification

In order to prevent the creation of accounts by spam bots or human spammers, Proton Mail uses a variety of human verification methods. You may be asked to verify using either CAPTCHA, email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors.

Generally speaking, attempting to create multiple accounts will trigger more difficult verification methods such as email or SMS, although there are also other factors that we consider. Certain Tor exit IPs also encounter this problem if they are frequently abused by spammers or attackers attempting to brute force user accounts.

Even if Proton Mail is able to detect spam bots or human spammers, it doesn't seem that Proton Mail is able to precisely detect non-spammer humans. I was able to create two accounts without problem for instance, and I think it's possible to create even more accounts. Proton Mail has indeed some security to detect malicious behaviours, but there is nothing abnormal when you create several accounts from the same public IP address. Nothing prevent a single user to use those accounts to register on Tournesol and then bypass our own security policy.

If Proton Mail adopts one day a strong proof of personhood method, it will possibly be trusted by Tournesol. Unfortunately, it seems safer to consider this email domain as unsafe for now.

[moolight-seashell]

@GresilleSiffle "verification methods such as email or SMS" is not enough foy you ?

Here we are talking about humans and not bots and moreover we are talking about an email where security is the main objective, not to mention that this email is known only in places where cybersecurity or a least IT is an important topic

you don't think to be too extreme in your policy, especially for a platform that is supposed to be open to a maximum of people

... or it is just an indication that the tournesol algo is not strong enough

anyway, personally I use protonmail, and I probably won't waste my time suggesting vidios anymore if my vote is not considered useful or reliable or considered at all

because when I suggest new videos they don't appear in the videos with the show all videos enabled option

[aidanjungo]

Unfortunately there are a lot of services with disposable numbers to get this kind of validation SMS, so for now we cannot completely thrust this methods. Security is our priority at Tournesol, but your comparisons are take into account anyway (even without trusted mail or any vouching). The reason your video did not appear could be because you are the only one who vote on this video or it as a negative score, so is appear as "unsafe" (but you can see unsafe video by clicking the checkbox in filters)

[moolight-seashell]

@aidanjungo it's true that a very intrusive system like google that asks you all your private information is much better,

and yes I'm talking about the suggestions (of the week) with the show unsafes video enabled for videos that i suggest as good videos, and it look i am true because when these videos ar suggested by other users these video are quite high on the list

[aidanjungo]

Also to see your video in the list it is not instantaneous, because the algorithm runs only four times a day, because it take something like 30 min. If it is not that, you can give me an example of video and I'll check why it did not appear.

[moolight-seashell]

ok maybe add a countdown on the website to have an u=intuitive understanting of the fact that this algo doesn't work live

[GresilleSiffle]

Hello again, here are addition notes.

verification methods such as email or SMS" is not enough foy you ?

I would like it to be enough but as @aidanjungo said, it's possible to have disposable phone numbers, email addresses, and even credit card numbers to trick the Proton Mail security policy.

To be more clear, services like Proton Mail want to prevent spamming, and having one client with several account is acceptable for them. For Tournesol we would like to avoid giving trust to users with several accounts as much as we can. The vouching system is here to give trust to users with non trusted email domain.

... or it is just an indication that the tournesol algo is not strong enough

The Tournesol algorithms use the trust score of each user and other parameters to determine their voting rights. If we declare @protonmail.ch (and friends) as safe, we are potentially creating an exploitable security breach.

anyway, personally I use protonmail, and I probably won't waste my time suggesting vidios anymore if my vote is not considered useful or reliable or considered at all

Don't worry this is not how Tournesol works.

As you can see in the previous @aidanjungo answer, and in my first answer here, each comparison is taken into account by the algorithm to create the recommendations stream. In addition to this, having public comparisons in the public dataset, even from domains that are not considered trustworthy, are still very valuable for the research.

@jean-raphael your comparisons are valuable for the recommendations and the public dataset we are building. Each contribution of each contributor greatly helps the research :muscle: