#+TITLE: Vegan, an anti-spam plugin for Elgg 1.8
#+AUTHOR: Lorea Hackers
#+EMAIL: devel@lorea.org

* Lorea Vegan
** Inspirations
*** StatusNet
**** http://spamicity.info/
**** http://status.net/wiki/Spam
** Features
*** Spam-Killing Delegation

    By default only admins can mark accounts as spammers and ban them
    on the spot. Vegan brings that feature to selected inhabitants.

*** Spammer's Recognition

    Vegan smells spammers:
    - recent account
    - no avatar
    - few friends
    - empty profile
    - abusive friend requests
    - send private messages to non-friends
    - posts a lot of links
    - posts known spam
    - posts from RBL-blacklisted origins
    - posts a lot in combination of any of the above
    - defines an "asocial" type that forces user into CAPTCHA mode
    - more content filtering (URLs, federated spam reports)

*** Conditional Posting

    - requires solving CAPTCHA on first blog post
    - requires solving CAPTCHA on submission if "asocial"
    - forces "PRIVATE" posting on reported users

*** Early Warning System

    - sandbox reported users
    - requires email confirmation on suspicious activity

*** Hive Mind Report

    - any user can flag a spammer. The more flags, and the most dense
      the reports, the more constraints on the poster.
    - after a threshold of user reports, spammer is flagged
      automatically and removed.
    - user successfully reporting spam get more trust reporting next
      spammers, hence reinforce the anti-spam recognition system:
      accordingly, users falsely reporting spam receive less trust,
      and can be flagged themselves as trolls if they persist in wrong
      reports.
    - trolls are treated similarly as spammers, but their account and
      contents are not destroyed, just suspended.

*** Fight Human Spammers

    As spammers learn to bypass registration processes by keeping that
    part manual, they can throw in several dormant accounts and use
    them later. 

    - When a spam is successfully reported, the social graph
    of the spammer is analyzed and contacts are sanctioned (loss of
    trust.)
    - When an account is inactive for too long, it is suspended, and
      requires a manual email reactivation. Remote accounts not
      mentioning an email require admin intervention for reactivation.