New forum feature may be used for spamming

Message boards : Server programs : New forum feature may be used for spamming
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10662 - Posted: 4 Jun 2007, 19:37:47 UTC

The new introduced forum feature of private messaging is imho implemented contrary to privacy rights. It already has lead to spamming.

I think, next to nobody opted in to accept pms and emails from strangers, the feature was added some few weeks ago to the forum software, and so of course the default setting for pms should have been "deactivate" until activly activated in a consenting manner by the participiants. I don't even see a possibility to opt out of this "feature", that's a big nono imho. This has to be changes asap!


See this thread @BoincSynergy for the consequences.


Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10662 · Report as offensive
Shai Hulud
Avatar

Send message
Joined: 23 Mar 07
Posts: 7
Message 10663 - Posted: 4 Jun 2007, 19:54:00 UTC

Just to clarify things a bit:

MisFit happened to send the same team invitation to the same person twice (at two different projects).

Unfortunately, this issue came up at BOINCSynergy for the first time. I'm sure everybody at BOINCSynergy is against SPAM. And I'm sure others are using the PM system also this way.

In this case (Misfit sending PMs) I'm asking all of you to distinguish between polite Team invites (which is possible as long as there is no Opt-In/Opt-Out-Feature) and real SPAM.

To make myself clear: You need to install an Opt-In/Opt-Out-Feature as soon as possible. As Saenger said already, this IS a big nono!!!

Best regards, Steffen


My NEW BOINC-Site

Why people joined BOINC Synergy...
ID: 10663 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10664 - Posted: 4 Jun 2007, 20:00:18 UTC

I disagree, there is no distinction between polite spam and other spam, spam is spam, period.

Nobody opted in to accept pms and the resulting emails notifications, so all this is unsolicited bothering, no matter what content.

The red cross can spam as well, and it will be bad as well.

I just opened a ticket for this in the BOINC trac.
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10664 · Report as offensive
Rytis Slatkevicius

Send message
Joined: 29 Aug 05
Posts: 15
Message 10665 - Posted: 4 Jun 2007, 20:04:13 UTC

I just (15 minutes ago) checked in a feature to disable PM notification emails separately from generic project email. I think it will do for now; PMs are rather useful feature.
ID: 10665 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10668 - Posted: 4 Jun 2007, 20:21:29 UTC - in response to Message 10665.  
Last modified: 4 Jun 2007, 20:24:59 UTC

I just (15 minutes ago) checked in a feature to disable PM notification emails separately from generic project email. I think it will do for now; PMs are rather useful feature.


It has to be set to "NO" as a default, you have to opt in explicit for such features, otherwise it's plain spam still.

Edit:
This is something far more intrusive than the "normal" newsletter by project, anyone can send you something, and it's up for the project/Boinc to ensure it to be safe.
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10668 · Report as offensive
Shai Hulud
Avatar

Send message
Joined: 23 Mar 07
Posts: 7
Message 10669 - Posted: 4 Jun 2007, 22:50:13 UTC

In general, I tend to agree with Saenger.

On the other hand, this is exactly the pity nowadays: Not even being allowed to ask polite questions. To me its the same like people dont dare to ask an old woman if she needs help crossing the street, cause they are scared to get rejected anyway.

Just because so many people are abusing emails, doesnt mean they are all bad!

If you look at the definition of SPAM, you're not even allowed to send all your friends an email about a great new website you found. Well, you're not allowed to if you consider all Spam as illegal/bad.

So, I do make a difference between good and bad Spam. I also distinguish between good and bad people, good and bad apples, good and bad hobbies, and so on...

Its not Misfits fault in the first place in this matter, BOINC simply missed to implement a very important option!

Best regards, Steffen


My NEW BOINC-Site

Why people joined BOINC Synergy...
ID: 10669 · Report as offensive
Profile Jord
Volunteer tester
Help desk expert
Avatar

Send message
Joined: 29 Aug 05
Posts: 14835
Netherlands
Message 10670 - Posted: 4 Jun 2007, 23:03:02 UTC
Last modified: 4 Jun 2007, 23:05:34 UTC

On this topic, each project has a team recruitment thread or forum. Isn't that sufficient?

What if every team is going to do it? Would it then be considered bad?
What if a commercial company were to send everyone 1 PM per project with their advertisement, would it then be considered bad?

When would it be considered bad?

(although Rytis is thinking of implementing measures against over-using the PM system. The numbers you see there aren't concrete yet.)
ID: 10670 · Report as offensive
Shai Hulud
Avatar

Send message
Joined: 23 Mar 07
Posts: 7
Message 10671 - Posted: 4 Jun 2007, 23:38:12 UTC
Last modified: 4 Jun 2007, 23:51:53 UTC

The whole topic isnt just plain black and white. We all have a different definition of things - same with emails and spam.

