P&Q Security (Ideas/thoughts)

Hello everyone,

I was asked to create a new thread pertaining to the security of the site. Please post all concerns regarding P&Q's security. Be it ideas or concerns on how to make it a better/safer site. All comments are welcome and appreciated.

I will post a list (of my own) when I get the chance.

P.S. If you feel that your thought or concern is to vulnerable to post, then feel free to PM myself or Larry.

Thanks,
Joe

I've said most of these in the mod room, but I don't mind saying them here as well. I'm not sure if some of these are even possible, but here are a few things I'd like to see, or at least see discussed:

1. A more comprehensive way of identifying spammers. Janis added a captcha, but it seems to be of middling success. I think it would be helpful if the site were to put a brief freeze on any account that, say, tried to send the same PM to more than 15 (or however may) people within a short time frame. It wouldn't solve the whole problem, but I bet it would help. Mods would be alerted to frozen accounts and be able to block them if they were falsely triggered. (This would have the added benefit of stymieing people who send out requests to read and comment.)

2. A better way of barring people from the site. It would help if we could ban computer ID's as well as IP addresses.

3. At least one member put forth the idea that the forums only be viewable to members. I expect this would be to (at least somewhat) control who has access to whatever personal information might be put forth in these threads.

Clubs seem to have better security, now that Janis has fixed some of those issues. Do other clubs feel the same, or do you still have concerns?

I have to admit that I do not really have ideas, but I'd like to say something about sybs first point, I think that might cause problems. What I mean is the fact that club managers got the possibilitiy to send messages to all their members at once, which might make them seem to be a spammer to the system and would kind of freeze their account. Obviously that could be taken away quickly again, but I'm just saying that it might cause a bit confusion.

This might be dumb and not be doable, but it'd be neat if there was a way for an account to automatically be deleted if you don't post poems on your accounts within...7 days??....seems spammers create accounts but post nothing to them, its really annoying to keep reporting them, if it could be done automatically somehow that'd be nice...

Because maybe then we could create a way for poems to only be read if you're a member of the site? And to be a member you have to post poems and be a legit writer. And if you don't post poems, you're here for the wrong reason so if theres a way to delete accounts with no activity it kind of clears all of that up...see what im trying to say? Haha

Chels, what if there are people on the site that post poems every month or a few times in the year but are still active among their club or the discussions board. It wouldn't be fair to them to get their account deleted just cause they don't post a poem once a week.

- People can only check out poems on this site if they have an account.

- Creating an account should be a complicated thing. So much details.. contact info...

Blissful, I interpreted Chelsey's post as saying that people would have to post a poem in the first week (or however long) but wouldn't be expected to post every single week. Just that first one. There are lots of people here who just become readers and commenters, but I bet most people (at least initially) join to post a poem or two. It could be tweaked to be a longer time period, though.

Chelsey, correct me if that's not what you meant at all ; )

Ah that makes more sense. Thank you for the clarification. :)

There are hundreds of people who have accounts on this site and have never posted a poem of any kind. Some of them go back as far as 2005/2006. I don't understand why they weren't dumped a long time ago. All you have to do is pay attention to the "members online" list in the wee hours of the night.....one would think the chat room threads were still up and running.

Mods could theoretically go through and delete each individual inactive account, but it would probably be like trying to bail out the ocean. It would work better if we could find out a way to get rid of a bunch of inactive accounts all at once. Janis has a rule that if a person hasn't logged in in some amount of time, their account may be deleted. Maybe this could be made automatic, with some long amount of time as the requisite factor. We also would want to think about those people who log back in after 2 years of inactivity. Are they an acceptable sacrifice? Is it easy enough for them to just make a new account? It's a topic for discussion.

You are correct Sib! I would be pissed Bliss if I was in a serious writers block but was very active in my club and got deleted lol..

