Zonugal(He/Him) The Holiday ArmadilloI'm Santa's representative for all the southern states. And Mexico!Registered User, Transition Teamregular
My own feelings are that I think any attempt by another forum to raid CoRe would be pretty obvious when folks start getting in trouble for throwing out insults & violations of the CoC.
I suspect we can't truly design a security process that would stop bad faith actors from gaining access to the new forums, but I think they honestly may not make it past any temporary new user --> member transition because they won't be able to resist swearing at others or being an open-faced bigot.
We did have occasional forum raids. (Both on the giving and receiving ends.) It just hasn't happened in like two decades.
The afforementioned shitbirds have caught wind of geebs leaving and the lights being flickered and a target has definitely been mentioned. Whether they'll do anything remains to be seen. Forums are still being used and are making a comeback as folks burn out on algorithmic social media. A slightly burdensome membership+ approval process will probably be okay. Not being able to engage with the more raucous topics isn't going to really drive new users away. But I like the sponsorship idea.
Do you have any more details on this? Because I haven't heard anything about it yet, and as someone who currently approves membership applications here I'd love to know if there's a credible threat that I should be watching for.
yeah tbh this sounds like a bunch of vague nothingness. like I still don't know who these shitbirds are, why I should be worried about them, or why their suggested existence should influence how we do signups for our weird little corner of the internet
a "slightly burdensome" (it really does suck as proposed) membership approval process without justification feels kind of unnecessary, is my feeling
but I'm also in the boat that feels like we're going overboard on several parts of this process so maybe I'm the one out of touch, I dunno
The forums are easy enough to get through and search and a lot of the folks in question have very old accounts (gamergate era), it exists and I've DMed both the TT (Minor Incident) and Quetzi with further details on the who.
Regardless of the safety issue, legally there has to be a gate significant enough that being a full member of CoRe is not open to the public. Since we're collectively not going down the route of of a paywall we have to clear the bar of having enough friction that it's not de facto open to the public.
20 days of activity or whatnot with an accompanying vouch system from a full member that can override the 20 days seems perfectly cromulent to me.
If some unknown new member nobody knows is truly upset that they can talk about Vidya Games, Movies, TV, sports, other media, technology, participate in forum games, get help and advice for a couple of weeks but cannot vote on policy or participate in political discussions, random shitposts or chat topics, or do share art things until that time has passed (or somebody vouches for them) then they probably weren't going to be a good fit long term anyway.
It provides a gate that might be stringent enough to satisfy legal requirements and is a decent security compromise. Locks are for honest people, nothing will stop a dedicated bad actor or group of bad actors, but you still lock your doors and this is a middle ground between NO LOCKS AT ALL (not legally allowed) and EVERY LOCK IN EXISTENCE PLUS BODY CAVITY SEARCHES.
It seems like the analytics would let us know if our membership policies were driving away huge numbers of posters, right? I don't quite buy the "if trying to safeguard our artists and more vulnerable members prevents even two* new users from joining then we have failed" sentiment, but if a bunch of people are dropping by and either lurking but not bothering to register, or joining but then bailing before the probationary period is over, we would see this and could revisit our requirements, correct?
*edited for increased accuracy
ElJeffe on
Would you say I had a plethora of pinatas?
Legos are cool, MOCs are cool, check me out on Rebrickable!
thinking about it more, I feel like we're all accepting that we're sunsetting our community as a whole. we're putting up so many walls and barriers to the very few new people that might want to join whatever this is, it kind of just feels like an HOA or retirement home
which is whatever I guess, I've been here for 20 years so I'm going down with the ship, but man I am just apparently completely out of sync with how others view the process of developing and fostering a community. I feel like we're so focused on edge cases that we're losing the forest for the trees.
I don't know that having a private section of the boards to offer some slight protection to the more vulnerable members of the community is "putting up so many walls and barriers". Especially since I believe some form of wall or barrier is required by the IRS to be a tax exempt organization.
The issue to me is that doing much more than the simple 30 days or 20 posts feels like performative security to me. Stuff that feels good but doens't actually keep us any safer.
1. Forum Raids: These will be hard to not make obvious as the amount of new, non-spam users would have to balloon so much it'd be immediately noticable to the staff. If this raid is so sophisticated and patient to only infiltrate a few members at at time, then they're going to be be patient enough to jump through whatever hoops we put in front of them.
2. Doxxing: While some obstacles would dissuade people joining the forum impulsively to do this stuff, if they're that motivated or that dedicated of a malicious actor, they'll work their way through the system get to the handful of private forums we offer.
3. Scrapers: We're making several forums private, so captcha's and vigilance should keep out the bots, and anything beyond that isn't really something we can prevent without just disallowing all new users entirely.
4. Dirtbags: I feel like the moderation team is more the solution for assholes than making the waiting period more elaborate.
All that said, are we going to get a bunch of new users? Probably not a lot, but I don't see the value in making it even harder for reasons that won't actually keep any of our members safer IMO.
+1
QuetziHere we may reign secure, and in my choice,To reign is worth ambition though in HellRegistered User, Moderatormod
I think that misunderstanding is actually kind of core to our positions, honestly.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
Yeah, I doubt any reasonable person is going to begrudge the community for having the the boards dealing with art and creative writing set as private. That's intended to protect people's intellectual property from being harvested by bots and then used with people's permission to train generative AI, owned by people that routinely steal other people's work.
