Having problems registering on Coin Return? Please email support@coin-return.org, and include your PA username and PIN.
w̵h̵a̸t̷ ̶i̴s̶ ̵t̶h̴i̵s̵ ̷t̴h̷a̵t̷ ̶t̵w̵i̸t̵c̸h̴e̶s̵ ̶s̵l̵i̸t̸h̶e̵r̷s̵ ̸m̶o̵v̵e̴s̸ ̴s̸o̵ ̶f̷a̸r̴ ̴b̵e̷n̵e̴a̴t̴h̸ ̴u̴s̷ ̶w̸h̴a̴t̴ ̸i̸s̶ ̸t̸h̷i̵s̵ ̵l̷i̷g̵h̴t̷ ̸i̸n̵ ̴t̶h̶e̶ ̵v̸o̴i̵d̶
Posts
yeah tbh this sounds like a bunch of vague nothingness. like I still don't know who these shitbirds are, why I should be worried about them, or why their suggested existence should influence how we do signups for our weird little corner of the internet
a "slightly burdensome" (it really does suck as proposed) membership approval process without justification feels kind of unnecessary, is my feeling
but I'm also in the boat that feels like we're going overboard on several parts of this process so maybe I'm the one out of touch, I dunno
which is whatever I guess, I've been here for 20 years so I'm going down with the ship, but man I am just apparently completely out of sync with how others view the process of developing and fostering a community. I feel like we're so focused on edge cases that we're losing the forest for the trees.
I suspect we can't truly design a security process that would stop bad faith actors from gaining access to the new forums, but I think they honestly may not make it past any temporary new user --> member transition because they won't be able to resist swearing at others or being an open-faced bigot.
The forums are easy enough to get through and search and a lot of the folks in question have very old accounts (gamergate era), it exists and I've DMed both the TT (Minor Incident) and Quetzi with further details on the who.
Who is showing a fear of new posters?
If some unknown new member nobody knows is truly upset that they can talk about Vidya Games, Movies, TV, sports, other media, technology, participate in forum games, get help and advice for a couple of weeks but cannot vote on policy or participate in political discussions, random shitposts or chat topics, or do share art things until that time has passed (or somebody vouches for them) then they probably weren't going to be a good fit long term anyway.
It provides a gate that might be stringent enough to satisfy legal requirements and is a decent security compromise. Locks are for honest people, nothing will stop a dedicated bad actor or group of bad actors, but you still lock your doors and this is a middle ground between NO LOCKS AT ALL (not legally allowed) and EVERY LOCK IN EXISTENCE PLUS BODY CAVITY SEARCHES.
*edited for increased accuracy
Legos are cool, MOCs are cool, check me out on Rebrickable!
this seems like a super uncharitable interpretation of the conversation, ngl
I don't know that having a private section of the boards to offer some slight protection to the more vulnerable members of the community is "putting up so many walls and barriers". Especially since I believe some form of wall or barrier is required by the IRS to be a tax exempt organization.
Okay, it was two and not one but...
I have edited my post so as not to misrepresent the conversation.
Legos are cool, MOCs are cool, check me out on Rebrickable!
1. Forum Raids: These will be hard to not make obvious as the amount of new, non-spam users would have to balloon so much it'd be immediately noticable to the staff. If this raid is so sophisticated and patient to only infiltrate a few members at at time, then they're going to be be patient enough to jump through whatever hoops we put in front of them.
2. Doxxing: While some obstacles would dissuade people joining the forum impulsively to do this stuff, if they're that motivated or that dedicated of a malicious actor, they'll work their way through the system get to the handful of private forums we offer.
3. Scrapers: We're making several forums private, so captcha's and vigilance should keep out the bots, and anything beyond that isn't really something we can prevent without just disallowing all new users entirely.
4. Dirtbags: I feel like the moderation team is more the solution for assholes than making the waiting period more elaborate.
