Jump to content

User Validation


gmj3191

Recommended Posts

It sounds like the problem in Australia is a local problem, not a global one. Personally, I haven't seen such behaviour in my area, and there's only the occasional global spammer like the one recently. While I agree that mandatory validation is necessary and should have been in place long ago, the problem in Australia will need to be dealt with locally. It sounds like this is already happening with it being reported to the authorities.

Link to comment

And you certainly don't leave the front door open when you know that people are already getting in.

When you get a little bit of money each time someone walks into your house, and the majority of those people are playing nice, it might be tempting to keep the door wide open. The occasional bad apple that comes in and makes a mess becomes a cost-of-doing-business.

Link to comment
It sounds like the problem in Australia is a local problem, not a global one. Personally, I haven't seen such behaviour in my area, and there's only the occasional global spammer like the one recently. While I agree that mandatory validation is necessary and should have been in place long ago, the problem in Australia will need to be dealt with locally. It sounds like this is already happening with it being reported to the authorities.

 

Sounds like another americanocentric attitude to a global issue. How does a lack of email validation, or spam control contain itself to national boundaries.... This cannot only be happening in Australia.

 

When you get a little bit of money each time someone walks into your house, and the majority of those people are playing nice, it might be tempting to keep the door wide open. The occasional bad apple that comes in and makes a mess becomes a cost-of-doing-business.

 

So if its only happening here then its a cost of doing business..... Yep....

 

Bet if it were happening to you or on GS front door the attitude would be greatly different.

Edited by Fergzter
Link to comment

There is a problem and it is spoiling the game for quite a number of people. We keep on hearing that Groundspeak is doing something about it and I sincerely hope and expect that they are.

 

It is a lot like security for your house - you can never hope to keep the most determined burglar out, but you do things to dissuade most who would try. It is called Risk Management.

 

And you certainly don't leave the front door open when you know that people are already getting in.

The flip side of that argument is that you don't necessarily advertise what security measures you've put into place, so that you maintain some edge on the determined hacker. I'm OK with Groundspeak keeping any and all security measures under wraps, and as far as I'm concerned, the proof is in the pudding. I haven't seen or heard of any other exploits getting through, so whatever they're doing, I hope and expect that they continue to do so.

Link to comment

It sounds like the problem in Australia is a local problem, not a global one. Personally, I haven't seen such behaviour in my area, and there's only the occasional global spammer like the one recently. While I agree that mandatory validation is necessary and should have been in place long ago, the problem in Australia will need to be dealt with locally. It sounds like this is already happening with it being reported to the authorities.

 

No, it is NOT a local problem. A similar thing has happened at least once before that I am aware of (in Germany a few years ago - it took them months and some ingenuity to resolve). It can, and will, happen again, anywhere, any time.

Link to comment

I agree with Alansee, this is not a "local problem" pertaining to Ballarat only. This happens to various degrees in all areas of the world. Evidence for this can be seen on these very forums where nearly every week people are complaining about this very problem This is a "global problem" and it can only be solved by implementing a "global solution". As for these "security measures" that Groundspeak supposedly may or may not have. They are not working. If they were then the whole issue with the OP wouldn't exist and we wouldn't be having this discussion.

Link to comment

If as some say "validating with an email address" will not solve the problems then why as a premium member am I required to have an email address. It is not possible to remove a Primary email address.

Is Geocaching.com not penalizing Premium members insisting on them supplying more information?

 

I am a cache owner and insist on being given the opportunity to be able to contact those cachers that visit or attempt to visit my caches.

Link to comment

An unfortunate side effect of Groundspeak not validating users is that all my placed caches now are tending to be Premium caches rather than caches accessible to those choosing to cache as free non Premium members.

If I was a cynic, I'd be tempted to think that this is the direction that Groundspeak would like us to go, by creating an environment where more and more people become Premium in order to rise above the chaos created by the unverified masses.

Luckily I'm not that cynical.