I also doubt we'd miss out much if someone gets into a snit that they don't get instant access to the politics forum.. Many forums actually run with a policy where new members don't have access to the politics boards because the topics there can be pretty contentious and they want to trial out members to make sure they are a good fit for the community.
I'd agree with the idea that most of the boards open to the public are the ones that are actually going to get us new people if we're going to get them.
I'd also say, that the whole idea of a time period to begin with, was to have an alternative means for lurkers to hit full membership without having to make posts. I don't know why giving them an alternative route mean we can't also have a route where if people make enough reasonable posts, they'll get full membership before a lurker. Post means someone is showing their character and those that are a bad fit will fail out. You don't get that with a lurker, they are pretty much a blank slate (I will say that activity should be more than just logging in once a day. I'd think lurkers would check a few threads before calling it a day and if a potential bot has to visit some threads, probably reasonable to assume most will out themselves by having some really odd behaviors on what they check to meet the activity criteria).
I'd also like to endorse the sponsorship path to membership as well. That actually could go a long way to encouraging some good community dynamics. It gives people that happen to show up, who have no connection to the board an alternative just posting enough or being active enough. Make some good quality posts or direct people they know to other places they've publicly interacted on the internet (assuming they are willing to share). It also opens the door for people's friends and acquaintances to have an easier time getting on. Granted for that last one, make it clear that if there is a pattern of someone's friends and acquaintances always being a problem, they will lose the ability to sponsor people.
I'd argue between making 20 reasonable posts, 30 days of activity (not just logging in) and getting sponsored by a member in good standing. Should be a good enough middle ground. It won't be too restrictive for new members, but at the same time, there is specific criteria that has to be met in order to maintain nonprofit status.
I will say though, that for voting stuff, that should have a requirement that we can reasonable be assured that someone actually has both a connection to the board and an incentive that the community continues to prosper. That also might help us meet the criteria for nonprofit status as well. I don't think it would be unreasonable to restrict voting privileges to having to have 60 days of activity. You don't get there by posting or getting sponsored. I have doubts we're really going to lose any potential new members because they have to wait two months to be able to vote in community decisions. Hell, might not even come up much, depending on how often we have such votes up. 60 days should give them enough time to figure out what the community is about, it should also be long enough to ensure that most bad actors will probably fail out or get outed.
Regardless of the safety issue, legally there has to be a gate significant enough that being a full member of CoRe is not open to the public. Since we're collectively not going down the route of of a paywall we have to clear the bar of having enough friction that it's not de facto open to the public.
This is an important aspect of it, as @gereg mentioned. We legally have to be "Not Open to the Public", and what exactly that entails is open to a lot of interpretation, but if we're not going to be charging a direct membership fee for access (something I am vehemently opposed to and will argue against as long as I am in a position to do so), the best way to make sure we stay firmly in legally solid territory is to have some sort of other barrier to full membership that passes the sniff test.
There's also some concern about preventing abuse in various forms. Spam is basically, as I previously said, a solved issue. Spam prevention tools are excellent, and they're not going to suddenly get worse at CoRe. Most of us probably haven't even seen a spam account slip through and make a post in... years? Basically, preventing spam shouldn't even really need to enter the conversation.
The other concern is bad actors and assholes of various flavors. Whether that's people looking to dox folks, or just bigots, or even the possibility of a forum raid. The thing is, I think this is, if not totally solved, at least 95% there thanks to our normal account screening process. I think some folks overestimate how well the worst kind of people can manage to hide their motivations on account creation. We've spent a lot of time talking to the mods who currently spend time monitor new account signups on PA and getting some insight into that process, and honestly it feels to me like the simple act of having a real human set of eyes on every new account signup before it's approved goes a long way and easily weeds out the vast majority of ne'er-do-wells. I see no reason to change this at Coin Return. Just asking people why they're joining and telling them to list their pronouns and having a person glance over those answers does a lot of work, and it's a very manageable lift for our moderation staff. And at the end of the day, I put more faith in our mod team spotting weird influxes of users and suspicious patterns than I do in any of these morons managing to pull the wool over on us.
That said, after thinking it over and sleeping on it, I think I've pretty much settled on what I, personally, would prefer to see, and what I'd like to push for our standards for the New Member to Member promotion:
20 Active Days
-or- 20 Posts
-or- Invitation from an existing Member
I think something along those lines strikes a good balance of being friendly to pure lurkers (20 days of passive lurking to get access to private forums and voting rights seems reasonable and not overly arduous), active new users (20 posts can be knocked out fairly quickly by anyone wanting to be an active part of the community, and gives mods a good amount of room to spot shit heads and anyone trying to game the system), and friends-of-friends (because anyone someone here trusts and wants to involve in the community should be assumed to be solid, and shouldn't have to wait to participate in all forums).
Nothing's perfect, and every choice here is a tug of war between being open and being secure. I'd prefer to err on the side of being reasonably open, knowing that our security beyond this point is likely to be pure diminishing returns, and that our moderation team is empowered to pick up the slack and protect us if anything does slip past. The rest, the more sensitive stuff that's a legitimate concern for folks around their privacy? Well, we're getting a clean slate, and I would always recommend that everyone be mindful not to post anything on a semi-public internet forum that could cause severe real world consequences for them, just as a matter of personal security.
