SQLite Forum

Anonymous posting should be disabled on SQLite Forum
Login

Anonymous posting should be disabled on SQLite Forum

(1) By ddevienne on 2020-03-27 10:57:43 [link] [source]

Too many posts are using anonymous.

And even logged-in people sometimes see their posts incorrectly
attributed to anonymous, for whatever reasons (probably IP change,
per Warren Young).

Several people in various threads also questioned anonymous posting.

I think we should just disable anonymous posting completely. The barrier
to entry is low-enough, and all Q/A sites require some kind of login.

My $0.02. --DD

PS: I'm requesting this for the SQLite forum specifically, not Fossil
in general, thus this post on the SQLite forum, not the Fossile one.

(2) By Ryan Smith (cuz) on 2020-03-27 11:28:51 in reply to 1 [link] [source]

+1

It's the single most breaking adaptation from the mailing list. Everything else can be lived with.

I'm hoping this is a setting and can be enabled per instance so that the Fossil site is not affected while the SQLite side can require users be nonymous.

(4) By Richard Hipp (drh) on 2020-03-27 12:29:53 in reply to 2 [link] [source]

Why do y'all want to prohibit people from posting anonymously? What problem do you hope to solve by that?

I can turn off anonymous posting simply by adjusting some permissions. But then anybody who wants to post anonymously can simply register with a fake throw-away account. That just makes the anonymous poster work a little harder, and it denies us readers the knowledge that the poster actually wanted to be anonymous.

(6) By ddevienne on 2020-03-27 13:25:47 in reply to 4 [link] [source]

Could you post to the ML anonymously? No, AFAIK.

Sure you could, as you state, register under a bogus name,
and some people did, but few did in practice. While 1/3 of
the threads (unscientific, via GMail searches) have at least
someone who did (apparently). I suspect because they could,
not because they wanted.

At the very least, please disable anonymous temporarily until
the bug of anonymous-posting from logged-in people goes away please.

My $0.02...

(7) By Ryan Smith (cuz) on 2020-03-27 13:25:53 in reply to 4 [link] [source]

It's not the anonymity itself rather than the fact that 77 different people can all post as anonymous seeming to be the same person, or at least, making it impossible to distinguish them from one another.

I have no qualms at all with someone calling him/herself ANON123 in the sign-up, at least then it would be unique and every time they post it would be "ANON123" and I can associate their previous post with their follow-up posts, whereas now when they post it is impossible to know if it is their first post on the matter, if they are continuing a thought they started in a previous post, if actually they are Richard Hipp who forgot to sign in, or indeed if maybe it's myself who posted when I was at the office.

It's not your name that is important to me, but distinguishing which posts all were by the entity that I'm reading now.

The mailing list had equally anonymous posters, but at least they were consistently the same handle and so ideas could be attributed and grouped by said handles.

Lastly, I really do understand the want for inclusion and agree with it. However, in my experience, the people who made the most valuable and consistent contributions during the mailing-list days all provided full names and chose of their own accord to not remain anonymous. I can't even think of one example to the contrary, though there might be, but my point is simply that to assume "valuable posts may typically/likely be made by those who insist to remain anonymous" doesn't seem to stroke with the evidence.

I hope that offers a valid argument - thanks for listening!

PS: A short message at signup might be - "Reading does not require sign-in, and you are welcome to sign in with an obscured username for anonymity, but we would like to distinguish your posts from others. Please sign in for posting."

(11) By anonymous on 2020-03-27 16:50:25 in reply to 7 [link] [source]

It's not your name that is important to me, but distinguishing which posts all were by the entity that I'm reading now.

Providing pseudonymous identifiers to users without requiring them to sign in could be achieved by calculating HMAC of their IP address combined with their User-Agent or some other headers. As long as the hash function is strong and the secret is kept secret it should be practically impossible to reverse the salted hash values back to plaintext input. The "identifier" could be made even shorter (and impossible to reverse) by truncating (or XOR-combining) the HMAC value to a shorter length.

Though I would understand it if you wouldn't like this solution: the "identifier" is both hard to understand (just a bunch of bytes) and too easy to change, even accidentally.

(12) By ddevienne on 2020-03-27 18:26:52 in reply to 11 [link] [source]

There's already a bug in Fossil linked to IP changing for the same user,
leading to anonymous posting, so relying on IP doesn't sound lik a good idea.
Adding the User-Agent just compounds the risk of forked identity, if replying
from several computers or devices (destop, laptop, phone, tablet, etc...).

BTW, the forced-logout was not to disable anonymous as I had hoped,
since your post (whoever you are) is anonymous!

Probably for the Display Name change. Oh well...

(13) By anonymous on 2020-03-27 19:38:32 in reply to 12 [link] [source]

relying on IP doesn't sound lik a good idea

Okay, have another idea, then: automatically assigned pseudonymous identities could be achieved by setting a cookie with a random session ID the first time a poster tries to post a message and never deleting it. But this is, essentially, a tracking cookie, albeit a first-party one.