Link to comment

An unfortunate side effect of Groundspeak not validating users is that all my placed caches now are tending to be Premium caches rather than caches accessible to those choosing to cache as free non Premium members.

If I was a cynic, I'd be tempted to think that this is the direction that Groundspeak would like us to go, by creating an environment where more and more people become Premium in order to rise above the chaos created by the unverified masses.

Luckily I'm not that cynical.

 

I got tired of the NVM's and made all of my listings PMO, and that worked for me. The way things are going, I'm just not sure how much longer I am going to keep placing caches. :ph34r:

Link to comment

There is a problem and it is spoiling the game for quite a number of people. We keep on hearing that Groundspeak is doing something about it and I sincerely hope and expect that they are.

 

It is a lot like security for your house - you can never hope to keep the most determined burglar out, but you do things to dissuade most who would try. It is called Risk Management.

 

And you certainly don't leave the front door open when you know that people are already getting in.

The flip side of that argument is that you don't necessarily advertise what security measures you've put into place, so that you maintain some edge on the determined hacker. I'm OK with Groundspeak keeping any and all security measures under wraps, and as far as I'm concerned, the proof is in the pudding. I haven't seen or heard of any other exploits getting through, so whatever they're doing, I hope and expect that they continue to do so.

 

Maybe it was already mentioned...but I recall not so long ago (maybe two weeks) there was a flood of spam-cacher logs with links to malware.

Whatever they're doing, it apparently is more reactionary than preventative.

Link to comment

I am a cache owner and insist on being given the opportunity to be able to contact those cachers that visit or attempt to visit my caches.

You have been given the opportunity, that is exactly why they introduced the message centre.

Now that the message center has been around a while, how often are people getting responses from messages sent to unvalidated accounts? Many people have said this was one of the motivations for the message center, but it never made sense to me that it would work very often. So does it?

Link to comment

I got tired of the NVM's and made all of my listings PMO, and that worked for me. The way things are going, I'm just not sure how much longer I am going to keep placing caches. :ph34r:

 

If you don't want NVMs finding your caches, instead of making them PMO you can make sure the terrain/difficulty is rated high enough so that they don't show up in the intro app to non premium members.

 

For my lower D/T caches that did show up in the intro app, I made them premium. While I welcome new cachers, I don't welcome those that don't take the time to use the website and validate their account.

Link to comment

I got tired of the NVM's and made all of my listings PMO, and that worked for me. The way things are going, I'm just not sure how much longer I am going to keep placing caches. :ph34r:

 

If you don't want NVMs finding your caches, instead of making them PMO you can make sure the terrain/difficulty is rated high enough so that they don't show up in the intro app to non premium members.

 

For my lower D/T caches that did show up in the intro app, I made them premium. While I welcome new cachers, I don't welcome those that don't take the time to use the website and validate their account.

 

That was the main problem with the NVM's, they trashed GZ on my lower D/T listings.

 

My family members have a basic members account that they use to hide some lower D/T caches, when a few of them got constantly muggled they transfered them to my PM account and I set them to PMO and transfer them back to their basic account. The cache remains PMO and they can still view and edit everything except the PMO status. Maybe it was you that posted that information before? Not sure, but learned it here in the forums. B)

Link to comment

Okay, my local vs. global post has been taken completely the wrong way. I'll clarify...

 

First, I wholeheartedly agree that spammers are a global problem and that mandatory email validation would be a good thing. Heck, I started a forum discussion about exactly that over 2.5 years ago (albeit stemming from uncontactable non-validated members). There are many other reasons why validation (including periodic revalidation) would be a good thing, so I'm all for it.

 

Now, to the incident in Australia that triggered this discussion. For those in Australia who have witnessed this incident, is McLookers' description in post #49 accurate? If so, then this isn't a problem with a typical spammer who's creating logs all over the world. It's one or more disgruntled or misguided locals who are targeting local caches.

