Friday, August 17, 2007

Less anonymous posts

Anonymous posters are often tagged with a generic name, such as "nobody" (if you've been to SourceForge). Some forum systems publish the IP address of these posters for all to see, but a better solution would be to generate a number unique to the poster and the server, based on the IP address. This number would then be associated with each "nobody", so that it would be easier to see whether a poster is from different or like sources.

Of course, there are a number of variables involved (DHCP, remote connection with another network), and it really needs to be tested on a live system to see how well it works or doesn't; it should be usable in 80% of the cases.

What about registered users? They should also have such a number, or else a registered user could easily log off to debate with itself without anyone knowing.

The motivation for this proposal came from observing how easy it is for anonymous posters to fake a debate, and the need for "identifying" the source of anonymous posts. This is no real identification measure, but will filter simple abuse of a forum system from less knowledgable users. Besides, there's nothing stopping most people from registering multiple accounts (but only an "administrator" would typically have access to the information required to identify this kind of abuse).

IP addresses change, so ultimately, anonymous people should have the possibility of entering some name, which are easily discerned from registered users. It may be local to a thread for all intents and purposes.

The implementation of the one-way generated number should have one or more static source (at least the IP address) and one or more variable sources known to the server (seeds). Anyway, it's the implementation which ultimately decides the fate of this method.

No comments: