aboutsummaryrefslogtreecommitdiff
path: root/mod/vegan/README.org
blob: 4e4b3740b026def24313c9a9248e6f33157d78cb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

#+TITLE: Vegan, an anti-spam plugin for Elgg 1.8
#+AUTHOR: Lorea Hackers
#+EMAIL: devel@lorea.org

* Lorea Vegan
** Inspirations
*** StatusNet
**** http://spamicity.info/
**** http://status.net/wiki/Spam
** Features
*** Spam-Killing Delegation

    By default only admins can mark accounts as spammers and ban them
    on the spot. Vegan brings that feature to selected inhabitants.

*** Spammer's Recognition

    Vegan smells spammers:
    - recent account
    - no avatar
    - few friends
    - empty profile
    - abusive friend requests
    - send private messages to non-friends
    - posts a lot of links
    - posts known spam
    - posts from RBL-blacklisted origins
    - posts a lot in combination of any of the above
    - defines an "asocial" type that forces user into CAPTCHA mode
    - more content filtering (URLs, federated spam reports)

*** Conditional Posting

    - requires solving CAPTCHA on first blog post
    - requires solving CAPTCHA on submission if "asocial"
    - forces "PRIVATE" posting on reported users

*** Early Warning System

    - sandbox reported users
    - requires email confirmation on suspicious activity

*** Hive Mind Report

    - any user can flag a spammer. The more flags, and the most dense
      the reports, the more constraints on the poster.
    - after a threshold of user reports, spammer is flagged
      automatically and removed.
    - user successfully reporting spam get more trust reporting next
      spammers, hence reinforce the anti-spam recognition system:
      accordingly, users falsely reporting spam receive less trust,
      and can be flagged themselves as trolls if they persist in wrong
      reports.
    - trolls are treated similarly as spammers, but their account and
      contents are not destroyed, just suspended.

*** Fight Human Spammers

    As spammers learn to bypass registration processes by keeping that
    part manual, they can throw in several dormant accounts and use
    them later. 

    - When a spam is successfully reported, the social graph
    of the spammer is analyzed and contacts are sanctioned (loss of
    trust.)
    - When an account is inactive for too long, it is suspended, and
      requires a manual email reactivation. Remote accounts not
      mentioning an email require admin intervention for reactivation.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 22:54:46 +0000