Whenever people can opt-in/opt-out: If I activate the receiving of PMs, I have to live with the consequence that I might receive PMs I dont like. If I dont like PMs I have to disable them. Unfortunately, this option doesnt exist yet - its especially unfortunate for those who dont like receiving them... (Obviously!)

Btw: Rytis' planned measures do look very promising!


My NEW BOINC-Site

Why people joined BOINC Synergy...
ID: 10671 · Report as offensive
mo.v
Avatar

Send message
Joined: 13 Aug 06
Posts: 778
United Kingdom
Message 10676 - Posted: 5 Jun 2007, 3:08:55 UTC
Last modified: 5 Jun 2007, 3:09:22 UTC

I've seen the BAM shoutbox and the Synergy thread about this.

On the cpdn independent forum where there are extra features

http://www.climateprediction.net/board/index.php

we can hide our email addresses but we can't disable the private message facility. I've received many hundreds of private messages but never a message I would consider to be spam (by any definition). Almost every message has been useful in some way. We've been able to avoid a lot of problems on the forums by using private messaging. When I've sent PMs even to members who weren't expecting them, I've almost always received a positive response. The fact that cpdn also has other forums without private messaging has on a few occasions been a real problem.

So I'd say that because we've all chosen to join the same community, the default should be YES for PMs but with the possibility of opting out.

If Misfit is a sort of team recruitment officer, I can see why he sent the messages. You could maybe suggest that he reduces the intensity of the mailing drive? That would reduce the probability of a person receiving the same message twice within a day or two.
ID: 10676 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10678 - Posted: 5 Jun 2007, 4:37:04 UTC
Last modified: 5 Jun 2007, 4:47:23 UTC

Hello mo.v

it's not a special, non-connected forum I'm talking about, where I have to register and know about pm beforehand, it's about unvoluntarily und atm unchangable, signing up to such unwanted posts simply by deciding to crunch for the project. You don't even have to post a single word on the forum to be bothered by pms.

The alternative CPDN forum (and the one for Folding as well) are something completely different and uncomparable to the ordinary BOINC forum.

A mail is only not spam if I allowed it to be send. In the special sign-up fora, like the alternative CPDN, or BS team forum, or my own team forum, I know that I could be bothered from the beginning, nobody expects such low security and breach of privacy when signing up to a scientific project to help with crunching power.

It's a fine feature for the fora junkies to have another way of communication, but they could easy opt in, I probably would do so myself. So why not make it work that way?
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10678 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10679 - Posted: 5 Jun 2007, 4:42:11 UTC - in response to Message 10670.  

On this topic, each project has a team recruitment thread or forum. Isn't that sufficient?

It is, you can as well make a very fine homepage for your team (and BS has one), hang out posters in the streets or whatever.
What if every team is going to do it? Would it then be considered bad?
What if a commercial company were to send everyone 1 PM per project with their advertisement, would it then be considered bad?

When would it be considered bad?

Good questions, I think most would even consider the forst commercial pm as spam, I don't see that big difference between commercial and non-commercial spam. Spam is spam and a spammer is a spammer.
(although Rytis is thinking of implementing measures against over-using the PM system. The numbers you see there aren't concrete yet.)

It's a nice measurement, but irrelevant for the problem of the first unsolicited spam.
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10679 · Report as offensive
Profile Trog Dog
Avatar

Send message
Joined: 6 May 06
Posts: 287
Australia
Message 10680 - Posted: 5 Jun 2007, 9:27:50 UTC

Are the pm's also sent as email or do they just reside on the individual project inbox?

If they aren't also sent as email, then an abuse/red x would probably be sufficient aswell as an ignore function just as you can apply to the normal forum messages.
CIC1=CC=C(C2=N[C@@H](CC(OC(C)(C)C)=O)C3=NN=C(C)N3C4=C2C(C)=C(C)S4)C=C1
ID: 10680 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10682 - Posted: 5 Jun 2007, 10:16:35 UTC - in response to Message 10680.  

Are the pm's also sent as email or do they just reside on the individual project inbox?

If they aren't also sent as email, then an abuse/red x would probably be sufficient aswell as an ignore function just as you can apply to the normal forum messages.

An email is send to inform you about new pms, at least that's what happened to me the one time I recieved one.

I think there has to made a very big distinction between the forum and private messages, that's nothing comparable. It's only obviously in the same coding area.

A forum I can read or ignore. If I ignore it, I will not be bothered with anything in my account.