All that said, are we going to get a bunch of new users? Probably not a lot, but I don't see the value in making it even harder for reasons that won't actually keep any of our members safer IMO.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
I also doubt we'd miss out much if someone gets into a snit that they don't get instant access to the politics forum.. Many forums actually run with a policy where new members don't have access to the politics boards because the topics there can be pretty contentious and they want to trial out members to make sure they are a good fit for the community.
I'd agree with the idea that most of the boards open to the public are the ones that are actually going to get us new people if we're going to get them.
I'd also say, that the whole idea of a time period to begin with, was to have an alternative means for lurkers to hit full membership without having to make posts. I don't know why giving them an alternative route mean we can't also have a route where if people make enough reasonable posts, they'll get full membership before a lurker. Post means someone is showing their character and those that are a bad fit will fail out. You don't get that with a lurker, they are pretty much a blank slate (I will say that activity should be more than just logging in once a day. I'd think lurkers would check a few threads before calling it a day and if a potential bot has to visit some threads, probably reasonable to assume most will out themselves by having some really odd behaviors on what they check to meet the activity criteria).
I'd also like to endorse the sponsorship path to membership as well. That actually could go a long way to encouraging some good community dynamics. It gives people that happen to show up, who have no connection to the board an alternative just posting enough or being active enough. Make some good quality posts or direct people they know to other places they've publicly interacted on the internet (assuming they are willing to share). It also opens the door for people's friends and acquaintances to have an easier time getting on. Granted for that last one, make it clear that if there is a pattern of someone's friends and acquaintances always being a problem, they will lose the ability to sponsor people.
I'd argue between making 20 reasonable posts, 30 days of activity (not just logging in) and getting sponsored by a member in good standing. Should be a good enough middle ground. It won't be too restrictive for new members, but at the same time, there is specific criteria that has to be met in order to maintain nonprofit status.
I will say though, that for voting stuff, that should have a requirement that we can reasonable be assured that someone actually has both a connection to the board and an incentive that the community continues to prosper. That also might help us meet the criteria for nonprofit status as well. I don't think it would be unreasonable to restrict voting privileges to having to have 60 days of activity. You don't get there by posting or getting sponsored. I have doubts we're really going to lose any potential new members because they have to wait two months to be able to vote in community decisions. Hell, might not even come up much, depending on how often we have such votes up. 60 days should give them enough time to figure out what the community is about, it should also be long enough to ensure that most bad actors will probably fail out or get outed.
This is an important aspect of it, as @gereg mentioned. We legally have to be "Not Open to the Public", and what exactly that entails is open to a lot of interpretation, but if we're not going to be charging a direct membership fee for access (something I am vehemently opposed to and will argue against as long as I am in a position to do so), the best way to make sure we stay firmly in legally solid territory is to have some sort of other barrier to full membership that passes the sniff test.
There's also some concern about preventing abuse in various forms. Spam is basically, as I previously said, a solved issue. Spam prevention tools are excellent, and they're not going to suddenly get worse at CoRe. Most of us probably haven't even seen a spam account slip through and make a post in... years? Basically, preventing spam shouldn't even really need to enter the conversation.
The other concern is bad actors and assholes of various flavors. Whether that's people looking to dox folks, or just bigots, or even the possibility of a forum raid. The thing is, I think this is, if not totally solved, at least 95% there thanks to our normal account screening process. I think some folks overestimate how well the worst kind of people can manage to hide their motivations on account creation. We've spent a lot of time talking to the mods who currently spend time monitor new account signups on PA and getting some insight into that process, and honestly it feels to me like the simple act of having a real human set of eyes on every new account signup before it's approved goes a long way and easily weeds out the vast majority of ne'er-do-wells. I see no reason to change this at Coin Return. Just asking people why they're joining and telling them to list their pronouns and having a person glance over those answers does a lot of work, and it's a very manageable lift for our moderation staff. And at the end of the day, I put more faith in our mod team spotting weird influxes of users and suspicious patterns than I do in any of these morons managing to pull the wool over on us.