Hell, New Jersey, it said on the letter. Delivered without comment. So be it!
+18
QuetziHere we may reign secure, and in my choice,To reign is worth ambition though in HellRegistered User, Moderatormod
The issue to me is that doing much more than the simple 30 days or 20 posts feels like performative security to me. Stuff that feels good but doens't actually keep us any safer.
1. Forum Raids: These will be hard to not make obvious as the amount of new, non-spam users would have to balloon so much it'd be immediately noticable to the staff. If this raid is so sophisticated and patient to only infiltrate a few members at at time, then they're going to be be patient enough to jump through whatever hoops we put in front of them.
2. Doxxing: While some obstacles would dissuade people joining the forum impulsively to do this stuff, if they're that motivated or that dedicated of a malicious actor, they'll work their way through the system get to the handful of private forums we offer.
3. Scrapers: We're making several forums private, so captcha's and vigilance should keep out the bots, and anything beyond that isn't really something we can prevent without just disallowing all new users entirely.
4. Dirtbags: I feel like the moderation team is more the solution for assholes than making the waiting period more elaborate.
All that said, are we going to get a bunch of new users? Probably not a lot, but I don't see the value in making it even harder for reasons that won't actually keep any of our members safer IMO.
My impression was not that people arguing in favor of security are wanting more than "30 days/20 posts", but that people arguing in favor of accessibility are wanting less than that. Sorry if I'm misunderstanding.
I think that misunderstanding is actually kind of core to our positions, honestly.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
I think looking at it as "a fifth" is not really the spirit of what I was trying to convey. It's not "a fifth of all new people", it's "two people", with the understanding that two is an exceptionally small number. The character and health of the forums is not going to depend on a couple of new people here and there. If we want to encourage growth of the forums, it's not going to be premised on whether or not a person can view all the sensitive bits of the forums just by walking in off the street, it's going to be premised on making ourselves visible and appealing by other means.
What are those means? Fuck, I dunno. But my larger point is that I don't feel we should sacrifice a measure of security that we collectively decided was extremely important to us because it might turn off some rando who refuses to stick around unless they get to immediately go yell at someone in the politics forum or whatever. The politics forum that, presumably, they won't even know exists because it's invisible to non-members.
I also think it's important consider that a lack of perceived security could very well drive off people who are currently in this community. Would you consider it a fair to trade to get two new users in exchange for losing two existing ones? I think our priorities should be, first and foremost, taking care of our own.
Would you say I had a plethora of pinatas?
Legos are cool, MOCs are cool, check me out on Rebrickable!
I'm fine with that, I'd prefer longer on getting voting privileges but I think that is still a pretty solid middle ground.
One thing I do want noted in regards to scrapers though. Is that most anti-scrape tools are only really effective when it's purely a bot. As I understand it, some scrapping sites are asking their user base to do the scrapping for them. So the delay in getting to see the boards with people's creative work could thin some out. I'll admit it won't get all of them and I'm not sure what all can be done to deal with that, when you do get the ones that survive long enough to have full access. Pretty sure the mod stuff is aware of this, but still worth pointing out for those that don't know about it.
I have absolutely have seen spam accounts within the last year. They’re not around for long, but they do show up now and then, hocking online tarot readings and supplements and shit.
It’s less common than it has been in the past (in my user level experience, obviously I don’t have backend access to even try to check numbers), but even in what may be the twilight of the forum as a concept, they still show up now and then.
I’m not sure I can recall one that actually appeared in 2025, maybe the extra mods and attention is getting even more efficient, but saying it’s been years since anyone saw one doesn’t align with my lived experience.
First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKER!
0
QuetziHere we may reign secure, and in my choice,To reign is worth ambition though in HellRegistered User, Moderatormod
I think that misunderstanding is actually kind of core to our positions, honestly.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
I think looking at it as "a fifth" is not really the spirit of what I was trying to convey. It's not "a fifth of all new people", it's "two people", with the understanding that two is an exceptionally small number. The character and health of the forums is not going to depend on a couple of new people here and there. If we want to encourage growth of the forums, it's not going to be premised on whether or not a person can view all the sensitive bits of the forums just by walking in off the street, it's going to be premised on making ourselves visible and appealing by other means.
What are those means? Fuck, I dunno. But my larger point is that I don't feel we should sacrifice a measure of security that we collectively decided was extremely important to us because it might turn off some rando who refuses to stick around unless they get to immediately go yell at someone in the politics forum or whatever. The politics forum that, presumably, they won't even know exists because it's invisible to non-members.
I also think it's important consider that a lack of perceived security could very well drive off people who are currently in this community. Would you consider it a fair to trade to get two new users in exchange for losing two existing ones? I think our priorities should be, first and foremost, taking care of our own.
To be clear, I am agreeing with you. I think that if you are considering two people as a throwaway small number, it's a fair consideration.
But the fact that you said two out of ten means that I read it as 20%, which is my major objection.
Also I'm not opposing all security measures here, I'm just saying that I don't like measures that are exclusively driven by account age, especially when people have been suggesting things like sixty days of active account logins. If that's one of our potential options, that's fine, I'd just like it to be supported by also having a post option or a vouched for by an existing member option (or both).
