1. user@google.com signup objection
- Posted by ChrisB (moderator) Jan 06, 2015
- 1145 views
Hi
I see that users with @google.com (and presumably @gmail.com and @googlemail.com) addresses are to be prevented from signing up. I'm afraid I object to this.
Just because someone uses an @google.com address does not automatically mean they are a spammer or an abuser. I thought it was a tenet of modern western philosophy that one was presumed to be innocent until shown to be not so.
If someone abuses the privilege of joining the forum, then it should be a simple enough matter to remove and block them.
I also note that administrator approval is required to post. I agree with this - it should again be a simple matter to fire off an email to new users with terms and conditions and standard of conduct required for participation. This level of moderation should prevent, in the majority of cases, abuse of the forum. Replying to this email could be used as a confirmation of email address too.
Chris
2. Re: user@google.com signup objection
- Posted by DerekParnell (admin) Jan 06, 2015
- 1135 views
Firstly, it's only "google.com" accounts.
However, I also am wondering why this was put into place. There was no discussion or evidence of abuse presented. Jim, do you realize that implementing unilateral changes of this nature need a lot of justification.
Also the 'error message' is not useful at all.
3. Re: user@google.com signup objection
- Posted by jimcbrown (admin) Jan 06, 2015
- 1073 views
Hi
I see that users with @google.com addresses are to be prevented from signing up. I'm afraid I object to this.
(and presumably @gmail.com and @googlemail.com)
No, users from the last two can sign up just fine.
Just because someone uses an @google.com address does not automatically mean they are a spammer or an abuser. I thought it was a tenet of modern western philosophy that one was presumed to be innocent until shown to be not so.
Unlike, e.g., gmail.com, google.com email addresses do not appear to be publicly available. So we already know that the email address is invalid at that point. (If you have an example of a developer somewhere using a valid first.lastname@google.com account to communicate on a project or something though, that's enough proof to warrant a reversal.) Longstanding but lightly enforced rules have always required a valid email address to register.
If someone abuses the privilege of joining the forum, then it should be a simple enough matter to remove and block them.
It turned out not to be so simple (my guess is that the abuser used a location changing VPN), hence the change you reference below.
I also note that administrator approval is required to post. I agree with this - it should again be a simple matter to fire off an email to new users with terms and conditions and standard of conduct required for participation. This level of moderation should prevent, in the majority of cases, abuse of the forum. Replying to this email could be used as a confirmation of email address too.
Agreed. Actually, all the existing email blocks were just quick hacks because no one had ever implemented automatic email verification (so they were meant to be temporary, but then they ossified).
However, I also am wondering why this was put into place. There was no discussion or evidence of abuse presented. Jim, do you realize that implementing unilateral changes of this nature need a lot of justification.
Actually, I did not realize that adding a domain like example.com to the list of domains unavailable for valid email addresses was important enough to require additional discussion and justification. But, now I know, so let's discuss away. 
Like I said above, disallowing invalid email addresses is a long-standing policy of this site. The reason google.com wasn't disallowed until now was that, until relatively recently, no one had tried to use a google.com email address.
Then User89 came in and started violating the CodeOfConduct and possibly the Long-Standing Moratorium on Trolling ... and ignored moderator warnings on the forum. I tried to escalate it to the next level, by sending a warning via email, only to have it bounce. (A quick web search revealed that google.com wasn't available from gmail.) I then locked the account with a message, hoping that User89 would email one of the moderators or admins to get a valid email address for the account (at which point we could pick up where we left off in quietly and privately handling the CodeOfConduct stuff). Instead, User90 was signed up (with a different ip address and another google.com email address). I locked this new account with the same message, and then saw User91, EuSucks, and PythonRules signed up each with google.com email addresses. The ip address was different each time too (Germany, UK, US). In the past, we've banned abusers from this site by using their ip address, but User89 would prove to be a tougher cookie.
So, that's what led to all this. (As an aside, the CodeOfConduct violations were not enough to warrant a ban or any sort of restriction (yet) ... locking the accounts was solely in response to the use of a invalid email address and the lack of another method to contact the user privately.)
Also the 'error message' is not useful at all.
Okay... Give me a better one and I'll change it today.
4. Re: user@google.com signup objection
- Posted by ChrisB (moderator) Jan 06, 2015
- 1093 views
Hi Jim
Thanks for that, my mind is set at rest now.
Does this mean auto email verification for new users, with code of conduct in the auto reply email? That would make EuForum look very professional.
Chris
5. Re: user@google.com signup objection
- Posted by jimcbrown (admin) Jan 06, 2015
- 1083 views
Hi Jim
Thanks for that, my mind is set at rest now.
Does this mean auto email verification for new users, with code of conduct in the auto reply email? That would make EuForum look very professional.
Chris
The original thought was to send out an auto-reply email with a short explanation and an URL that the user would visit to activate their account. But also including the CodeOfConduct and other relevant texts is an excellent idea. I'll see that this makes it into the auto verification emails when they're ready.
Maybe we can come up with a standard template for the admins to use for manual email verification, and then just use that for the auto verification when it goes live.
6. Re: user@google.com signup objection
- Posted by DerekParnell (admin) Jan 06, 2015
- 1086 views
Unlike, e.g., gmail.com, google.com email addresses do not appear to be publicly available. So we already know that the email address is invalid at that point. (If you have an example of a developer somewhere using a valid first.lastname@google.com account to communicate on a project or something though, that's enough proof to warrant a reversal.) Longstanding but lightly enforced rules have always required a valid email address to register.
That would have been a good way to start the discussion prior to implementing this change. I'm pretty sure very few people knew this about that domain as an invalid email address.
