LJ allows identity accounts to post in communities

Wednesday, May 11th, 2011 09:18 pm
charmian: a snowy owl (Default)
[personal profile] charmian
In the latest release, LJ has now allowed for identity accounts (openID, Facebook, Twitter, and others) to post in LJ communities. While this new feature has been overshadowed by the LJ nav strip revision, it seems to have already caused some controversy.

Personally, I'm for this feature (although I don't think that it'll affect me personally much); I really don't think there's much of a security issue with Twitter/FB accounts posting, and actually I'm puzzled by the assertion that LJ-Abuse has less data on the identity accounts than other accounts. I mean, isn't LJ Abuse able to trace even anonymous posters through IP addresses and other things? Anyone with more technical knowledge want to chime in on those aspects?

I now wonder, though, if Dreamwidth is going to implement a similar feature, and if so, would there also be this kind of opposition?

Poll #6955 identity accounts posting in comms on DW
Open to: Registered Users, detailed results viewable to: All, participants: 33

View Respondents

Should DW allow identity accounts (openID) to make posts in communities?

View Answers

Yes
22 (66.7%)

No
8 (24.2%)

Other (explain in comments)
3 (9.1%)

Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2011-05-12 01:25 pm (UTC)
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
From: [personal profile] synecdochic
I mean, isn't LJ Abuse able to trace even anonymous posters through IP addresses and other things

*wheeze*

No. *G*

Unless things have changed since I left and those code changes have been made in ljcomint and therefore not been piped through [livejournal.com profile] changelog or made available in the code repository, which is -- as always -- entirely possible but extremely unlikely, given how we always used to have to have fistfights to get any developer attention at all, abuse team members who are investigating something can obtain IP addresses for anonymous commenters if-and-only-if:

* IP logging is enabled by the owner of the account, was enabled at the time the comment was made, and an employee logs in as the owner of the account (or uses viewall on the entry, I think, but I'm not sure; it's been a while and I'm too lazy to go viewall my non-staff account on DW and see if it shows me comment IPs), or:

* The comment is deleted and marked as spam.

IP address information is stored in the db even if IP logging isn't on -- it has to be, in order to display the IP if the comment is deleted & marked as spam -- but there is literally no way to obtain it short of direct db access, which at the time I left nobody ever had the time, energy, or willingness to do for me. (I do not know what current policy regarding that is.)

actually I'm puzzled by the assertion that LJ-Abuse has less data on the identity accounts than other accounts

Again, assuming that things have not changed, blah blah potatocakes:

It has always been next to impossible to prove that two accounts are controlled by the same person if the person is at all trying to conceal this fact. At most, you can say that there's a reasonable degree of certainty that they are -- and that's only if it's reported as "account X also belongs to account Y", ie, you have the two accounts to compare. (A lot more information is obtainable but not searchable: ie, you can look up identifier X for account X, but you can't search "what other accounts have identifier X". I'm being vague here, because those identifiers are very powerful anti-abuse tools and an exact list of what they are just points out to people how to circumvent them.) If it's reported as "account X said they have another account", and the person who controls account X takes the basic precaution of not using the same email address for the two accounts, it is almost impossible to identify the other account.

(Almost impossible. People screw up the separation of their two accounts a lot.)

This is not unique to identity accounts. But people think that the LJ abuse team has access to way more information than they really do.

Date: 2011-05-12 09:24 pm (UTC)
charmian: a snowy owl (Default)
From: [personal profile] charmian
Thanks for the information!

So what I take away from this is.... that identity accounts are not significantly less identifiable or a significantly greater source of abuse problems than regular LJ accounts?

Date: 2011-05-12 09:29 pm (UTC)
synecdochic: torso of a man wearing jeans, hands bound with belt (Default)
From: [personal profile] synecdochic
I can't see where they would be, yeah. I could see it being more of a problem if LJ didn't require validated email addresses to post to comms/post comments, but AFAIK, they changed the protocol to require a validated email address to do all of that, so.

(The other thing to take away is that the LJ abuse team is doing the impossible with shitty tools and zero support. But that's been the case since they started, heh.)

Date: 2011-05-12 09:31 pm (UTC)
charmian: a snowy owl (Default)
From: [personal profile] charmian
Yeah, I recall reading about that awhile ago.

(Yikes... hope they get better tools someday)
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

May 2014

S M T W T F S
    123
45678910
11121314151617
18 192021222324
25262728293031

Most Popular Tags

Expand Cut Tags

No cut tags