 

My local vs. global post was contrasting this local, targeted attack with recent (and ongoing) global, random attacks. Personally, I feel that in the former case the attackers are more likely to be motivated enough to work around security barriers than the run-of-the-mill random spammers. If someone with a grudge is vandalizing caches and cache listings, do you really think a Captcha or email validation will stop them? No, they'll likely take the time to get around it. For them, entering some Captcha text or setting up a new email account is nothing. However, the global spammer - who is probably using scripts - can be more easily defeated by such barriers.

 

In the end, the way to deal with the disgruntled cacher or misguided teen is at the local level. We can throw up all the barriers we want, but they're probably motivated enough to just work around them. They need to be confronted or reported to the authorities (if possible).

 

Please don't feel that I'm attempting to trivialize the Australia problem. It sounds like a nightmare that I wouldn't want to experience. I'm just saying that email validation may not have much of an effect and different, non-technical methods might need to be employed to deal with such a scenario.

 

BTW, I'm Canadian, so there's no "americanocentric attitude" here. We have the same queen as you guys down under. :laughing:

Link to comment

In the end, the way to deal with the disgruntled cacher or misguided teen is at the local level. We can throw up all the barriers we want, but they're probably motivated enough to just work around them. They need to be confronted or reported to the authorities (if possible).

 

This is where I disagree - putting up barriers DOES reduce the problems, which is why so many sites use them. Unless the perpetrators are really serious they will probably put it into the too hard basket and move on.

 

And for what it is worth, last time I checked Canada was in (north) America. There are a number of issues that we deal with here that do not occur in North America.

Link to comment

I am a cache owner and insist on being given the opportunity to be able to contact those cachers that visit or attempt to visit my caches.

You have been given the opportunity, that is exactly why they introduced the message centre.

Now that the message center has been around a while, how often are people getting responses from messages sent to unvalidated accounts? Many people have said this was one of the motivations for the message center, but it never made sense to me that it would work very often. So does it?

 

Would you have recieved a response from the same person if you had an email address? One that is more than likely a "junk"Gmail address that only gets looked at when absolutely needed.

Link to comment

 

This is where I disagree - putting up barriers DOES reduce the problems, which is why so many sites use them. Unless the perpetrators are really serious they will probably put it into the too hard basket and move on.

 

 

I agree with Alansee, there's not a pot of gold awaiting the perps who get onto GC.com, the most they're getting from it is the chance to put a few dodgy URLs in front of a few people, so the return isn't going to be huge. Therefore they're likely to be put off by even the simplest barrier (e.g. a captcha on signup), and will go for elsewhere where there's a larger audience, there are no barriers or there's more profit.

Link to comment

This is a two-fold topic, but both sections can be solved with a little fore-thought. With want of a better term, lets go with The A-Teams descriptions of the "Local Issues" and the "Global Issues".

 

GLOBAL I don't think there is little doubt that the infiltration of geocaching.com by literally thousands of fake accounts, all pushing a particular malware onto us and our friends all over the world is a global issue. Given that this has happened not once, but now twice makes me doubt that Groundspeak is really all over it. As I have stated before on this post, it seems very weird to me that they would prefer to invest as much time as they do in removing these fake accounts and deleting these posts rather than implement a protocol that would stop the creation of these accounts in the first place. I don't see Groundspeak as being naïve, but there has to be an underlying reason as to why they would choose this path. A simple "captcha" step in new account verification would add 30 seconds to a new user creating a new account, but to someone who wanted to create a few thousand accounts, it would add a few days to their process.

 

LOCAL I'll agree with The A-Teams updated description of the term "Local Issues" but I don't agree that this needs to be always sorted out at a local level. A lot of these "local issues" could be severely reduced if Groundspeak could introduce (or in some cases re-introduce) some basic measures.

 

Validated email addresses have got to be a must. I don't know of any other site that doesn't require this to become a member. The argument that we have our fancy new messanger centre instead is crap because anyone without a validated email address isn't going to get any notification that you have sent them a message to their account anyway.