(Should we move the "automatically generated IDs for pseudonymous posting" discussion to the Fossil forum?)

your post (whoever you are) is anonymous!

Don't worry, this is not a manifestation of the bug. I am just enjoying the last days of anonymity here in case it does become forbidden.

(19) By Warren Young (wyoung) on 2020-04-01 11:39:31 in reply to 12 [link] [source]

There's already a bug in Fossil linked to IP changing for the same user

That's fixed now. That and the more limited prior fix are why you had to log back in. These changes remove the IP from the cookie entirely, thus invalidating the one your browser held previously.

The newer fix addresses the fact that the earlier one left cases where IP switching could still automatically log a user out, thus creating bogus anonymous postings, which is part of what sparked this whole thread. The original fix worked fine for the forums on fossil-scm.org or sqlite.org due to the way they're configured. The new change just extends that fix to all Fossil forum configurations, including a few I run.

Bottom line, we can now sweep the issue of inadvertent anonymity from this thread.

(3) By Stephan Beal (stephan) on 2020-03-27 12:18:40 in reply to 1 [link] [source]

(Devil's Advocate here...)

Too many posts are using anonymous.

By what metric are there too many?

The moderators have the moderation queue well under control, so there's demonstrably not too many from an administrative point of view.

That said: i'm completely ambivalent as to whether anonymous posting is allowed/disallowed here, but have yet to hear a compelling argument against allowing it.

(5.1) By ddevienne on 2020-03-27 13:26:09 edited from 5.0 in reply to 3 [link] [source]

This simple GMail query label:oss-sqlite [sqlite-forum] anonymous
returns 28 threads, and there aren't that many threads since the forum
was instituted. Unscientific, definetely, but anecdotal evidence concurs.

label:oss-sqlite [sqlite-forum] returns 87 threads. 28 of 87 is a lot...

(8) By Stephan Beal (stephan) on 2020-03-27 14:25:08 in reply to 5.1 [link] [source]

This simple GMail query label:oss-sqlite [sqlite-forum] anonymous returns 28 threads, ... 28 of 87 is a lot...

There's no technical metric for which even 99.9% is "too much." The only practical metric i can think of for "is too much anonymous" is "how much (can the moderators effectively || are the moderators willing to) moderate," and that value is currently higher than (according to your measurement) the current average of roughly 2 anonymous posts per day.

0.02€ and all that.

(9) By ddevienne on 2020-03-27 15:46:20 in reply to 8 [link] [source]

Honestly Stephan, I don't see how moderator effort is relevant...

Ryan's point that there's no way to distinguish different anonymous
users is spot on IMHO. And maybe that's why I was forced-logged out
somehow from the Forum, because Richard turned anonymous OFF?

(10) By Tim Streater (Clothears) on 2020-03-27 16:06:19 in reply to 9 [source]

Agree with dd. Ryan's point is the salient one.

(14) By ddevienne on 2020-04-01 09:48:06 in reply to 1 [link] [source]

I'm sad to report that this request fell on deaf ears, despite the fact that:

  • it's impossible to distinguish different anonymous posters
  • anonymous posting is IMHO incompatible with community building

Those anon posts keep on coming, from one or several posters, who knows...

Arbitrary handle names are anonymous in nature, so it's not like
anonymous posting protects privacy in any way, and nothing prevents
anyone from abandonning a given handle for another one, if they so
wish (for whatever weird or twisted reason!). So there really is no
justification at all for anonymous posting.

(15) By Hamish Allan (hatfinch) on 2020-04-01 10:06:00 in reply to 14 [link] [source]

I agree with everything ddevienne says here.

(16) By Stephan Beal (stephan) on 2020-04-01 10:26:14 in reply to 14 [link] [source]

it's impossible to distinguish different anonymous posters

Every anonymous post goes through a moderator before it hits your mailbox, effectively ruling out "garbage posts." So... what does it really matter who writes a given post? We're here for the information, regardless of its source. More than once in the past several days has an anonymous poster has provided, IMO, useful answers or questions. See those links 3 recent examples.

anonymous posting is IMHO incompatible with community building

  1. This is a technical forum, not social media clique. Even if it were a community-driven forum...

  2. Raising the bar to entry, e.g. by eliminating the option to anonymous posting, is antithetical to the idea of inclusion.

i'm admittedly utterly flabbergasted by the anti-anonymous sentiment, given that (A) anonymous posters are not "Bad Actors" in this forum (as they can be on unmoderated forums) and (B) they (or he or she - we don't really know, nor do we need to, as it's irrelevant) demonstrably contribute(s).

0.02€ and all that.

(17) By Hamish Allan (hatfinch) on 2020-04-01 10:34:24 in reply to 16 [link] [source]

i'm admittedly utterly flabbergasted by the anti-anonymous sentiment

The point has been made several times that pro-pseudonymous does not mean anti-anonymous.

(21) By Richard Hipp (drh) on 2020-04-01 14:28:20 in reply to 17 [link] [source]

We have pseudonymous posts already. All you have to do to post pseudonymously is to create a new login using a pseudonym. There is some discussion on the Fossil forum about how the process of making a pseudonym might be made easier, as a convenience for those who want to follow that path. But no new fundamental capability is being contemplated.