That said, after thinking it over and sleeping on it, I think I've pretty much settled on what I, personally, would prefer to see, and what I'd like to push for our standards for the New Member to Member promotion:
20 Active Days
-or-
20 Posts
-or-
Invitation from an existing Member
I think something along those lines strikes a good balance of being friendly to pure lurkers (20 days of passive lurking to get access to private forums and voting rights seems reasonable and not overly arduous), active new users (20 posts can be knocked out fairly quickly by anyone wanting to be an active part of the community, and gives mods a good amount of room to spot shit heads and anyone trying to game the system), and friends-of-friends (because anyone someone here trusts and wants to involve in the community should be assumed to be solid, and shouldn't have to wait to participate in all forums).
Nothing's perfect, and every choice here is a tug of war between being open and being secure. I'd prefer to err on the side of being reasonably open, knowing that our security beyond this point is likely to be pure diminishing returns, and that our moderation team is empowered to pick up the slack and protect us if anything does slip past. The rest, the more sensitive stuff that's a legitimate concern for folks around their privacy? Well, we're getting a clean slate, and I would always recommend that everyone be mindful not to post anything on a semi-public internet forum that could cause severe real world consequences for them, just as a matter of personal security.
My impression was not that people arguing in favor of security are wanting more than "30 days/20 posts", but that people arguing in favor of accessibility are wanting less than that. Sorry if I'm misunderstanding.
I think looking at it as "a fifth" is not really the spirit of what I was trying to convey. It's not "a fifth of all new people", it's "two people", with the understanding that two is an exceptionally small number. The character and health of the forums is not going to depend on a couple of new people here and there. If we want to encourage growth of the forums, it's not going to be premised on whether or not a person can view all the sensitive bits of the forums just by walking in off the street, it's going to be premised on making ourselves visible and appealing by other means.
What are those means? Fuck, I dunno. But my larger point is that I don't feel we should sacrifice a measure of security that we collectively decided was extremely important to us because it might turn off some rando who refuses to stick around unless they get to immediately go yell at someone in the politics forum or whatever. The politics forum that, presumably, they won't even know exists because it's invisible to non-members.
I also think it's important consider that a lack of perceived security could very well drive off people who are currently in this community. Would you consider it a fair to trade to get two new users in exchange for losing two existing ones? I think our priorities should be, first and foremost, taking care of our own.
Legos are cool, MOCs are cool, check me out on Rebrickable!
One thing I do want noted in regards to scrapers though. Is that most anti-scrape tools are only really effective when it's purely a bot. As I understand it, some scrapping sites are asking their user base to do the scrapping for them. So the delay in getting to see the boards with people's creative work could thin some out. I'll admit it won't get all of them and I'm not sure what all can be done to deal with that, when you do get the ones that survive long enough to have full access. Pretty sure the mod stuff is aware of this, but still worth pointing out for those that don't know about it.
It’s less common than it has been in the past (in my user level experience, obviously I don’t have backend access to even try to check numbers), but even in what may be the twilight of the forum as a concept, they still show up now and then.
I’m not sure I can recall one that actually appeared in 2025, maybe the extra mods and attention is getting even more efficient, but saying it’s been years since anyone saw one doesn’t align with my lived experience.
To be clear, I am agreeing with you. I think that if you are considering two people as a throwaway small number, it's a fair consideration.
But the fact that you said two out of ten means that I read it as 20%, which is my major objection.
Also I'm not opposing all security measures here, I'm just saying that I don't like measures that are exclusively driven by account age, especially when people have been suggesting things like sixty days of active account logins. If that's one of our potential options, that's fine, I'd just like it to be supported by also having a post option or a vouched for by an existing member option (or both).
Cool, I think we're largely on the same page then. High five for agreement!
Legos are cool, MOCs are cool, check me out on Rebrickable!
2 out of 10 people, or 20%, is a lot if we’re talking 100’s of real new members per year. Edit: excluding spam bots, trolls, ban evasion alts, etc.
If we see 10 new possible users in the next two years, it’s a shame to have some feel whatever barrier is present is onerous, but unfortunately much like with the upcoming move, we can’t and won’t be able to save everyone, for lack of a better term.
