I'm always logged in and never see any Login screen or captchas...

I agree that the party responsible probably uses something like my spam nuke script - and I was really feeling bad posting them, knowing they could be turned into WMD against legal users, but at that time is was a matter of self-defence... and also most of them don't work any more, so the culprit must be proficient enough in JavaScript to change them to their needs anyway. And they weren't that brilliant anyway so anyone could have come up with a similar idea *shrug*

And I agree that it's probably manually triggered, at least by browsing to the forum page where the threads are, that's why the subforums are safe, since it's too much PITA to search them.

But I'm pretty sure the culprit has at least some alt-accounts working for them. That's why you don't see any low-rated threads, they're all downvoted and reported as spam within a very short amount of time.

With my spam killer script a number of people had to work together to get the spam threads deleted, so that is IMO the only way this can work. I don't know exactly how many "report as spam" clicks it needs to delete a thread, from our spam battle against the Koreans I guess about five. Totally doable.

Now I won't know who Alaric pissed off that way... doesn't probably take much nowadays and trolling seem to be "in" anyways.

So you were one of them?

I'm so disappointed with you, Adalia, I thought you were better than this.

I have a good mind to rip one of your rep stars off.

Same here. But if you log in and out multiple times you get it, meaning doing so automatically is impossible. There may be a way around it, but as mrkgnao stated something similar about MaGog (which I assume uses something like the methods alaric mentioned, though possibly not) I'm not even sure that's the case.

It may or may not, all I know is I saw the thread (at least once) disappear without first being low-rated, which shouldn't be possible if everyone reporting is also hitting downvote (which you need to see the spam link). But using your script (or a variant of it) may bypass that step to just hit the spam link. I don't think it's your fault at all, we needed those scripts at the time and it's not really that difficult to come up with independently.

But I disagree that it's one person with alts. There might be some of that, but I think it's mostly just the combined user base of Gog. There are many users whose posts get deleted (Tauto and ciomalu being the main two) and I doubt anyone is making any concerted effort to do so. They're annoying, offensive and obnoxious and so their posts get deleted. They've done so so much that their posts get reported no matter what they say usually.
I don't think alaric is really at that level, but it's easy to see he's annoyed a lot of regular members, and the recent threads are nothing more than spam. So it's not really surprising they are being deleted. As for other threads he makes... he's already marked himself as a spammer with what he's doing so again, it's not surprising if other threads get hit because of that...

If there's no limit to how many alts can be created with one e-mail address and how many can be logged into from the same IP, it's ludicrously easy to nuke threads.

I've currently got forty-seven alts in here!

Give it up you fuckers, all your base belong to us!

AHHHH HAHAHAHAHAHAHAHAHA!!!!!!!

I suggest you be careful what you say to Adalia or he'll delete your post.

He's already admitted as much.
I didn't want to say anything before, but I feel this is the right thread for it.

Your avatar sucks, it looks like a bleached arsehole, so white and puckered.

It is an asshole and it's from a really famous book by a legendary author, but then I'm going to go out on a limb and say reading isn't your favorite activity. :P

That's not true any more, I tested that.
You can create accounts with any old email address and do stuff, but you can't log in to them again (because of the Two Step Login, which you can't disable without access to the email either). So theoretically you could just create a new throwaway account every time you needed one but it's probably far easier to set up half a dozen gmail or hotmail accounts and set up the accounts properly (which would of course require a person, but not a huge amount of effort)
I'm not sure how many you can be logged into at once or within a short space of time.

Do you ever shave and bleach yours?

It gives a cleaner look and the even skin tone gives a radiant and healthy glow.

I often have complete strangers asking me if I exercise and work out.

A clorox enema would straighten that boy right out.

Mos all of your posts are extremely annoying to me but I don't spam them into deletion.Would love to but

...tell me how many theoretically different uniqe IDs there are in the gog system, and I'll give you the answer to that :p

Like most things having to do with cybersecurity, the reason systems aren't breached is simply because there is no point doing it, not because they are secure. This is also the main reason for separating different networks from each other, so that we won't end up in a situation with global riders identifying your, say, browser instances. Or, deeper, for example having your packet transport having a byte or two attached at the ISP, pinpointing each user's transport packages all the way until the socket on the server's reception.

Both of these now do happen, of course. For example your facebuk login easily connects your personal ID, or name and photo in this case, to each site you click to that has a facebuk comment or even traffic plugin, even if you didn't click the link from facebook. Google has a very similar approach for mapping advertisement success and page-ratings.

