Proposition: CAPTCHA changes

[Graf Zahl]

I guess when it gets this far there needs to be a manual component in the email verification process.

[Redneckerz]

Its partially why i look hesitant at Nvidia's and others that invest heavily in AI. Yes, it has its advantages, but as with every new development - It will get misused to train far smarter bots than even what we have today. Bots that not only recognize a word or picture, but also know what it means and references. Neural networks are already halfway there.

It's quite likely that we'll soon get to a point where bots are more likely to correctly answer the CAPTCHA than humans.

This is, scarely so, something i envision aswell. It is more likely that software bots become proper humanoid than physical robots (Since those have to surroundings into account).

A bleak future, really.

[Graf Zahl]

I think the end result will then be the banishment of all computers because they just become too dangerous. Back to the mid 20th century. Or Humankind will run out of energy first.

[Enjay]

I think that the saddest part is that it reflects on human nature: regardless of what the situation is, there is always someone who is happy to royally mess things up for everyone else just for their own short-sighted, selfish "what can I get out of this" opportunity. It's a situation that is seen over and over and over again in both the digital and physical realm. This is what I want, I want it now and screw everyone and everything else!

[Graf Zahl]

That's Human nature. We have to live with that.
But when it comes to legislation that could keep these things in check there will always be someone crying foul because of violation of some rights, blah, blah, blah - and in the end the countries that will come out on top are those who give a shit about Human rights, because they'd be willing to do something about these threats but to so called "free world" will just debate ad infinitum where these rights end and protection of society needs to start. As long as the internet remains the Wild West without legislation and rules, it can only get worse.

[Redneckerz]

I think that the saddest part is that it reflects on human nature: regardless of what the situation is, there is always someone who is happy to royally mess things up for everyone else just for their own short-sighted, selfish "what can I get out of this" opportunity. It's a situation that is seen over and over and over again in both the digital and physical realm. This is what I want, I want it now and screw everyone and everything else!

Hey Enjay, give me NJDoom3 or else!!!

Sadly, that is what it is - And i wish big companies would atleast address this in their PR speak. As interesting as the real world applications are, they only speak about positives. When such far fetched measurements can get abused, i feel its an obligation for companies to tell their userbase about it.

• Will that cost them money or image? Yes. But from a moral and ethical point of view, they should be honest about the implications - Even when it goes against the good nature of the product.
  Will they do that? Ofcourse not. Because morals. And that also plays a part, i feel - Along with most people (Painting very broadly here) not being interested in discussing implications in the first place.

But that's for another topic, i reckon.

[Rachael]

There are two issues with Google reCAPTCHA:

1) We do not have a current version of the plugin that works with our board software
2) From my experience it's extremely unreliable. It's a popular target for spam bot software to begin with, and therefore easily defeated - we'd be caught within the game of cat and mouse where Google tries to defeat the bots and the bot makers try to defeat Google. At least with our method, our relative obscurity keeps us out of that silly game.

As far as the rest of your comments - if someone really wants to get in, they get through just fine. We approve guest posts on a daily basis which require verification by this system. You're proof of that. I don't see anything wrong with requiring a little determination to get through.

[Rachael]

1. I don't know. I know the number of user registrations did dramatically decrease since this was put in place, but people still got through. Here's a fun fact: About 90% of people who register an account never use it anyway. As far as overall growth, it actually remains fairly unaffected - those who do make it through still end up using their account more often than if the door was simply left wide open.

2. Congratulations.

[Enjay]

Here's a fun fact: About 90% of people who register an account never use it anyway.

I remember the first time I bothered to look at the user list and the post-count per user (many years ago). I was really surprised how many users have 0 posts. We currently have something like 235 pages of people (30 per page) of members with 0 posts and several more with just 1.

[drfrag]

What about a purge then? For people with zero posts registered before the last three months.
Edit: or registered before 2020?

[Enjay]

I can't speak for Rachael but as a result of this: viewtopic.php?t=55791 from three years ago there are still reasonably frequent requests for account reactivations. If the 0 post members are not actually problematic, then I see little need to remove them.

[drfrag]

But those accounts were not deleted, they were deactivated.

all inactive accounts that have a) never logged in, and b) have never had any posts, but registered prior to 01 July 2018 have been pruned. This is done because a lot of spam bot accounts tend to clog up the database unnecessarily and the accounts are doing absolutely nothing useful.

[Enjay]

But those accounts were not deleted, they were deactivated.

True, but my point was that deactivating a bunch of accounts before a certain date still has people cropping up fairly frequently to ask for reactivation three years later.

That thread also says "If your account had 0 posts at that time, then it was deleted; please register again." So there were some people whose accounts were deleted and I know that some of them did make new accounts. It's more difficult for me to have a feel for the number on that though, and whether it still goes on, because it generally happens through the normal new registration process without anything particularly drawing attention to the process other than the first few posts needing to be authorised.

So, if the 0 post accounts aren't causing a problem, I don't see the need to prune them but if they are - then pruning makes sense. I personally don't see any problems, but then I'm not an admin and perhaps there is a problem that they can see. It would also be an admin-level decision to do it anyway.

[Rachael]

To Anwar Garza:

I am not completely unsympathetic to the frustration you obviously encountered upon registering. Obviously much of your post and the way you worded things very much reflects that. I understand it's troublesome, and I am sorry that it is. But right now, I have determined that the benefits of the system in place outweigh the costs, and that is from a very long-term evaluation of the overall effects of the system both as it is now and as it was prior to these changes. If at a future time the circumstances that led me to this decision change (and it's not strictly bots that concern me in this regard, mind you), then I will reevaluate the process and make changes as necessary.

One of the biggest considerations is this: Unfortunately phpBB is not very friendly when it comes to filtering out the garbage, even if it stays stuck in the approval queue. While it's easy enough to filter out posts by one single account, the problem with spam bots is they make a new account for every advertisement (often with random characters i.e. cxjdojjsso or something like that). While it would be easy to bulk delete all said accounts and their posts along with it, it's much harder to discriminately delete the accounts so that the legitimate (and innocent) ones don't get caught in the crossfire. If I were to leave the door wide open, it would be far too easy to accidentally delete innocent and legitimate users, would likely happen far too often, and then you're left with the same situation as we have now, except with more frustration on the part of the moderators who have to deal with that garbage, and probably much to the frustration of the poor innocent users who aren't bots who happened to get their account deleted.

This is the cost of running a popular site. Sometimes, you have to make people jump through hoops if they want to join, if you don't want to overburden your moderator team (who, I might add, are all very busy with things other than, well, you know, moderating, which they do on a purely volunteer basis). And therein lies the crux of how this entire community works: Everything that everyone does is voluntary here. Even the development team. If and when money does change hands after negotiations from this site, it's always for a short term project, and inevitably everything gets done for free again after it happens.

[Rachael]

To Enjay and drfrag:

I agree with Enjay generally - if a purge is unnecessary, it shouldn't be done. The purge that I did do at the time was mostly to relieve some pressure off the database (there was a LOOOOOT of unused accounts). But - if the inactive accounts aren't causing problems, most of the time they will not be purged until an issue occurs.

But to you people holding 0-post accounts: Make a post. Somewhere. Because your account always is in danger of being purged, and most of the time purges are only announced after they're done - i.e. you won't get a warning.