You're looking at Less Wrong's discussion board. This includes all posts, including those that haven't been promoted to the front page yet. For more information, see About Less Wrong.

fubarobfusco comments on Stupid Questions December 2014 - Less Wrong Discussion

16 Post author: Gondolinian 08 December 2014 03:39PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (341)
Tags: stupid_questions

Comments (341)

You are viewing a single comment's thread. Show more comments above.

Comment author: Lumifer 10 December 2014 02:00:48AM 1 point [-]

For starters, a system to be sure that a user or service is the same user or service it was previously.

That seems to be pretty trivial. What's wrong with a username/password combo (besides all the usual things) or, if you want to get a bit more sophisticated, with having the user generate a private key for himself?

You don't need a web of trust or any central authority to verify that the user named X is in possession of a private key which the user named X had before.

I'm more interested in if anyone's trying to solve it.

Well, again, the critical question is: What are you really trying to achieve?

If you want the online equivalent of the meatspace reputation, well, first meatspace reputation does not exist as one convenient number, and second it's still a two-argument function.

there's no attempts to run multi-dimensional reputation systems, to weigh votes by length of post or age of poster, spellcheck or capitalizations thresholds.

Once again, with feeling :-D -- to which purpose? Generally speaking, if you run a forum all you need is a way to filter out idiots and trolls. Your regular users will figure out reputation on their own and their conclusions will be all different. You can build an automated system to suit your fancy, but there's no guarantee (and, actually, a pretty solid bet) that it won't suit other people well.

I expect Twitter or FaceBook have something complex underneath the hood

Why would Twitter or FB bother assigning reputation to users? They want to filter out bad actors and maximize their eyeballs and their revenue which generally means keeping users sufficiently happy and well-measured.

Comment author: fubarobfusco 10 December 2014 02:30:11AM 2 points [-]

That seems to be pretty trivial. What's wrong with a username/password combo (besides all the usual things)

"All the usual things" are many, and some of them are quite wrong indeed.

If you need solid long-term authentication, outsource it to someone whose business depends on doing it right. Google for instance is really quite good at detecting unauthorized use of an account (i.e. your Gmail getting hacked). It's better (for a number of reasons) not to be beholden to a single authentication provider, though, which is why there are things like OpenID Connect that let users authenticate using Google, Facebook, or various other sources.

On the other hand, if you need authorization without (much) authentication — for instance, to let anonymous users delete their own posts, but not other people's — maybe you want tripcodes.

And if you need to detect sock puppets (one person pretending to be several people), you may have an easy time or you may be in hard machine-learning territory. (See the obvious recent thread for more.) Some services — like Wikipedia — seem to attract some really dedicated puppeteers.

Powered by Reddit Powered by Reddit