 

IP address and UDI (Unique Device Identifiers) have got to be a must to shut down the repeat offenders. As it stands, at the moment, anyone out there can get on their phone and start finding caches and destroying them. Sure, they will get caught eventually, but as it has been shown in Ballarat and other places, once Groundspeak shuts the account down, it is too easy for them to pop up under a new account and continue doing the same thing. The cycle continues until they get bored and move on. Meanwhile areas like Ballarat are left devastated. These perps would be a lot less "enthusiastic" if they had to invest in a new phone/laptop/device every time they wanted to create a new account.

Link to comment

This is a two-fold topic, but both sections can be solved with a little fore-thought. With want of a better term, lets go with The A-Teams descriptions of the "Local Issues" and the "Global Issues".

 

GLOBAL I don't think there is little doubt that the infiltration of geocaching.com by literally thousands of fake accounts, all pushing a particular malware onto us and our friends all over the world is a global issue. Given that this has happened not once, but now twice makes me doubt that Groundspeak is really all over it. As I have stated before on this post, it seems very weird to me that they would prefer to invest as much time as they do in removing these fake accounts and deleting these posts rather than implement a protocol that would stop the creation of these accounts in the first place. I don't see Groundspeak as being naïve, but there has to be an underlying reason as to why they would choose this path. A simple "captcha" step in new account verification would add 30 seconds to a new user creating a new account, but to someone who wanted to create a few thousand accounts, it would add a few days to their process.

 

LOCAL I'll agree with The A-Teams updated description of the term "Local Issues" but I don't agree that this needs to be always sorted out at a local level. A lot of these "local issues" could be severely reduced if Groundspeak could introduce (or in some cases re-introduce) some basic measures.

 

Validated email addresses have got to be a must. I don't know of any other site that doesn't require this to become a member. The argument that we have our fancy new messanger centre instead is crap because anyone without a validated email address isn't going to get any notification that you have sent them a message to their account anyway.

 

IP address and UDI (Unique Device Identifiers) have got to be a must to shut down the repeat offenders. As it stands, at the moment, anyone out there can get on their phone and start finding caches and destroying them. Sure, they will get caught eventually, but as it has been shown in Ballarat and other places, once Groundspeak shuts the account down, it is too easy for them to pop up under a new account and continue doing the same thing. The cycle continues until they get bored and move on. Meanwhile areas like Ballarat are left devastated. These perps would be a lot less "enthusiastic" if they had to invest in a new phone/laptop/device every time they wanted to create a new account.

 

Well said...and I have yet to hear/read a compelling argument AGAINST email validation.

 

Question: I know they have a "Connect with Facebook option" on the site when signing in. How well does this (and others like signing in via a Google account, etc.) help as an alternate to creating and verifying an email address? A lot of sites offer this as an alternative to creating a unique site account, and I wonder if this would help in increasing the percentage of validated accounts. I don't really know how it all works, so maybe it's not even a real option.

Link to comment

My local vs. global post was contrasting this local, targeted attack with recent (and ongoing) global, random attacks. Personally, I feel that in the former case the attackers are more likely to be motivated enough to work around security barriers than the run-of-the-mill random spammers. If someone with a grudge is vandalizing caches and cache listings, do you really think a Captcha or email validation will stop them? No, they'll likely take the time to get around it. For them, entering some Captcha text or setting up a new email account is nothing. However, the global spammer - who is probably using scripts - can be more easily defeated by such barriers.

 

In the end, the way to deal with the disgruntled cacher or misguided teen is at the local level. We can throw up all the barriers we want, but they're probably motivated enough to just work around them. They need to be confronted or reported to the authorities (if possible).

This is where I disagree - putting up barriers DOES reduce the problems, which is why so many sites use them. Unless the perpetrators are really serious they will probably put it into the too hard basket and move on.

I've restored the missing part of the out-of-context quote above. You said the same thing I said, so we actually agree (I've bolded the relevant parts of our posts).