I think that misunderstanding is actually kind of core to our positions, honestly.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
I think looking at it as "a fifth" is not really the spirit of what I was trying to convey. It's not "a fifth of all new people", it's "two people", with the understanding that two is an exceptionally small number. The character and health of the forums is not going to depend on a couple of new people here and there. If we want to encourage growth of the forums, it's not going to be premised on whether or not a person can view all the sensitive bits of the forums just by walking in off the street, it's going to be premised on making ourselves visible and appealing by other means.
What are those means? Fuck, I dunno. But my larger point is that I don't feel we should sacrifice a measure of security that we collectively decided was extremely important to us because it might turn off some rando who refuses to stick around unless they get to immediately go yell at someone in the politics forum or whatever. The politics forum that, presumably, they won't even know exists because it's invisible to non-members.
I also think it's important consider that a lack of perceived security could very well drive off people who are currently in this community. Would you consider it a fair to trade to get two new users in exchange for losing two existing ones? I think our priorities should be, first and foremost, taking care of our own.
To be clear, I am agreeing with you. I think that if you are considering two people as a throwaway small number, it's a fair consideration.
But the fact that you said two out of ten means that I read it as 20%, which is my major objection.
Also I'm not opposing all security measures here, I'm just saying that I don't like measures that are exclusively driven by account age, especially when people have been suggesting things like sixty days of active account logins. If that's one of our potential options, that's fine, I'd just like it to be supported by also having a post option or a vouched for by an existing member option (or both).
Cool, I think we're largely on the same page then. High five for agreement!
Would you say I had a plethora of pinatas?
Legos are cool, MOCs are cool, check me out on Rebrickable!
It really depends on how many people even show up.
2 out of 10 people, or 20%, is a lot if we’re talking 100’s of real new members per year. Edit: excluding spam bots, trolls, ban evasion alts, etc.
If we see 10 new possible users in the next two years, it’s a shame to have some feel whatever barrier is present is onerous, but unfortunately much like with the upcoming move, we can’t and won’t be able to save everyone, for lack of a better term.
Based on chatter on this page, we’re legally required to have a reasonable minimal barrier, which means that by definition we’ll likely have to enact options that might well exclude those 2/20% users.
I get that you’re not arguing for zero barrier to entry, but I think the context is important all the same.
Is it possible to query the forums/database copies for how many non-banned users we picked up in 2024? Perhaps compared against 2023 to level set for what the recent baseline new users per year have even been?
The contrast being suggested being due to the pending death of the forums possibly drawing in an uptick new users (people who finally decided to check it out before it’s gone, or returning members who have lost their login info, etc).
Forar on
First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKER!
I have absolutely have seen spam accounts within the last year. They’re not around for long, but they do show up now and then, hocking online tarot readings and supplements and shit.
It’s less common than it has been in the past (in my user level experience, obviously I don’t have backend access to even try to check numbers), but even in what may be the twilight of the forum as a concept, they still show up now and then.
I’m not sure I can recall one that actually appeared in 2025, maybe the extra mods and attention is getting even more efficient, but saying it’s been years since anyone saw one doesn’t align with my lived experience.
Oh, I made a change (in December 2024, I think?) that restricted applicants, so it's been fairly effective at stopping spam. Now applicants are manually verified by admin/mods. If we had controls to require a verified e-mail (for some reason, Vanilla won't let me do this), it would have been a lot easier, since most spam accounts don't have real e-mail addresses.
Sorry for going back a bit, been busy at work, but there were some mentions of putting a waiting period for voting on things. As I understand, everything we vote on will be determined by the board, so I'm assuming everything voted for will be within the realms of reason. So I don't see much chance of a troll or bad actor subverting the process. And if they are in a position to set the agenda themselves (by having the numbers), then we have messed way before that. If there are bad actors in the numbers that they are a threat to the voting process, I'd expect mods and admins would have noticed a large amount of new accounts in a short time.
I also don't want to shut out lurkers. For some people posting is more difficult than others. I'm sure that if I had posted everything that was enough that a draft was saved, I'd have ten times the posts I had now, but the discussion had moved on, I didn't quite find the word to say what I wanted etc. (Yes, I know, it's not like the posts that got through were that great either).
I do worry about bad actors trying to get personal information for harassment, but somebody with that agenda would probably be waiting out/make no content post for a while to circumvent the waiting periods. I don't have any good idea how to stop that, but I hope someone comes up with something workable.
Lurkers are capable of coming along via the name claim/verification process like anyone else, and I believe users are permitted to change their names at will, so they can adopt a new identify swiftly (instantly?) if they so choose.
Under the proposed system, a lurker could join and bypass the wait if they're vouched for by another user.
If someone randomly wanders by and decides to hang out, I don't think a waiting period is too much to ask. How long that should be, is something I 100% respect needing to be managed. 2 months is probably too long, 2 days is too short. 2-4 weeks doesn't seem unreasonable.
I mean, I hope it's not coming across in a derogatory tone, but as has been mentioned, given the rate of issues and votes being taken to date, a 2-4 week wait period might mean missing, what, 1-2 issues that were tabled in that time?
A brand new fresh account needing to spend a period of time (TBD) amongst 6 of the subforums before gaining access to the other 3 doesn't seem like an egregious barrier to entry. We have folks who have been here for decades, who log in multiple times every day of every year for 10-20+ years. Have tens if not hundreds of thousands of posts.