A pm is something where some stranger can send me messages to my account, independent of my forum settings. It's a kind of internal mail system, very distinct from the forum. I so far can't opt out of this mailing system, I never subscribed to an internal mailing system, it was forced on me without my consent.

If I want to crunch, look in my account about my progress, but don't want to be bothered by fellow participants, I have no option to do so. This is not about the abuse or threats or any such things, it's about wanting to be contacted at all by other participants. If I don't want to, noboby has to be able. And the assumption has to that no contact is wanted as a premise, that's what privacy dictates.

I can opt in to be contactable by other participants (and I, Saenger, probably will do so), but as a rule it should be privacy first.
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10682 · Report as offensive
Profile Trog Dog
Avatar

Send message
Joined: 6 May 06
Posts: 287
Australia
Message 10706 - Posted: 5 Jun 2007, 22:08:28 UTC

Well if they dropped the email notification, and implemented the red x and ignore features (as is on the normal forum) then the pm system would be just another forum - except just for you. Nobody would force you to read them or do they pop-up and require action when you log into your account page?

Any of the existing projects that use other forum software (like phpBB) have already had these pm's and when you join those projects you are not specifically advised that this feature exists, nor are you asked if you want to opt-in.


CIC1=CC=C(C2=N[C@@H](CC(OC(C)(C)C)=O)C3=NN=C(C)N3C4=C2C(C)=C(C)S4)C=C1
ID: 10706 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10722 - Posted: 6 Jun 2007, 4:33:36 UTC - in response to Message 10706.  

Well if they dropped the email notification, and implemented the red x and ignore features (as is on the normal forum) then the pm system would be just another forum - except just for you. Nobody would force you to read them or do they pop-up and require action when you log into your account page?
That would be just ridiculous if there would be a pop-up, fortunately that was not implemented.
It would be a step in the right direction, but imho not enough, to drop the emails.

And again: it's not a forum, with open posts, it's an internal email system, that's two distinct things.
Any of the existing projects that use other forum software (like phpBB) have already had these pm's and when you join those projects you are not specifically advised that this feature exists, nor are you asked if you want to opt-in.

Of course you are, you have to register especially for this external forum, it's not done with your account creation for the scientific project. You join a phpBB forum, so you know it includes pm. You join a scientific project for crunching, nobody expects an internal email system.


Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10722 · Report as offensive
Profile Trog Dog
Avatar

Send message
Joined: 6 May 06
Posts: 287
Australia
Message 10736 - Posted: 6 Jun 2007, 15:24:25 UTC - in response to Message 10722.  

Well if they dropped the email notification, and implemented the red x and ignore features (as is on the normal forum) then the pm system would be just another forum - except just for you. Nobody would force you to read them or do they pop-up and require action when you log into your account page?
That would be just ridiculous if there would be a pop-up, fortunately that was not implemented.
It would be a step in the right direction, but imho not enough, to drop the emails.

And again: it's not a forum, with open posts, it's an internal email system, that's two distinct things.
Any of the existing projects that use other forum software (like phpBB) have already had these pm's and when you join those projects you are not specifically advised that this feature exists, nor are you asked if you want to opt-in.

Of course you are, you have to register especially for this external forum, it's not done with your account creation for the scientific project. You join a phpBB forum, so you know it includes pm. You join a scientific project for crunching, nobody expects an internal email system.



I think you are being pedantic in your distinction between the forum and pm's being two entirely different systems requiring different treatments.

Anyway, Rytis has posted that he has checked in changes to the code - so I'll leave it at that.

Cheers
CIC1=CC=C(C2=N[C@@H](CC(OC(C)(C)C)=O)C3=NN=C(C)N3C4=C2C(C)=C(C)S4)C=C1
ID: 10736 · Report as offensive
Profile Saenger
Avatar

Send message
Joined: 9 Nov 05
Posts: 123
Germany
Message 10784 - Posted: 8 Jun 2007, 7:28:03 UTC

I'm in a discussion with one of the spammers on his boards (mainly via pm ;), and as usual the spammers don't even think their messages are spam.

A clear example is been cited by a victim of the spam @malaria:
It was even sent to a participant already in another team.

I don't think that Misfit is the only one who misused the system 'til now, he's only the one whose deeds became public.

Imho there should be some measures taken against such spammers, like pm-ban for some weeks/month. Spammers must be named and shamed and punished.
Gruesse vom Saenger

For questions about Boinc look in the BOINC-Wiki
ID: 10784 · Report as offensive
gravitysmith

Send message
Joined: 9 Mar 06
Posts: 10
Message 11552 - Posted: 8 Jul 2007, 6:17:20 UTC

My intent is not to add fuel to this fire, but I thought I would add another point I haven't seen raised. The lack of an opt-out for PMs may be keeping people from joining.

I have been running BOINC for just shy of 3 years. During that time there have been some changes to BOINC I agree with and others I disagree with, but none has concerned me as much as this one. If PMs existed when I joined, and if I knew there was no way even to opt-out, I certainly would not have joined or would have quit almost immediately after. I have absolutely no desire to receive any messages from BOINC projects unless it is from a project admin concerning an technical issue with one of my hosts. I joined BOINC for the idea of contributing to science, not to become part of yet another social network. If I knew when I started that I would get hassled with unwanted messages, I doubt I would have stayed.

To get a sense of where I am coming from, let me describe my habits. I browse the project forums somewhat regularly, reading what interests me and ignoring things that don't. On rare occasions, I will write a post if I feel I have something significant to say. Mostly though I just keep to myself, and I like it that way. I use BOINC because of the science, and although reading the idle chit-chat can pass the time, I have no desire to participate in it. From this perspective, PMs are nothing more to me than a place to collect spam and a waste of project resources.

I imagine some will say that opting out of the PM notification messages is a viable method to keep the spam from affecting me since I would never have to read the messages. To a large extent I agree, but not totally. Maybe this is where my personal quirks come in to play, but I feel my accounts actually sort of belong to me. To have unwanted messages appear with no recourse of eliminating them would be equivalent (in my mind) to saying that the cubicle/office at work is "mine" as long as I ignore random people wandering in and posting their advertisements all over the walls and my desk. Just ignore them, right? For me, that doesn't work, and I do personaly take unwanted PMs as an invasion of my privacy just as much as I would take people adjusting my work space as an invasion of my privacy. I do my best to minimize unwanted messages in my life, and to now tell me there is not even a way to opt-out of receiving them is very frustrating.

This whole PM discussion raises another point as well. What is the point of PM if everybody were to turn off notification and never check the inbox because it is full of unwanted messages? Given that very few participants actively participate in the forums, it is reasonable to assume many do not check their project acccounts regularly either. If a large number of users turn off notification because of "spam", then not only are you in a situation where the whole purpose of PMs is largely useless, but now you are also consuming project resources to store and manage all these unwanted messages that will likely never be read. Furthermore, the sender of the PM would have no way of knowing whether you are even interested in reading their message. With an opt-out possibility, the sender could at least be informed that the user does not want messages, and project resources could be released for other tasks. If for no other reason than the practicality of it, I would strongly suggest an opt-out feature be provided.

gravitysmith

P.S. The only reason I write at all is because of an unwanted message I received, and my desire to avoid receiving any more.
ID: 11552 · Report as offensive
Profile KSMarksPsych
Avatar

Send message
Joined: 30 Oct 05
Posts: 1239
United States
Message 11553 - Posted: 8 Jul 2007, 7:17:22 UTC

@GravitySmith.

You can add your point of view to Ticket 233 at Trac. I do respect your feelings, so I'll let you add onto the ticket rather than just do a copy/paste of your post.

You'll need to register with Trac to do so.
Kathryn :o)
ID: 11553 · Report as offensive
SekeRob

Send message
Joined: 25 Aug 06
Posts: 1596
Message 11554 - Posted: 8 Jul 2007, 9:03:06 UTC - in response to Message 11553.  
Last modified: 8 Jul 2007, 9:10:56 UTC

@GravitySmith.

You can add your point of view to Ticket 233 at Trac. I do respect your feelings, so I'll let you add onto the ticket rather than just do a copy/paste of your post.

You'll need to register with Trac to do so.


at WCG they've set all possible options regarding communication by default to off:

1. Messages from the project to the contributer.
2. Messages from Team captain to The Team member.
3. Messages from Team member to Team Captain (yes even this function needs to opt-in).

As yet there is no facilitation of messaging between none-team members.

PM is being discussed, but surely it will be as per WCG policy, first line respect of privacy i.e. an opt-in and similar to what you have on pure BOINC fora the option to set in personal profile the suppression of undesirables, to not receive messages from those either. Thus if one puts x/y/z as posts invisible, no messages of any form thru other channels.

The thing with the BOINC standard forum software, that if projects adopt an upgrade, they might have a surprise, thus the onus on the BOINC developers is quite large to incorporate the privacy features i.e. configurability on that front.

Added: The team messaging allows for indicating a separate email address, so that the regular member mail account does not get hosed. Ignore the project specific mail account (hotmail e.g. for easy filter implementation) and you never need to see those pm's.

Coelum Non Animum Mutant, Qui Trans Mare Currunt
ID: 11554 · Report as offensive
1 · 2 · Next

Message boards : Server programs : New forum feature may be used for spamming

Copyright © 2022 University of California. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.