Those people who post only once in a while arent the spammers or the ones here for no reason. The people who have an empty account with nothing, and there account stays empty for that long, it makes me question why they joined? Why would you join a poetry site and become a member if you arent going to submit a poem the first week or two youre here? I just don't get it

Mods could theoretically go through and delete each individual inactive account
^^^^^^^^^
LMAO Been there, done that! I don't recommend it as a solution. But that's how I know there are hundreds. I wasn't just blowing smoke.

Anna & Sibs are correct. However, Janis already installed that measure. If a new account is dormant for x weeks, it is disabled. The exact time is not supposed to be made public.
What we need is an advanced search to locate those accounts which predate his tweak.

^ that's excellent. Thanks for the update Larry!

Someone once said and I can't remember who, about removing the copy/paste function, that would halt a few people looking to steal poetry, perhaps enable it only when submitting poems, I'm sure like me, many write in word doc first then paste across.

Someone once said and I can't remember who, about removing the copy/paste function, that would halt a few people looking to steal poetry, perhaps enable it only when submitting poems, I'm sure like me, many write in word doc first then paste across.

^
stop copying me Doug ! aahh man -_-
okay well I agree, I pmed larrrt bout this idea too, I think it might be HANDY

Doug I was kidding XD don't panic ok

There are alternate ways around copying and pasting if that function is removed. So in the long run, it wouldn't do much help by removing the ability to do that.

I agree with Abed and Sibs that if possible the forums and member's poetry should not be allowed to be viewed by public unless you have a membership....maybe that is too much- but if one could be done just to guarantee more security?

I mean it is really cool when I write something I like I tell my boyfriend or my mom to get on the site and go read it, but to protect peoples work I am totally ok with being a member to be able to read poetry.

Which is where my case came in, If people wanna steal our work they will create a membership and not post poems which is where itd be handy to be automatically removed in an X amount of days if you havent posted poetry. That just proves you signed up for the wrong reason,

I think Janis is hesitant to hide poems from the public, though I think I would be for it. He wants the Interwebz to be able to view our poems.

^^ I know :/ that's what sucks, I get it....but...we obviously kick ass here which is why our poems are being jacked, and now we should think safety/protections first then. . Because this plagerizing has been getting intense. :(

I suspect that some of the income Janis gets from the site is determined by the number of hits the site gets as well as the advertising. I don't think we have any right to expect that he compromise any part of that. The discussion boards are an entirely different matter....those should absolutely be for members only.

Errm. Apart from minimising spammers and whatnot, I think PnQ security is just fine, and much better than before. As long PMs are actually private and things said in confidence in clubs cannot be viewed publicly, the site is doing exactly what it needs to do.

All this nanny-state talk about preventing copy/paste function and becoming a member to do anything- are only short term solutions (that are not even solutions) that mainly punish the honest individual. These sorts of mechanisms would impede the accessibility, publicity, ease of use and growth of the site-- negatively impacting the majority of the PnQ community without doing much to deter the few "criminals" that seem to have been raised to recent attention. If these bad guys really want to do bad things, they will find out the bad ways sooner or later. It is how we deal with them once they are caught that matters.

It's pretty simple. This is the internet. It is a wonderful thing. You are sharing your knowledge freely with the rest of the world, and gaining much from it. By doing this, you are taking a risk. If you don't want to take it, don't publish here within an online community. The benefits far outweigh any negative consequences. There are very few sites anywhere that can guarantee absolute security. Make your own personal and secure site or seek other means.

Or breathe in and submit to the nature of things, baby.

The choice is yours, the individual. The whole community, principles and character of the site shouldn't have to be affected.

^ Couldn't agree more. Perhaps, a few tweaks here and there to improve security may be useful, but what is published on the net should remain open and visible to admirers, budding poets, and whoever else. Closing gates will dissuade newcomers and reduce the popularity of the site and put it in the category of an exclusive member only club. A social site needs to remain visible and open to maintain its appeal.

Restricting access to "discussions" to members only, will certainly ensure a layer of security, and is indeed a good idea. Copy and paste function disabling will make it harder for people to comment on poems and for the judges. But, if it is possible to disable it selectively for "unsigned" visitors/non-members, it will certainly improve the security, and should be implemented. Joe probably has some other issues in his mind, so it would be interesting to hear his ideas.