If we actually do attract entirely fresh faces, settling in and getting a feel for how less contentious issues are discussed (okay, maybe we should restrict access to the Star Wars thread too) before dipping their toes in the scalding waters elsewhere might not be a bad idea.
First they came for the Muslims, and we said NOT TODAY, MOTHERFUCKER!
The other concern is bad actors and assholes of various flavors. Whether that's people looking to dox folks, or just bigots, or even the possibility of a forum raid. The thing is, I think this is, if not totally solved, at least 95% there thanks to our normal account screening process. I think some folks overestimate how well the worst kind of people can manage to hide their motivations on account creation. We've spent a lot of time talking to the mods who currently spend time monitor new account signups on PA and getting some insight into that process, and honestly it feels to me like the simple act of having a real human set of eyes on every new account signup before it's approved goes a long way and easily weeds out the vast majority of ne'er-do-wells. I see no reason to change this at Coin Return. Just asking people why they're joining and telling them to list their pronouns and having a person glance over those answers does a lot of work, and it's a very manageable lift for our moderation staff. And at the end of the day, I put more faith in our mod team spotting weird influxes of users and suspicious patterns than I do in any of these morons managing to pull the wool over on us.
I'd like to know more about what the rules are going to be for weeding out new people by the mods. I keep hearing how effective it is, but I don't understand what that means. Just turning off the sign-up form is 100% effective at keeping out bad actors. How do we know there aren't a ton of false positives?
I don't want to be dismissive, but I don't understand what tea leaves you can read to figure out somebody is a baddie? I wasn't even sure what the new user form looks like, so I went to grab it. I don't see anything about pronouns. If someone says they want to join to 'maek post', unless their email is racist as a shit I don't see what there is to work with.
I would download a car.
0
ToxI kill threadsDilige, et quod vis facRegistered Userregular
I do not know the answer to your question, having never been a mod here, however
Information Security 101 says don't answer the question you're asking to the general public...
maybe the real panopticon was the friends we made along the way
0
ChanusHarbinger of the Spicy Rooster ApocalypseThe Flames of a Thousand Collapsed StarsRegistered User, Moderatormod
you would be surprised how many signups fail the "why do you want to join?" step
like
really surprised
Allegedly a voice of reason.
+12
minor incidentpublicly subsidized!privately profitable!Registered User, Transition Teamregular
The other concern is bad actors and assholes of various flavors. Whether that's people looking to dox folks, or just bigots, or even the possibility of a forum raid. The thing is, I think this is, if not totally solved, at least 95% there thanks to our normal account screening process. I think some folks overestimate how well the worst kind of people can manage to hide their motivations on account creation. We've spent a lot of time talking to the mods who currently spend time monitor new account signups on PA and getting some insight into that process, and honestly it feels to me like the simple act of having a real human set of eyes on every new account signup before it's approved goes a long way and easily weeds out the vast majority of ne'er-do-wells. I see no reason to change this at Coin Return. Just asking people why they're joining and telling them to list their pronouns and having a person glance over those answers does a lot of work, and it's a very manageable lift for our moderation staff. And at the end of the day, I put more faith in our mod team spotting weird influxes of users and suspicious patterns than I do in any of these morons managing to pull the wool over on us.
I'd like to know more about what the rules are going to be for weeding out new people by the mods. I keep hearing how effective it is, but I don't understand what that means. Just turning off the sign-up form is 100% effective at keeping out bad actors. How do we know there aren't a ton of false positives?
I don't want to be dismissive, but I don't understand what tea leaves you can read to figure out somebody is a baddie? I wasn't even sure what the new user form looks like, so I went to grab it. I don't see anything about pronouns. If someone says they want to join to 'maek post', unless their email is racist as a shit I don't see what there is to work with.
I was talking about the Coin Return signup form in that regard, not the current PA one (which is still good, but doesn't include that field).
And to answer the rest: you'd be surprised how obviously fake the vast majority of signup attempts are (at both the email address field, and the "why do you want to join?" question). I don't really want to give a crash course on how and why exactly, because it kind of defeats the purpose to publicize that (and really, some of it is just vibes), but I'm sure @Zibblsnrt and @Hahnsoo1 and @Anzekay (and probably others, but they seem to be the ones who I've heard from most about signup screening) can confirm that spammers and shit heads throw themselves right into the net more often than not.
Hell, New Jersey, it said on the letter. Delivered without comment. So be it!
+3
minor incidentpublicly subsidized!privately profitable!Registered User, Transition Teamregular
Also, EVERYONE - just over 5 hours to get your answers logged in the poll in the OP. We've had a solid turnout so far, but if you've been holding off, get that in soon, please.
Hell, New Jersey, it said on the letter. Delivered without comment. So be it!
I've seen a lot of suggestions about what a New Member should be allowed to do and I'd like a confirmation of what we're actually planning. It's established that they cannot vote. Can they view the private forums?
I'm highly concerned about putting up any impediment to real humans accessing the private forums. Without that we are going to lose people who will be underwhelmed by this place on day one because they are missing a critical component of the community. We should not expect them to be motivated to pursue our membership policies to gain access to something they've never seen. If we are too conservative about this it could easily result in the slow and inevitable decline of our population.
I don't think new members are going to be offended if they can't instantly participate in our governance. But locking them out of certain forums is extremely significant in comparison.
