Well, how would you prevent someone registering multiple accounts manually? Going by IP could unfairly stop multiple people using the same computer (e.g. me and my wife) or even multiple people behind the same proxy server (e.g. the same job, or the same university).
I think the correct approach to this is to admit that you simply cannot prevent someone from creating hundreds of accounts, and design a system in a way that doesn’t allow an army of hundred zombies to do significant damage. One option would be to require something costly before allowing someone to either upvote or downvote, typically to have karma high enough that you can’t gain that in a week by simply posting three clever quotes to Rationality Threed. Preferably to require high karma and afterwards a personal approval by a moderator.
Maybe some of this will be implemented in LessWrong 2.0, I don’t know.
Well, how would you prevent someone registering multiple accounts manually?
That’s beside the point, any user determined enough can create enough sock-puppets to be annoying, but I remember that you said that specifically in the case of Eugene there should have been a glitch that allowed him to create automatically multiple accounts. But the usual standard precaution here would suffice: captcha login and unique email verifications should be deterring enough.
you simply cannot prevent someone from creating hundreds of accounts
You can’t, but you can make the process more difficult and slower. This is, more or less, infosec and here it’s rarely feasible to provide guarantees of unconditional safety. Generally speaking, the goal of defence is not so much to stop the attacker outright, but rather change his cost-benefit calculation so that the attack becomes too expensive.
a way that doesn’t allow an army of hundred zombies to do significant damage
The issue is detection: once you know they are zombies, their actions are not hard to undo.
The issue is detection: once you know they are zombies, their actions are not hard to undo.
Generally true, but with Reddit code and Reddit database schema, everything is hard (both detecting the zombies and undoing their actions). One of the reasons to move to LessWrong 2.0.
(This may be difficult to believe until you really try do download the Reddit/LW codebase and try to make it run on your home machine.)
Yes, there’s also that… has the glitch allowing a sock-puppets army been discovered / fixed?
Well, how would you prevent someone registering multiple accounts manually? Going by IP could unfairly stop multiple people using the same computer (e.g. me and my wife) or even multiple people behind the same proxy server (e.g. the same job, or the same university).
I think the correct approach to this is to admit that you simply cannot prevent someone from creating hundreds of accounts, and design a system in a way that doesn’t allow an army of hundred zombies to do significant damage. One option would be to require something costly before allowing someone to either upvote or downvote, typically to have karma high enough that you can’t gain that in a week by simply posting three clever quotes to Rationality Threed. Preferably to require high karma and afterwards a personal approval by a moderator.
Maybe some of this will be implemented in LessWrong 2.0, I don’t know.
That’s beside the point, any user determined enough can create enough sock-puppets to be annoying, but I remember that you said that specifically in the case of Eugene there should have been a glitch that allowed him to create automatically multiple accounts. But the usual standard precaution here would suffice: captcha login and unique email verifications should be deterring enough.
You can’t, but you can make the process more difficult and slower. This is, more or less, infosec and here it’s rarely feasible to provide guarantees of unconditional safety. Generally speaking, the goal of defence is not so much to stop the attacker outright, but rather change his cost-benefit calculation so that the attack becomes too expensive.
The issue is detection: once you know they are zombies, their actions are not hard to undo.
Generally true, but with Reddit code and Reddit database schema, everything is hard (both detecting the zombies and undoing their actions). One of the reasons to move to LessWrong 2.0.
(This may be difficult to believe until you really try do download the Reddit/LW codebase and try to make it run on your home machine.)