undefined | Better HN

0 pointsMithaldu10y ago0 comments

As someone who deals with spam in an even more difficult situation, that being a forum where anyone can post just by accessing it in a browser with no account needed or even possible: Often nicer ways are not usefully scalable or even feasible.

I get a lot of child porn link spam and am currently looking into OCR software to identify images spam bots post, because the spammers have been hard at work at circumventing any other measure i put in place. With that kind of thing being "spam", i can't be nice about it. I need to be zero-tolerance on any detection, even if it may be a false positive.

As for why it's not reviewed by a human: That may not scale. My forum is rather small, 30000 unique visitors per month, but even so, with a team of three people, there is simply no way to look at everything identified as spam. And going by the contacts we get from users about false positives, even if i assume 10 times as many things are false positive than people ask us about, we're still below 1%.

Also, at a wild guess: With an account as big as yours, maybe you just went past a total size limit for all the repos in your account, looking like a bot trying to treat github like a storage system.

Lastly, something meant to be friendly advice: I understand that you're a little upset, but going to the effort of writing such a big blog post, and using that strong language for something that did no actual damage is over the top. This may not be part of your daily dealings, but before you attack github over this, i invite you to try and spend some time to think about how you could write bots to abuse github, which is pretty much a publicly writable storage system, and how you would counteract such abuse.

0 comments

2 comments · 1 top-level

vonnieda10y ago· 1 in thread

I understand that fighting spam is difficult; I ran public email servers for years, and I think that Github does a great job at it.

My gripe here is that they didn't notify me before or after hiding my account. I don't expect a human to review the flag and I'm not suggesting they do. I agree, that doesn't scale. But it doesn't take a human to send me an email that says "Your account has been flagged for spam. Please contact support to resolve this issue."

The issue is that if I hadn't happened to log in this morning I would not have known that my account was hidden until I started getting complaints about broken links. Github was returning 404 errors for my repos. That means no one could download code or releases, read Wikis, file Issues, etc. It was like the repos had just been deleted.

My projects are pretty small, comparatively. But imagine if you went to read some docs on Angular or Express or any other large, open source project and you just got a 404 for the entire project? It's pretty scary.

My only ask here is that they notify users that they flag. Nothing more. I think it's a pretty reasonable request. I have since exchanged a couple more emails with them and they have said they'll raise the issue internally.

MithalduOP10y ago

Ah, i did not realize they did not email you.

That is something to which you at least deserve an answer to, though i expect they don't do it because sending out that email would alert the owner of the bot which would otherwise never be any wiser. It's a cousin of hellbanning, something which even HN does.

Though i think it's also fair to point out that your post only raises that issue as an aside, while that is the most salient thing in it.

Also, a bit of github background: Personal accounts are meant for small personal things. They expect anything big and important to happen in organizations, which i suppose are treated slightly differently.

j / k navigate · click thread line to collapse