I don't know exactly how things are going to look in the new landscape, but we wouldn't be keeping these private forums around if they didn't have a meaningful role to fill in the community. Why are we so concerned about the threat posed by these new members when that restriction doesn't exist today (as I understand it)?
Posts
I suspect we can't truly design a security process that would stop bad faith actors from gaining access to the new forums, but I think they honestly may not make it past any temporary new user --> member transition because they won't be able to resist swearing at others or being an open-faced bigot.
The forums are easy enough to get through and search and a lot of the folks in question have very old accounts (gamergate era), it exists and I've DMed both the TT (Minor Incident) and Quetzi with further details on the who.
Who is showing a fear of new posters?
If some unknown new member nobody knows is truly upset that they can talk about Vidya Games, Movies, TV, sports, other media, technology, participate in forum games, get help and advice for a couple of weeks but cannot vote on policy or participate in political discussions, random shitposts or chat topics, or do share art things until that time has passed (or somebody vouches for them) then they probably weren't going to be a good fit long term anyway.
It provides a gate that might be stringent enough to satisfy legal requirements and is a decent security compromise. Locks are for honest people, nothing will stop a dedicated bad actor or group of bad actors, but you still lock your doors and this is a middle ground between NO LOCKS AT ALL (not legally allowed) and EVERY LOCK IN EXISTENCE PLUS BODY CAVITY SEARCHES.
*edited for increased accuracy
Legos are cool, MOCs are cool, check me out on Rebrickable!
this seems like a super uncharitable interpretation of the conversation, ngl
I don't know that having a private section of the boards to offer some slight protection to the more vulnerable members of the community is "putting up so many walls and barriers". Especially since I believe some form of wall or barrier is required by the IRS to be a tax exempt organization.
Okay, it was two and not one but...
I have edited my post so as not to misrepresent the conversation.
Legos are cool, MOCs are cool, check me out on Rebrickable!
1. Forum Raids: These will be hard to not make obvious as the amount of new, non-spam users would have to balloon so much it'd be immediately noticable to the staff. If this raid is so sophisticated and patient to only infiltrate a few members at at time, then they're going to be be patient enough to jump through whatever hoops we put in front of them.
2. Doxxing: While some obstacles would dissuade people joining the forum impulsively to do this stuff, if they're that motivated or that dedicated of a malicious actor, they'll work their way through the system get to the handful of private forums we offer.
3. Scrapers: We're making several forums private, so captcha's and vigilance should keep out the bots, and anything beyond that isn't really something we can prevent without just disallowing all new users entirely.
4. Dirtbags: I feel like the moderation team is more the solution for assholes than making the waiting period more elaborate.
All that said, are we going to get a bunch of new users? Probably not a lot, but I don't see the value in making it even harder for reasons that won't actually keep any of our members safer IMO.
Like, to me, two out of ten getting turned off by the membership requirements is bad odds. If I picked ten active posters from threads I post in and cut two of them, that would feel like a distinct absence on the forums, that's something essentially missing.
But that's not to me preventing "even one new user," that's preventing two out of every ten. No matter what our requirements for this are, as long as we have some form of them, they'll probably turn off one person in some way. That's to be expected out of any sort of requirement. I'm fine with that. Turning off a fifth of all people, ehhh, less so.
I also doubt we'd miss out much if someone gets into a snit that they don't get instant access to the politics forum.. Many forums actually run with a policy where new members don't have access to the politics boards because the topics there can be pretty contentious and they want to trial out members to make sure they are a good fit for the community.
I'd agree with the idea that most of the boards open to the public are the ones that are actually going to get us new people if we're going to get them.
I'd also say, that the whole idea of a time period to begin with, was to have an alternative means for lurkers to hit full membership without having to make posts. I don't know why giving them an alternative route mean we can't also have a route where if people make enough reasonable posts, they'll get full membership before a lurker. Post means someone is showing their character and those that are a bad fit will fail out. You don't get that with a lurker, they are pretty much a blank slate (I will say that activity should be more than just logging in once a day. I'd think lurkers would check a few threads before calling it a day and if a potential bot has to visit some threads, probably reasonable to assume most will out themselves by having some really odd behaviors on what they check to meet the activity criteria).
I'd also like to endorse the sponsorship path to membership as well. That actually could go a long way to encouraging some good community dynamics. It gives people that happen to show up, who have no connection to the board an alternative just posting enough or being active enough. Make some good quality posts or direct people they know to other places they've publicly interacted on the internet (assuming they are willing to share). It also opens the door for people's friends and acquaintances to have an easier time getting on. Granted for that last one, make it clear that if there is a pattern of someone's friends and acquaintances always being a problem, they will lose the ability to sponsor people.
I'd argue between making 20 reasonable posts, 30 days of activity (not just logging in) and getting sponsored by a member in good standing. Should be a good enough middle ground. It won't be too restrictive for new members, but at the same time, there is specific criteria that has to be met in order to maintain nonprofit status.
I will say though, that for voting stuff, that should have a requirement that we can reasonable be assured that someone actually has both a connection to the board and an incentive that the community continues to prosper. That also might help us meet the criteria for nonprofit status as well. I don't think it would be unreasonable to restrict voting privileges to having to have 60 days of activity. You don't get there by posting or getting sponsored. I have doubts we're really going to lose any potential new members because they have to wait two months to be able to vote in community decisions. Hell, might not even come up much, depending on how often we have such votes up. 60 days should give them enough time to figure out what the community is about, it should also be long enough to ensure that most bad actors will probably fail out or get outed.