 

Again, I'm all for putting in things like email validation and Captcha. It's just that these barriers against the script-spammers are unlikely to have more than a negligible effect against someone with sufficient motivation.

 

Now, the unique device identifier mentioned by day1976 is an interesting concept I hadn't heard of before. A bit of quick Googling tells me these are (at least currently) mainly only on smartphones and tablets. Still, this would be a pretty effective way of preventing a problem user from creating a new account as easily if they're using a smartphone or tablet. Sure, they could keep switching devices, but that would get old pretty quickly.

Edited by The A-Team
Link to comment

...and I have yet to hear/read a compelling argument AGAINST email validation.

 

Indeed.

 

Anyone who has belonged to any website forum that has had to implement validated emails before allowing members to post can attest to the immediate reduction of spam from quick-made accounts; now-a-days this is standard practice. I'd wager that anyone with that smart phone and Geocaching App--and quick access to their email--wouldn't mind opening a new window and clicking on the validation link or checking for a validation code. Boom. Bam. Done. It would probably take the Ground$peak server longer to send the validation email than it would the new Geocaching App user to check their email.

 

Does GS receive What kind of support does GS receive that requires them to report the [growing?] Number of Members (versus the Number of Validated or Active Members, which would probably be significantly different)? A free app, free membership, and no validation requirements sure help those numbers. Are those "locked" accounts still being counted and reported as Members, or are those factored out appropriately?

 

In this internet day and age it is about the number$ and that means more. That's not necessarily a bad thing but it can be...

 

New members are needed, sure. Good (active) member retention is also really important for geocaching.

Edited by JeepinOregon
Link to comment

Are those "locked" accounts still being counted and reported as Members, or are those factored out appropriately?

It's my understanding that because they're locked and not deleted, they're included in the fairly-meaningless member count on the front page. Also included are the many accounts that were created and never used at all. I suspect they use the inflated number because it looks better for marketing. "Look at how many members we have!"

Link to comment

I'd wager that anyone with that smart phone and Geocaching App--and quick access to their email--wouldn't mind opening a new window and clicking on the validation link or checking for a validation code. Boom. Bam. Done. It would probably take the Ground$peak server longer to send the validation email than it would the new Geocaching App user to check their email.

It's also worth pointing out that to download even the free app, you need an account in the respective app store. Those app store accounts require email validation. Therefore, since app users have already been required to go through an email validation earlier in the process, I don't see why they shouldn't be required to validate again when creating their Geocaching.com account. They've already verified that they have a valid email account once, so just get them to do it again.

Link to comment

Quick note with regards to numbers. When we hit the 2,000,000 geocaches, the top 20 countries at the time were US, Germany, Canada, UK, Sweden, France, Australia, Czech Republic, Austria, Norway, Denmark, Spain, Finland, Netherlands, Portugal, Switzerland, New Zealand, Belgium and Japan (in no. of caches placed). These made up just under 95% of the cache placed in the world at that time. Fast forward to now, combined these 20 countries have had 1.58 million active members in the year 2015 (according to project GC stats). Given that this supposedly makes up 95% of the geocaching activity, I would estimate that the ACTUAL number of active geocaches so far in the year 2015 is around the 1.7 million mark. Not a bad number, but way off the 5 million stated.

Link to comment

Any access to a new system should involve some level of verification. Even if this happens in an app store for the app stores authentication purposes it still needs to happen with Groundspeak as the user is accessing a new system.

Agreed. To be clear, what I said in my last post wasn't that the app store validation should be sufficient, but rather that since they've already done the validation once, it should be trivial for them to do it again here where it will bring added benefits for all (ie. preventing spammers, putting up barriers against malicious users, etc.).

Link to comment
since they've already done the validation once, it should be trivial for them to do it again

 

Problem is that with the intro app is that they can enter a bogus email address eg. sadfasdfd@gsdfs.com and it lets them in to log right away with really offensive logs. At least putting in a email address to generate a token on initial registration would slow it down as they would need an actual existing email address before it allows them to post logs. It would get pretty tiresome if you needed to generate an actual valid email address every time.