Actually, I did not realize that adding a domain like example.com to the list of domains unavailable for valid email addresses was important enough to require additional discussion and justification. But, now I know, so let's discuss away.
Like I said above, disallowing invalid email addresses is a long-standing policy of this site. The reason google.com wasn't disallowed until now was that, until relatively recently, no one had tried to use a google.com email address.
Again, you found out something that we (most likely) didn't know. It would have been polite at least to give a heads-up to the other developers and admins.
Ok, having said that, there could be potentially many domains that will always be invalid email addresses. The EuWeb code should be a bit better written with that in mind. Maybe do a look up of bad domains encoded in a sequence rather than a separate 'if' statement per domain name.
Then User89 came in and started violating the CodeOfConduct and possibly the Long-Standing Moratorium on Trolling ... and ignored moderator warnings on the forum. I tried to escalate it to the next level, by sending a warning via email, only to have it bounce. (A quick web search revealed that google.com wasn't available from gmail.) I then locked the account with a message, hoping that User89 would email one of the moderators or admins to get a valid email address for the account (at which point we could pick up where we left off in quietly and privately handling the CodeOfConduct stuff). Instead, User90 was signed up (with a different ip address and another google.com email address). I locked this new account with the same message, and then saw User91, EuSucks, and PythonRules signed up each with google.com email addresses. The ip address was different each time too (Germany, UK, US). In the past, we've banned abusers from this site by using their ip address, but User89 would prove to be a tougher cookie.
So, that's what led to all this. (As an aside, the CodeOfConduct violations were not enough to warrant a ban or any sort of restriction (yet) ... locking the accounts was solely in response to the use of a invalid email address and the lack of another method to contact the user privately.)
Also banning users should not usually be done unilaterally. If an admin wants to ban a user then let the other admins be aware of that. We are not dictators. Sure, there may be situations in which one admin bans a user due to some extraordinary behavior, but this really must be brought up for admin discussion shortly after the ban is in place.
Also the 'error message' is not useful at all.
Okay... Give me a better one and I'll change it today.
How about something like ... "The supplied email address is not recognized as valid."
7. Re: user@google.com signup objection
- Posted by jimcbrown (admin) Jan 06, 2015
- 1128 views
Unlike, e.g., gmail.com, google.com email addresses do not appear to be publicly available. So we already know that the email address is invalid at that point. (If you have an example of a developer somewhere using a valid first.lastname@google.com account to communicate on a project or something though, that's enough proof to warrant a reversal.) Longstanding but lightly enforced rules have always required a valid email address to register.
That would have been a good way to start the discussion prior to implementing this change. I'm pretty sure very few people knew this about that domain as an invalid email address.
Actually, I did not realize that adding a domain like example.com to the list of domains unavailable for valid email addresses was important enough to require additional discussion and justification. But, now I know, so let's discuss away.
Like I said above, disallowing invalid email addresses is a long-standing policy of this site. The reason google.com wasn't disallowed until now was that, until relatively recently, no one had tried to use a google.com email address.
Again, you found out something that we (most likely) didn't know. It would have been polite at least to give a heads-up to the other developers and admins.
My bad. I thought such a change was so trivial and non-controversial that it wouldn't be necesary to discuss it in advance. At least no more than, for example, removing old ip addresses from the internal ban list.
In the future, I'll give the heads-up.
Ok, having said that, there could be potentially many domains that will always be invalid email addresses. The EuWeb code should be a bit better written with that in mind. Maybe do a look up of bad domains encoded in a sequence rather than a separate 'if' statement per domain name.
Yes, that's a good idea.
Then User89 came in and started violating the CodeOfConduct and possibly the Long-Standing Moratorium on Trolling ... and ignored moderator warnings on the forum. I tried to escalate it to the next level, by sending a warning via email, only to have it bounce. (A quick web search revealed that google.com wasn't available from gmail.) I then locked the account with a message, hoping that User89 would email one of the moderators or admins to get a valid email address for the account (at which point we could pick up where we left off in quietly and privately handling the CodeOfConduct stuff). Instead, User90 was signed up (with a different ip address and another google.com email address). I locked this new account with the same message, and then saw User91, EuSucks, and PythonRules signed up each with google.com email addresses. The ip address was different each time too (Germany, UK, US). In the past, we've banned abusers from this site by using their ip address, but User89 would prove to be a tougher cookie.
So, that's what led to all this. (As an aside, the CodeOfConduct violations were not enough to warrant a ban or any sort of restriction (yet) ... locking the accounts was solely in response to the use of a invalid email address and the lack of another method to contact the user privately.)
Also banning users should not usually be done unilaterally. If an admin wants to ban a user then let the other admins be aware of that. We are not dictators. Sure, there may be situations in which one admin bans a user due to some extraordinary behavior, but this really must be brought up for admin discussion shortly after the ban is in place.
I have no problems with or objections to this principle. In practice, this seems to only be followed in certain situations (e.g. when dealing with a CodeOfConduct violation) and not others (e.g. when a spamming advertiser's account is banned from the forum). I emphasise that I have no problems with following this, I just want to make sure that I'm not behaving inconsistently with other admins in doing so.
Also the 'error message' is not useful at all.
Okay... Give me a better one and I'll change it today.
How about something like ... "The supplied email address is not recognized as valid."
Done.
8. Re: user@google.com signup objection
- Posted by mattlewis (admin) Jan 06, 2015
- 1155 views
My bad. I thought such a change was so trivial and non-controversial that it wouldn't be necesary to discuss it in advance. At least no more than, for example, removing old ip addresses from the internal ban list.
In the future, I'll give the heads-up.
Yeah, an email to the dev list or something saying that someone was abusing the forum with such and such emails would be good. It also puts us on alert for watching out for stuff that we might not have noticed.
Matt