This is an important aspect of it, as @gereg mentioned. We legally have to be "Not Open to the Public", and what exactly that entails is open to a lot of interpretation, but if we're not going to be charging a direct membership fee for access (something I am vehemently opposed to and will argue against as long as I am in a position to do so), the best way to make sure we stay firmly in legally solid territory is to have some sort of other barrier to full membership that passes the sniff test.
There's also some concern about preventing abuse in various forms. Spam is basically, as I previously said, a solved issue. Spam prevention tools are excellent, and they're not going to suddenly get worse at CoRe. Most of us probably haven't even seen a spam account slip through and make a post in... years? Basically, preventing spam shouldn't even really need to enter the conversation.
The other concern is bad actors and assholes of various flavors. Whether that's people looking to dox folks, or just bigots, or even the possibility of a forum raid. The thing is, I think this is, if not totally solved, at least 95% there thanks to our normal account screening process. I think some folks overestimate how well the worst kind of people can manage to hide their motivations on account creation. We've spent a lot of time talking to the mods who currently spend time monitor new account signups on PA and getting some insight into that process, and honestly it feels to me like the simple act of having a real human set of eyes on every new account signup before it's approved goes a long way and easily weeds out the vast majority of ne'er-do-wells. I see no reason to change this at Coin Return. Just asking people why they're joining and telling them to list their pronouns and having a person glance over those answers does a lot of work, and it's a very manageable lift for our moderation staff. And at the end of the day, I put more faith in our mod team spotting weird influxes of users and suspicious patterns than I do in any of these morons managing to pull the wool over on us.
That said, after thinking it over and sleeping on it, I think I've pretty much settled on what I, personally, would prefer to see, and what I'd like to push for our standards for the New Member to Member promotion:
20 Active Days
-or-
20 Posts
-or-
Invitation from an existing Member
I think something along those lines strikes a good balance of being friendly to pure lurkers (20 days of passive lurking to get access to private forums and voting rights seems reasonable and not overly arduous), active new users (20 posts can be knocked out fairly quickly by anyone wanting to be an active part of the community, and gives mods a good amount of room to spot shit heads and anyone trying to game the system), and friends-of-friends (because anyone someone here trusts and wants to involve in the community should be assumed to be solid, and shouldn't have to wait to participate in all forums).
Nothing's perfect, and every choice here is a tug of war between being open and being secure. I'd prefer to err on the side of being reasonably open, knowing that our security beyond this point is likely to be pure diminishing returns, and that our moderation team is empowered to pick up the slack and protect us if anything does slip past. The rest, the more sensitive stuff that's a legitimate concern for folks around their privacy? Well, we're getting a clean slate, and I would always recommend that everyone be mindful not to post anything on a semi-public internet forum that could cause severe real world consequences for them, just as a matter of personal security.
My impression was not that people arguing in favor of security are wanting more than "30 days/20 posts", but that people arguing in favor of accessibility are wanting less than that. Sorry if I'm misunderstanding.
I think looking at it as "a fifth" is not really the spirit of what I was trying to convey. It's not "a fifth of all new people", it's "two people", with the understanding that two is an exceptionally small number. The character and health of the forums is not going to depend on a couple of new people here and there. If we want to encourage growth of the forums, it's not going to be premised on whether or not a person can view all the sensitive bits of the forums just by walking in off the street, it's going to be premised on making ourselves visible and appealing by other means.
What are those means? Fuck, I dunno. But my larger point is that I don't feel we should sacrifice a measure of security that we collectively decided was extremely important to us because it might turn off some rando who refuses to stick around unless they get to immediately go yell at someone in the politics forum or whatever. The politics forum that, presumably, they won't even know exists because it's invisible to non-members.
I also think it's important consider that a lack of perceived security could very well drive off people who are currently in this community. Would you consider it a fair to trade to get two new users in exchange for losing two existing ones? I think our priorities should be, first and foremost, taking care of our own.
Legos are cool, MOCs are cool, check me out on Rebrickable!
One thing I do want noted in regards to scrapers though. Is that most anti-scrape tools are only really effective when it's purely a bot. As I understand it, some scrapping sites are asking their user base to do the scrapping for them. So the delay in getting to see the boards with people's creative work could thin some out. I'll admit it won't get all of them and I'm not sure what all can be done to deal with that, when you do get the ones that survive long enough to have full access. Pretty sure the mod stuff is aware of this, but still worth pointing out for those that don't know about it.
It’s less common than it has been in the past (in my user level experience, obviously I don’t have backend access to even try to check numbers), but even in what may be the twilight of the forum as a concept, they still show up now and then.
I’m not sure I can recall one that actually appeared in 2025, maybe the extra mods and attention is getting even more efficient, but saying it’s been years since anyone saw one doesn’t align with my lived experience.
To be clear, I am agreeing with you. I think that if you are considering two people as a throwaway small number, it's a fair consideration.
But the fact that you said two out of ten means that I read it as 20%, which is my major objection.