Link to comment

What would go a long way to solving this would be requiring a valid "paid" e-mail address, one where an ISP somewhere knows your personal details. You could still use a free e-mail address on the site, but Groundspeak would have the real e-mail address on file for every user.

 

Er ... my free email address IS my "real" one ... I don't have an ISP or a paid email address ... my internet is my phone, or free wifi ... and I am not the only one ... So if my gmail address did not let me sign up to Geocache then I would have to go hunt for those silly QR code stickers instead :)

Link to comment

Any access to a new system should involve some level of verification. Even if this happens in an app store for the app stores authentication purposes it still needs to happen with Groundspeak as the user is accessing a new system.

 

My email address in the playstore was made especially tor using android and apps. I never check the address or do anything with it. Apps insist on getting more info (for in-app purchases) but I always "skip' this step (I have no paid apps)

I doubt that GS even can get access to the playstore address.

 

In fact GS is the only site I use where a validation is/was never needed. Sometimes being unique is not such a good idea :rolleyes:

Link to comment

I know I originally registered back in 2010 and I didn't even start looking for caches until the end of 2012...so I have no memory of the process I went through when I signed up. Did they ever send out a "verification" link? They must have, right?

If so, then really the process is already in place, no? Why not actually enforce it?

Link to comment

I know I originally registered back in 2010 and I didn't even start looking for caches until the end of 2012...so I have no memory of the process I went through when I signed up. Did they ever send out a "verification" link? They must have, right?

If so, then really the process is already in place, no? Why not actually enforce it?

The email verification process is in place only if you sign up through the website. However, you can sign up directly through the official smartphone apps and get instant access with no email verification.

 

Edit to add: Woohoo, post #5000! :laughing:

Edited by The A-Team
Link to comment

 

Now, to the incident in Australia that triggered this discussion. For those in Australia who have witnessed this incident, is McLookers' description in post #49 accurate? If so, then this isn't a problem with a typical spammer who's creating logs all over the world. It's one or more disgruntled or misguided locals who are targeting local caches.

 

 

Hi The A-Team, I will respond here to your question but I would also welcome your direct contact to clarify anything you are questioning. YES, the description is accurate, otherwise I would not have published it. Yes, this is a problem with possibly a small group of people within the local community (who, as far as we can identify are not well known within the local geocaching community) who obviously think this type of vandalism is a fun past time.

 

And, no this isn't a problem with a spammer creating logs all over the world BUT it raises a specific issue that will affect ALL legitimate cachers around the world. This is why we are highlighting it to enable more traction with GS. Within any group I belong to, I try really hard to consider ALL implications of any action suggested for the good of the wider group, not just what affects me directly.

 

There was no pattern with the vandalism or inappropriate logs so the targets were not CO specific, we feel it was unlikely a personal vendetta.

Link to comment

 

In the end, the way to deal with the disgruntled cacher or misguided teen is at the local level. We can throw up all the barriers we want, but they're probably motivated enough to just work around them. They need to be confronted or reported to the authorities (if possible).

 

Please don't feel that I'm attempting to trivialize the Australia problem. It sounds like a nightmare that I wouldn't want to experience. I'm just saying that email validation may not have much of an effect and different, non-technical methods might need to be employed to deal with such a scenario.

 

 

Hi again The A-Team,

 

YES, this has been reported to the authorities but it gets back to the same old thing, no valid e-mail means no IP address and means very difficult to trace.

 

In our opinion, if the perpetrators have another hoop to jump through (eg validating an e-mail address) BEFORE they can continue to crank up another inappropriate user name to log a few more (up to 20 at a time) disgusting filthy logs without visiting caches OR access the app to find some more caches to trash and steal, then they might get sick of it real quick.