Based on chatter on this page, we’re legally required to have a reasonable minimal barrier, which means that by definition we’ll likely have to enact options that might well exclude those 2/20% users.
I get that you’re not arguing for zero barrier to entry, but I think the context is important all the same.
Is it possible to query the forums/database copies for how many non-banned users we picked up in 2024? Perhaps compared against 2023 to level set for what the recent baseline new users per year have even been?
The contrast being suggested being due to the pending death of the forums possibly drawing in an uptick new users (people who finally decided to check it out before it’s gone, or returning members who have lost their login info, etc).
Oh, I made a change (in December 2024, I think?) that restricted applicants, so it's been fairly effective at stopping spam. Now applicants are manually verified by admin/mods. If we had controls to require a verified e-mail (for some reason, Vanilla won't let me do this), it would have been a lot easier, since most spam accounts don't have real e-mail addresses.
MHWilds ID: JF9LL8L3
I was taken aback for a moment. 'Hold up, it has not been literal years since I last saw a spam thread. Weeks or months, sure, but not years.'
that's it that's the post
I also don't want to shut out lurkers. For some people posting is more difficult than others. I'm sure that if I had posted everything that was enough that a draft was saved, I'd have ten times the posts I had now, but the discussion had moved on, I didn't quite find the word to say what I wanted etc. (Yes, I know, it's not like the posts that got through were that great either).
I do worry about bad actors trying to get personal information for harassment, but somebody with that agenda would probably be waiting out/make no content post for a while to circumvent the waiting periods. I don't have any good idea how to stop that, but I hope someone comes up with something workable.
Under the proposed system, a lurker could join and bypass the wait if they're vouched for by another user.
If someone randomly wanders by and decides to hang out, I don't think a waiting period is too much to ask. How long that should be, is something I 100% respect needing to be managed. 2 months is probably too long, 2 days is too short. 2-4 weeks doesn't seem unreasonable.
I mean, I hope it's not coming across in a derogatory tone, but as has been mentioned, given the rate of issues and votes being taken to date, a 2-4 week wait period might mean missing, what, 1-2 issues that were tabled in that time?
A brand new fresh account needing to spend a period of time (TBD) amongst 6 of the subforums before gaining access to the other 3 doesn't seem like an egregious barrier to entry. We have folks who have been here for decades, who log in multiple times every day of every year for 10-20+ years. Have tens if not hundreds of thousands of posts.
If we actually do attract entirely fresh faces, settling in and getting a feel for how less contentious issues are discussed (okay, maybe we should restrict access to the Star Wars thread too) before dipping their toes in the scalding waters elsewhere might not be a bad idea.
I'd like to know more about what the rules are going to be for weeding out new people by the mods. I keep hearing how effective it is, but I don't understand what that means. Just turning off the sign-up form is 100% effective at keeping out bad actors. How do we know there aren't a ton of false positives?
I don't want to be dismissive, but I don't understand what tea leaves you can read to figure out somebody is a baddie? I wasn't even sure what the new user form looks like, so I went to grab it. I don't see anything about pronouns. If someone says they want to join to 'maek post', unless their email is racist as a shit I don't see what there is to work with.
Information Security 101 says don't answer the question you're asking to the general public...
like
really surprised
I was talking about the Coin Return signup form in that regard, not the current PA one (which is still good, but doesn't include that field).
And to answer the rest: you'd be surprised how obviously fake the vast majority of signup attempts are (at both the email address field, and the "why do you want to join?" question). I don't really want to give a crash course on how and why exactly, because it kind of defeats the purpose to publicize that (and really, some of it is just vibes), but I'm sure @Zibblsnrt and @Hahnsoo1 and @Anzekay (and probably others, but they seem to be the ones who I've heard from most about signup screening) can confirm that spammers and shit heads throw themselves right into the net more often than not.
You might be thinking that the failure is just not answering it. Or not making a good argument.
You are probably not thinking that the failure is literally saying "I am a spammer."
Well, boy howdy do I have some news for you.
Legos are cool, MOCs are cool, check me out on Rebrickable!