Also I'm not opposing all security measures here, I'm just saying that I don't like measures that are exclusively driven by account age, especially when people have been suggesting things like sixty days of active account logins. If that's one of our potential options, that's fine, I'd just like it to be supported by also having a post option or a vouched for by an existing member option (or both).
Cool, I think we're largely on the same page then. High five for agreement!
Legos are cool, MOCs are cool, check me out on Rebrickable!
2 out of 10 people, or 20%, is a lot if we’re talking 100’s of real new members per year. Edit: excluding spam bots, trolls, ban evasion alts, etc.
If we see 10 new possible users in the next two years, it’s a shame to have some feel whatever barrier is present is onerous, but unfortunately much like with the upcoming move, we can’t and won’t be able to save everyone, for lack of a better term.
Based on chatter on this page, we’re legally required to have a reasonable minimal barrier, which means that by definition we’ll likely have to enact options that might well exclude those 2/20% users.
I get that you’re not arguing for zero barrier to entry, but I think the context is important all the same.
Is it possible to query the forums/database copies for how many non-banned users we picked up in 2024? Perhaps compared against 2023 to level set for what the recent baseline new users per year have even been?
The contrast being suggested being due to the pending death of the forums possibly drawing in an uptick new users (people who finally decided to check it out before it’s gone, or returning members who have lost their login info, etc).
Oh, I made a change (in December 2024, I think?) that restricted applicants, so it's been fairly effective at stopping spam. Now applicants are manually verified by admin/mods. If we had controls to require a verified e-mail (for some reason, Vanilla won't let me do this), it would have been a lot easier, since most spam accounts don't have real e-mail addresses.
MHWilds ID: JF9LL8L3
I was taken aback for a moment. 'Hold up, it has not been literal years since I last saw a spam thread. Weeks or months, sure, but not years.'
that's it that's the post
I also don't want to shut out lurkers. For some people posting is more difficult than others. I'm sure that if I had posted everything that was enough that a draft was saved, I'd have ten times the posts I had now, but the discussion had moved on, I didn't quite find the word to say what I wanted etc. (Yes, I know, it's not like the posts that got through were that great either).
I do worry about bad actors trying to get personal information for harassment, but somebody with that agenda would probably be waiting out/make no content post for a while to circumvent the waiting periods. I don't have any good idea how to stop that, but I hope someone comes up with something workable.
Under the proposed system, a lurker could join and bypass the wait if they're vouched for by another user.
If someone randomly wanders by and decides to hang out, I don't think a waiting period is too much to ask. How long that should be, is something I 100% respect needing to be managed. 2 months is probably too long, 2 days is too short. 2-4 weeks doesn't seem unreasonable.
I mean, I hope it's not coming across in a derogatory tone, but as has been mentioned, given the rate of issues and votes being taken to date, a 2-4 week wait period might mean missing, what, 1-2 issues that were tabled in that time?
A brand new fresh account needing to spend a period of time (TBD) amongst 6 of the subforums before gaining access to the other 3 doesn't seem like an egregious barrier to entry. We have folks who have been here for decades, who log in multiple times every day of every year for 10-20+ years. Have tens if not hundreds of thousands of posts.
If we actually do attract entirely fresh faces, settling in and getting a feel for how less contentious issues are discussed (okay, maybe we should restrict access to the Star Wars thread too) before dipping their toes in the scalding waters elsewhere might not be a bad idea.
I'd like to know more about what the rules are going to be for weeding out new people by the mods. I keep hearing how effective it is, but I don't understand what that means. Just turning off the sign-up form is 100% effective at keeping out bad actors. How do we know there aren't a ton of false positives?
I don't want to be dismissive, but I don't understand what tea leaves you can read to figure out somebody is a baddie? I wasn't even sure what the new user form looks like, so I went to grab it. I don't see anything about pronouns. If someone says they want to join to 'maek post', unless their email is racist as a shit I don't see what there is to work with.
Information Security 101 says don't answer the question you're asking to the general public...
like
really surprised
I was talking about the Coin Return signup form in that regard, not the current PA one (which is still good, but doesn't include that field).
And to answer the rest: you'd be surprised how obviously fake the vast majority of signup attempts are (at both the email address field, and the "why do you want to join?" question). I don't really want to give a crash course on how and why exactly, because it kind of defeats the purpose to publicize that (and really, some of it is just vibes), but I'm sure @Zibblsnrt and @Hahnsoo1 and @Anzekay (and probably others, but they seem to be the ones who I've heard from most about signup screening) can confirm that spammers and shit heads throw themselves right into the net more often than not.
You might be thinking that the failure is just not answering it. Or not making a good argument.
You are probably not thinking that the failure is literally saying "I am a spammer."
Well, boy howdy do I have some news for you.
Legos are cool, MOCs are cool, check me out on Rebrickable!
I'm highly concerned about putting up any impediment to real humans accessing the private forums. Without that we are going to lose people who will be underwhelmed by this place on day one because they are missing a critical component of the community. We should not expect them to be motivated to pursue our membership policies to gain access to something they've never seen. If we are too conservative about this it could easily result in the slow and inevitable decline of our population.
I don't think new members are going to be offended if they can't instantly participate in our governance. But locking them out of certain forums is extremely significant in comparison.
21 of 30 current 1st page threads in SE would be in public forums on CoRe
And in DND, 20 of 30 threads currently on the first page would be in public forums on CoRe.
Obviously in G&T that number is basically 100%.