User ddevienne really does want to prohibit all anonymous posts. I think that "anti-anonymous" is an accurate description of that position.

(22) By ddevienne on 2020-04-01 15:56:45 in reply to 21 [link] [source]

User ddevienne really does want to prohibit all anonymous posts

I concur, this is accurate. The way you put it, I somehow feel all dirty...
After all, the ML didn't have it, did it? What's makes the Forum somehow different?

But I get it, anonymous posts will continue. Oh well, I'll live.

(23) By Hamish Allan (hatfinch) on 2020-04-01 15:59:45 in reply to 21 [link] [source]

Let's make creating pseudonyms easier. Then someone who wants anonymity in the sense you describe can simply create a new pseudonym each time they post ;)

(24) By Warren Young (wyoung) on 2020-04-01 17:19:06 in reply to 23 [link] [source]

Let's make creating pseudonyms easier.

I've just posted a design for this. Let's continue this sub-thread over on the Fossil forum.

(18) By Warren Young (wyoung) on 2020-04-01 11:25:58 in reply to 14 [link] [source]

this request fell on deaf ears

Deaf is not the same thing as passive rejection.

And rejection is not forever.

incompatible with community building

These posters have seen our offer of inclusion, and they've rejected it. Why do their wishes not carry weight?

Also, this issue is being conflated with pseudonymity, which also doesn't inherently "build community." Who is anonABCD1234, and why should I trust that person's postings more than those of Bill the Badger?

Those anon posts keep on coming, from one or several posters, who knows...

Almost certainly multiple posters.

it's not like anonymous posting protects privacy in any way

Tell that to the European Assembly, who have decided that anonymous cookies are a threat to privacy so dire that we have to put click-through banners on every web site of global consequence, and a great many that aren't besides.

If you want to sweep issues like that and GDPR aside, you next have to explain why you think Fossil should only be used outside of Europe.

Hint: One of Fossil's major contributors lives in Germany.

Okay, Europe's gone. California next?

The fact is, ddevienne, not everyone agrees with you about the value and scope of anonymity. You may demand to have unique identification of each anonymous user, but some of those do not wish to be identified.

nothing prevents anyone from abandonning a given handle for another one

Some of the proposals I've seen here look an awful lot like web site cookies, which can be notoriously difficult to shake, leading to one of two bad outcomes:

  1. Accept the stickiness of this identity, likely resulting in a violation of these new privacy laws, which were, after all, written in response to a real threat, that being that motivated organizations have been tracing users back through anonymization layers for decades now.

  2. Make this generated identity truly impossible to trace back through the anonymization layer, which will almost certainly result in the "same" anonymous user reappearing under multiple identities, thus foiling the apparent wish that each anonymous user always post under the same generated name.

If you think there is a #3 option I have missed, you are welcome to contribute a solution showing your solution.

(20) By anonymous on 2020-04-01 13:59:25 in reply to 14 [link] [source]

it's impossible to distinguish different anonymous posters

from one or several posters, who knows...

As long as the conversation is progressing, does it really matter who I am and whether I am the same person as the one interested in documentation on temporary files or sqlite3_auto_extension? (I am not, by the way.)

Arbitrary handle names are anonymous in nature

Sorry, I cannot agree with that. Anonymity is different from pseudonymity because the latter implies a persistent identity while the former does not.

it's not like anonymous posting protects privacy in any way

It doesn't quite matter what the real name of J. Random Hacker from the Internet is if you know their typical IP address subnets (⇒ GeoIP-based location), posting hours (+ timezone ⇒ awake hours, typical times when J. is home/at work), and their writing quirks. (See: "authorship attribution in NLP". It's a well known enough problem that a variation on it is a typical homework in a machine learning course nowadays. Add third-party cookies to that and you've got their browsing history. If all that added together doesn't identify a user down to a single person, I guess they don't use the Web much in the first place and therefore aren't worth tracking. Thankfully, tracking the users doesn't seem to be the goal of this forum.)

and nothing prevents anyone from abandonning a given handle for another one

But that's extra work for the website to store all those one-off entries in the user table. If you want to make one-time use handles anonymous, you should make them more transparent.

Besides, would you really like it if I used one-off logins instead if just being anonymous? It wouldn't help you identify me in a thread; you would still have to infer my identity from the points I make, just like you do now.

for whatever weird or twisted reason!

There must be a philosophical difference between your values and mine. For some people anonymity is an end in itself (so, no reason), just like it is important for you to be able to identify people you converse with (for whatever twisted or weird reason, I could add).

If you want a reason, consider this: maintaining an identity is extra work for me (make up a login, generate a password, store it in the password manager, accept the risk of user database getting leaked with whatever other information it had stored) and for the website (for every login I create it has to store an entry in the user table that might never get used again if I abandon that handle). And I'm not one of the core developers, so my name (real or otherwise) won't add any credibility to my words. In my opinion, as long as everyone is being civil, this extra work could be avoided.