Meanwhile, the US has been, for at least the last 16 years, been tagging the end of each transport package with additional bytes to indentify the country of origin. It's still relatively benign and not directly harvestable information. But it's all born from the idea that storing as much information about people is a good thing, and that detecting people preemptively keeps people honest and kind, etc.

So when these systems then are insufficient for that purpose, one wants more data-logging. And yet more data-logging. And using encryption is a sign of being a terrorist, rather than being fond of gluing the envelopes on your personal letters shut before sending them with an approved courier, and not being all that content if the envelope arrives opened at the edge, etc.

In other words, asking what we should be doing to make rating systems waterproof, and duplicate accounts impossible - just as asking "what can I do to feel secure enough to be able to leave the keys in the car at the airport when I leave for a vacation" - is the wrong question. These are implementation quirks for specific situations haphazardly sought to be generalized. It's what brings us to things like: I wish to have this anonymous messaging board identify each user, so each person is allowed to uniquely be anonymous on it. Conceptually very difficult.

What we should ask is: what do we wish to accomplish with such and such system. And if the specific situational drawbacks actually run counter to that goal.

Like with a discussion fora like this. If you have a gogID given to you as reward for buying products on the site, etc. Then you already know that making endless duplicate IDs is going to be difficult, since it relies on gog granting new IDs. Even if you then allow people to not connect their purchases or purchase information to their public ID, gog would then be able to guarantee that users on the fora actually are customers with an interest in the products.

In the same way, if your public ID is connected to some ephemeral bullshit like reputation, or expectations for quality, and interesting and thoughtful and intellectually challenging content, or immense walls of text that can be happily skipped past - then we also have a reason to stay with the ID you choose. Or, to pick a new one in an attempt to start over again.

All perfectly reasonable, but this doesn't work of course. So what we're ending up with is that because we design the system to accommodate and more and more be oriented towards ditto-opinion and poll-like trending on the one hand, and with the pre-emptive surveillance that makes everyone honest and fucking polite all the time on the other - we need increasingly invasive personally identifying tags on accounts and anything you do online.

To, in a nutshell, enable a - until someone finds a new way to break that system as well - system to work towards a goal we perhaps really had no intention of reaching in the first place.

Just be aware of this, that it's very easy to set up systems that do authenticate you as a specific user inside a system, with an outside transparent ID. Banks have done this for a very long time, for example. It's not expensive, or difficult to do. But there's no purpose to do that for a games-forum, right? So something else that privately identifies you is used instead, for all kinds of different purposes, such as identifying your purchasing habits, how many credit cards are registered, when you register credit cards, where you are from, and how successful various campaigns are, etc. And it's always extremely helpful to you as a user, of course, we're assured of that.

Truth is that we don't need that as customers, and there are all kinds of good alternatives to it that won't, for example, break EU law (like Valve would with Steam, if they still had an office in Lichenstein for the purpose of tax-evasion). Whether that's using external transaction systems or securing the system properly internally, and then actually having a schema for never making public personally identifiable information (something both gog and Steam does, although Valve frequently manage to lose addresses and names, where gog only exposes purchase information to a limited degree - while the rest of the system just can't retrieve the information with the exposed APIs.. the good option here).

But the kicker is that "customers" actually want that system, with their personal IDs and all their information stored. Because they're scared of kleetus. It's.. weird. You know? It's the kind of thing that makes you seriously doubt whether anything useful ever actually came out of a dialogue where you assume that through a careful hermeneutical approach, that eventually you will discern what the other person wanted, where you both can speak a language both of you can understand.

Instead we never seem to have graduated from imperatives. "I want this! Now! Sugarcone! Give!". And trust our guardians to take care of it with our carelessness and lack of awareness in mind. Please expose me online, so that I can feel safer and protected! ..makes no sense.

Isn't that curious? That there's absolutely no practical reason for us to have our personal IDs exposed, even if we wanted the system to identify our personal accounts. There's no good practical reason why a private company would want it - they can't sell individual information to advertisement partners or for creating sales-strategies. Some of us have helped to force this through politically, and we've been successful, in spite of things.

But we get to this point with public IDs being a problem anyway because individual users convince themselves of that they want more and more individually identifying information exposed. It's "convenient", some say, to not have to remember passwords. And down to how we suddenly don't want anyone to post things with pseudonyms, because people who do that are cowards apparently. Like.. any author ever, who didn't want people running down their door to congratulate them with fireworks and marching bands for their politically sensitive opinions, and things of that sort.

Point is this: you can't get the ideal little online community without enforcing so many rules that no one can or will dare to move around any more.

ah, finaly ! someone else who does know the golden rule of IT security. Thank you, i feel less lonely about it