 

YES, this particular issue is a local one that does not affect you BUT the remedy we are requesting and lobbying for will assist geocachers globally in many more ways than just resolving our problem. This is our point and why we are asking for global assistance. We would not want this type of thing to happen ANYWHERE around the world as it has been extremely unpleasant.

Link to comment

...no valid e-mail means no IP address and means very difficult to trace.

Actually, any device that's connecting to the Groundspeak infrastructure to do anything, whether that's viewing the website, accessing caches through an app, or sending messages, will have an IP address that Groundspeak can record. You can't be on the internet without one.

 

I also encourage you to read my follow-up posts where I clarified my stance. I'm in no way against implementing security features to help prevent such incidents. Trust me, I'm on your side, even if my poor choice of wording in my posts has painted me as the opposite.

Link to comment

...no valid e-mail means no IP address and means very difficult to trace.

Actually, any device that's connecting to the Groundspeak infrastructure to do anything, whether that's viewing the website, accessing caches through an app, or sending messages, will have an IP address that Groundspeak can record. You can't be on the internet without one.

 

 

I fully realise you can't be on the internet without an IP address however for example you are using the wifi at the local McDonalds or the local library, then the IP address reflects this. You are not able to be identified. In the same way that if you are accessing premium caches using the app, your user name will not appear in the audit log for the CO. Here poses another problem.

Link to comment

...no valid e-mail means no IP address and means very difficult to trace.

Actually, any device that's connecting to the Groundspeak infrastructure to do anything, whether that's viewing the website, accessing caches through an app, or sending messages, will have an IP address that Groundspeak can record. You can't be on the internet without one.

 

 

I fully realise you can't be on the internet without an IP address however for example you are using the wifi at the local McDonalds or the local library, then the IP address reflects this. You are not able to be identified. In the same way that if you are accessing premium caches using the app, your user name will not appear in the audit log for the CO. Here poses another problem.

 

Lets not forget mobile dynamic IP and IP blockers, VPN etc etc

Link to comment

The challenge is not to validate what you're doing or where you're posting from it is to validate who you are and what your intention is. Email validation is almost useless as any bot can perform a self validation. IP addresses (as noted) are not satisfactory. You need to engage with the user to confirm that the reason they are here is to do what you are expecting. Any failure on their ability to convince you otherwise means you do not get in the door.

 

I would not let someone into my home because they had a form letter (validation).

I would not let someone into my home because they look respectable (IP address).

I would only let someone into my home if I knew why they were there, what they were going to do and how they were going to do it.

 

Apply the same logic to your site and the problem is almost entirely eliminated.

Link to comment

The challenge is not to validate what you're doing or where you're posting from it is to validate who you are and what your intention is. Email validation is almost useless as any bot can perform a self validation. IP addresses (as noted) are not satisfactory. You need to engage with the user to confirm that the reason they are here is to do what you are expecting. Any failure on their ability to convince you otherwise means you do not get in the door.

 

I would not let someone into my home because they had a form letter (validation).

I would not let someone into my home because they look respectable (IP address).

I would only let someone into my home if I knew why they were there, what they were going to do and how they were going to do it.

 

Apply the same logic to your site and the problem is almost entirely eliminated.

That's what we do on the forum of a certain website I'm involved in. Not only do new registrants have to answer a question from information in the website, but they also must write some sort of introductory email that gets read by a human and then subsequently activated (or not). But then, we're not a business or trying to get as many members as possible, so a little inconvenience to membership is worth it for us. I cannot see Groundspeak being that proactive with their app users.

Link to comment

That's what we do on the forum of a certain website I'm involved in. Not only do new registrants have to answer a question from information in the website, but they also must write some sort of introductory email that gets read by a human and then subsequently activated (or not). But then, we're not a business or trying to get as many members as possible, so a little inconvenience to membership is worth it for us.

 

Same here. Running a modest site + forum and blog with several contributors. Registration + Captcha + moderator approval. New members are then moderated for x posts.

So far no spam/misconduct but then again, we're in a niche market.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...