Comments on: User Generated Headaches http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/ Mon, 22 Mar 2010 11:51:50 +0000 http://wordpress.org/?v=2.6.1 By: MFA (Made for AdSense) is the past. Say hullo to MFL (Made for Linkbait) - Tech Soapbox http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-3508 MFA (Made for AdSense) is the past. Say hullo to MFL (Made for Linkbait) - Tech Soapbox Fri, 19 Jan 2007 02:46:00 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-3508 [...] I’ve covered shortcomings of user-generated content sites like Digg before. I’ve pointed out how people quickly jump on a bandwagon without checking facts. Itt seems one of the first things to go with user-generated content is fact-checking. [...] [...] I’ve covered shortcomings of user-generated content sites like Digg before. I’ve pointed out how people quickly jump on a bandwagon without checking facts. Itt seems one of the first things to go with user-generated content is fact-checking. [...]

]]> By: AhmedF http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2728 AhmedF Mon, 13 Nov 2006 17:29:17 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2728 Captchas are weak at best (are you going to captcha everything? If just the registration part, spend some time to create 100 users and tada you are good to go). Javascript is also weak - beyond the fact that many offices force JS off, a bot follows specific rules. All it takes is browsing target site X for a while to know what JS you need to follow and to do it. Google already parses out javascript links, and those are general cases. When you are targeting a single site, writing rules to follow the JS is not very difficult :) Captchas are weak at best (are you going to captcha everything? If just the registration part, spend some time to create 100 users and tada you are good to go). Javascript is also weak - beyond the fact that many offices force JS off, a bot follows specific rules. All it takes is browsing target site X for a while to know what JS you need to follow and to do it. Google already parses out javascript links, and those are general cases. When you are targeting a single site, writing rules to follow the JS is not very difficult :)

]]> By: Josh Amer http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2684 Josh Amer Fri, 10 Nov 2006 21:52:33 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2684 Wojjie - I mainly use pattern recognition and it works pretty well, but there are times when a pattern doesn't match what I'm looking for even though it's not a human actor. I don't think you can look at this stuff in isolation and say that there's one best answer. I really like the SMS method because it forces the action offline. When the method is built into your site it's almost certain that there will be someone that can crack it. Google does this in another way which you probably don't know about - for Google Maps if you want to change the data in your listing they will mail a password to you at the currently listed addresss. At least that's how it was about a year ago. Wojjie - I mainly use pattern recognition and it works pretty well, but there are times when a pattern doesn’t match what I’m looking for even though it’s not a human actor. I don’t think you can look at this stuff in isolation and say that there’s one best answer. I really like the SMS method because it forces the action offline. When the method is built into your site it’s almost certain that there will be someone that can crack it.

Google does this in another way which you probably don’t know about - for Google Maps if you want to change the data in your listing they will mail a password to you at the currently listed addresss. At least that’s how it was about a year ago.

]]> By: Wojjie http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2683 Wojjie Fri, 10 Nov 2006 21:13:47 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2683 There are other low cost methods, that may require a bit more investment at start up, such as more difficult captchas. I have already started developing a captcha for my sites, and will make it more difficult when users start to abuse it. SMS messaging is a good approach, but you end up losing a section of your users, by either them not being tech saavy or not wanting to share their cell phone number (no matter how much you assure them it will not be abused). Some site's have used credit cards as verification, though that would be more difficult to get user's to accept than SMS in some cases. You could develop a system that tracks the navigation of a user, and flags users that seem to be acting strange (pattern in the interval between queries, not requesting all images and javascripts, perhaps a javascript application that randomly will use AJAX to post back a heartbeat). All these things can be quite easy to implement in some cases, and much more difficult to get around. For instance, you can no longer just use cURL to query the pages, as you need to process the ever changing javascript applications. An extreme would be to implement javascript encryption as well for posts back to the server, and have the method of encryption obfuscated. At a given point, the cost of developing a system to crack your system would go out of the reach of benefit of having such a system. Just my 2 cents. There are other low cost methods, that may require a bit more investment at start up, such as more difficult captchas.

I have already started developing a captcha for my sites, and will make it more difficult when users start to abuse it.

SMS messaging is a good approach, but you end up losing a section of your users, by either them not being tech saavy or not wanting to share their cell phone number (no matter how much you assure them it will not be abused).

Some site’s have used credit cards as verification, though that would be more difficult to get user’s to accept than SMS in some cases.

You could develop a system that tracks the navigation of a user, and flags users that seem to be acting strange (pattern in the interval between queries, not requesting all images and javascripts, perhaps a javascript application that randomly will use AJAX to post back a heartbeat). All these things can be quite easy to implement in some cases, and much more difficult to get around. For instance, you can no longer just use cURL to query the pages, as you need to process the ever changing javascript applications.

An extreme would be to implement javascript encryption as well for posts back to the server, and have the method of encryption obfuscated.

At a given point, the cost of developing a system to crack your system would go out of the reach of benefit of having such a system.

Just my 2 cents.

]]> By: Josh Amer http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2681 Josh Amer Fri, 10 Nov 2006 19:41:01 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2681 I notice that too in my own habits, I tend to use the utilitarian sites and can't ever really get sucked into any Social Networking sites. I guess to me it's a matter of time wasters v. time savers. I notice that too in my own habits, I tend to use the utilitarian sites and can’t ever really get sucked into any Social Networking sites. I guess to me it’s a matter of time wasters v. time savers.

]]> By: AhmedF http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2664 AhmedF Thu, 09 Nov 2006 22:16:34 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2664 Aye those inflated numbers can be nice for selling ads (I did write an article about MySpace inflation - http://forevergeek.com/articles/debunking_the_myspace_myth_of_100_million_users.php ) but that is all short-term gain with disastrous long-term effects. I find myself using Digg less and less - it seems like every iteration makes it less interesting and useful to me. About the only 'web 2.0' site I have kept up with is delicious, and only because of its complete utilitarian function. Aye those inflated numbers can be nice for selling ads (I did write an article about MySpace inflation - http://forevergeek.com/articles/debunking_the_myspace_myth_of_100_million_users.php ) but that is all short-term gain with disastrous long-term effects.

I find myself using Digg less and less - it seems like every iteration makes it less interesting and useful to me. About the only ‘web 2.0′ site I have kept up with is delicious, and only because of its complete utilitarian function.

]]> By: Josh Amer http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2659 Josh Amer Thu, 09 Nov 2006 13:10:26 +0000 http://jdamer.com/wordpress/2006/11/09/user-generated-headaches/#comment-2659 Thanks for posting this, it's a very real problem and you're right it doesn't get enough attention. I think partially because sites like Digg and other SNs want to inflate their user numbers. To an extent having fake accounts helps - you've never heard someone from Digg say 'we have 20 million user... but 20% are fake.' Thanks for posting this, it’s a very real problem and you’re right it doesn’t get enough attention. I think partially because sites like Digg and other SNs want to inflate their user numbers. To an extent having fake accounts helps - you’ve never heard someone from Digg say ‘we have 20 million user… but 20% are fake.’

]]>