If the idea was to fight Plagiarism, perhaps then the mods need to work on editing the article on Plagiarism, and have a better action plan than debating it infinitely or having no action plan whatsoever, as it seems today. The law has been out there since 1998, and does work for others visibly. Perhaps, it just needs to be written out for them (when the theft is large scale) and for members (when only 1 or 2 are stolen) to follow, and fight it more effectively (DMCA sample C&D and takedown requests and links). An action 101 primer with necessary links for the future should perhaps be added on to the otherwise well written article.

I don't see why only members should be allowed access to the forums either? Sharing personal information is, again, a choice taken by the individual. Mods are around to monitor any sillies posting their addresses and phone numbers etc- I think posting these are also against the rules of this site anyway.

The Discussion forum is quite an attraction to this site, and has the potential to pop up in google searches. Though few people become regulars, I have no doubt that many read it without being logged in or being a member.

While I wouldn't mind so much if this "security measure" was put in place, I'm just wondering what benefits it's meant to have, and what has lead to this idea? Most leading internet forums are freely visible to the public.

Completely agree with Abby here. Voice of reason.

Alas, I'm a mod and will do whatever the members want. Tighten security? Sure. Good suggestions so far.

Before we set this security issue up for grabs, there are some things to understand.

First and foremost, what is the purpose of this site?
Is it NEVER ok for people to copy your poem, if they are not using it for their own gain?
What is the purpose of the forum?

I agree with Abby completely.

About this disabling accounts what about someone like myself who comes back every once in a while but rarely posts a poem? TO whomever suggested that it a poem should be submitted once a week is going far and will ultimately hinder the site. While I'm not posting poems now, that's not to say a poem won't come to me this year. I think it's clear to see an active account and which ones aren't active. Seeing awards on someones profile along with more then a few forum posts and poems should be adequate enough for a persons account to remain untouched no matter how long they go without submitting a poem.

I haven't seen the capatcha, could you do a 'video' capatcha? http://www.readwriteweb.com/archives/nucatpcha_introduces_video_captchas_better_securit.php . You'll never necessarily get away from the spammers, but you can make it harder for the small time spammers.

Overall again I agree with Abby. The security issues that this site has had to do with private parts of this site remaining private, from PM's to Clubs. Now that those important things have been addressed. I think the 'security' of this site is just fine.

Dealing with plagiarizers can't be prevented. People can make an account, find an old short poem post a few then start reading others and taking them. If someone wants that poem enough they'll just type it out. The only way to prevent this is to not post your poems. To which point I say when posting a poem some acceptance that this could happen should be taken into consideration. In the photography world we deal with it all the time. It's something we understand when we post a photo. We keep all original RAW files and perhaps some other 'examples' of the same shot from different angles, for proof of our work. But sometimes if someone wants the photo they'll take it and you as the artist should take whatever means necessary to get the works taken down, if that's what you want. Welcome to the pitfalls of the internet, not only with poems but many artistic mediums.

^ Agree and disagree. Disabling accounts is like punishing a person. But what about the stuff that has been posted already. Most social websites don't disable accounts simply because people have not posted to them in a while. No account should ever be disabled (outside their club membership), as it is storing pieces of treasured art of that individual. They may come back months or years later to visit them.

"Dealing with plagiarizers can't be prevented."
^ Cannot be prevented, true....but can be dealt with effectively if one really wants by using the existing DMCA law...I have posted enough on how to in Anna's thread, including sample letters and requirements, links where to report and so forth. By, not reporting them at all, we are not only allowing piracy to continue by showing our complaceny to criminals like Mr. Goofstastik to carry on their trade of plagiarizing, adversely affecting many of our friends and the entire internet community ultimately. Complacency breeds criminality and criminals, when society tolerates these evils and evildoers. So everyone needs to be proactive by taking action/s needed to quickly and effectively stop them.
"Doing something is definitely better than doing nothing."