New Blog Moderation Policy

There has been a lot of toxicity in the comments section of this blog. Recently, we’re having to delete more and more comments. Not just spam and off-topic comments, but also sniping and personal attacks. It’s gotten so bad that I need to do something.

My options are limited because I’m just one person, and this website is free, ad-free, and anonymous. I pay for a part-time moderator out of pocket; he isn’t able to constantly monitor comments. And I’m unwilling to require verified accounts.

So starting now, we will be pre-screening comments and letting through only those that 1) are on topic, 2) contribute to the discussion, and 3) don’t attack or insult anyone. The standard is not going to be “well, I guess this doesn’t technically quite break a rule,” but “is this actually contributing.”

Obviously, this is a subjective standard; sometimes good comments will accidentally get thrown out. And the delayed nature of the screening will result in less conversation and more disjointed comments. Those are costs, and they’re significant ones. But something has to be done, and I would like to try this before turning off all comments.

I am going to disable comments on the weekly squid posts. Topicality is too murky on an open thread, and these posts are especially hard to keep on top of.

Comments will be reviewed and published when possible, usually in the morning and evening. Sometimes it will take longer. Again, the moderator is part time, so please be patient.

I apologize to all those who have just kept commenting reasonably all along. But I’ve received three e-mails in the past couple of months about people who have given up on comments because of the toxicity.

So let’s see if this works. I’ve been able to maintain an anonymous comment section on this blog for almost twenty years. It’s kind of astounding that it’s worked as long as it has. Maybe its time is up.

Tags:

Posted on June 19, 2024 at 4:26 PM54 Comments

Comments

Charles June 19, 2024 4:42 PM

Hi Bruce. Really keen to get your thoughts on this, and seems timely given the unfortunate nature of this post.

What do you think about requiring identity verification for all social media accounts, via third-party identity verification services? User anonymity can be maintained, as identity verifiers need only to pass back to website requesting identity verification an affirmative response, and some sort of identity token. My assumption is that this process would ensure website operators are able to enforce bans of abusive users, and mitigate the effects of bots and trolls, while maintaining plausible anonymity.

Thanks for keeping things civilized.

willmore June 19, 2024 4:49 PM

Darn, I’m sorry to hear it’s come to this. I haven’t been reading the comments nor contributing them them much recently, but I’ll try to make an effort in the future if I have anything meaningful to add. Maybe more signal will help with the bad signal to noise ratio? (Probably only less noise would really help)

b walker June 19, 2024 5:21 PM

Good call. There are often excellent points raised in comments from many different perspective. Glad you are trying to keep this going.

Nobody June 19, 2024 5:28 PM

Well, Sir, it was time someone handled the problem. Though I’m a mere lurker, I was quietly stopping passing by here because of the new normal in comments. Let’s hope Mr Clive Robinson coming back is good omen !

David Rudling June 19, 2024 6:01 PM

I am not sure if this will be judged to “contribute to the discussion” but, even if read only by your moderator, I have to comment that this will be a welcome change to many of us, sadly necessary.

Just a fan June 19, 2024 6:27 PM

Does the comments feature support a hybrid approach of 1) allowing registered users to comment without pre-screening; and 2) pre-screening those who are not logged in/unregistered? Maybe this would ease the burden on the moderator + allow established commenters to not have to be subjected to extra scrutiny.

TimH June 19, 2024 6:41 PM

A possibility is to whitelist known multi-post-positive contributors, such as Clive Robinson, by email address and perhaps IP, and pass ’em through. No need to publish the metric for gating metric.

Gary Moore June 19, 2024 7:39 PM

Great idea. I am sorry that you have to cope with it. I do applaud you willingness to take a stand. Why people resort to such crappy behaviour remains a mystery. Keep up the good work.

Pseudonymous Jeffrey June 19, 2024 9:21 PM

I am going to disable comments on the weekly squid posts. Topicality is too murky on an open thread, and these posts are especially hard to keep on top of.

I can understand why things need to change. It seems that, sometimes, half the comments (on squid posts and elsewhere) consist of appeals to the moderator, vague accusations of being or impersonating someone, and so on. That said, I’ve seen lots of good comments on the squid posts, and I’ll be sad to see them go.

I hope that they’ll eventually come back in some form, perhaps once everyone gets used to the new moderation system. I wonder if enabling threading, perhaps just for those posts, could help with topicality; the moderator would then have some idea of the discussion that one’s purporting to continue—or, if top-level, whether it’s a topic worth bringing up. Or how about an anonymous way to suggest a story?

I don’t really feel like squid-post topicality was a huge problem, though, and I’m curious to read what others think. If a somewhat-off-topic conversation gets started in an open thread, but never devolves into personal attacks and sniping, is it a bother? I’m not talking about some of those topics that have been popping up recently, that seem to breed nothing but controversy (regular readers will be able to think of examples; let’s not “name names”). I mean stuff like, maybe someone posts an operating system vulnerability, and then we get onto a discussion of the incentive structures that affect vendors, system-design techniques to avoid such vulnerabilities, and so on. Those were, to me, some of the most interesting discussions.

On the topic of moderation delays, intentional slow-downs have been repeatedly proposed to solve various ills of society (for example, having a stock market with only one round of trades each day—or each year—to avoid some of “Mr. Market’s” less rational behavior). I feel like such ideas are under-explored. Maybe what appears to be a disadvantage actually won’t be.

Keith Rettig June 20, 2024 3:14 AM

How about sending the ‘close but not good enough’ comments back to the email address used to post? That way, the writer can reflect on what they wrote and re-submit a better version.
If the comment is offensive or clearly not useful, then delete away; no sympathy for those posters.

Bob in Vancouver June 20, 2024 3:15 AM

My hunch all along has been that it’s the same person behind the 3 or 4 or more frequent posters of off topic comments and that it’s his other personas that are replying or accusing or threatening or whatever.

And that I think he’s had us fooled for quite a while.

Occasionally I return to the Friday squid posts to see if it’s full of nonsense comments as always.

I hope you can find a solution.

All the best,
Bob

Robin June 20, 2024 3:20 AM

Three cheers, and thank you for testing new solutions before going full lockdown.

But like @Pseudonymous Jeffrey I will be sad to see the constructive Squid comments go, while acknowledging that they are getting harder to find amongst the rest and shutting down for now is probably a good tactic. I have found many a topic to explore further from the Squid snippets posted by a small handful of contributors. I hope that some method will emerge for re-instating them in the future.

Perhaps when the dust settles, we could do a collective brainstorm of ideas, from slower publication to a limited number of characters to other more sophisticated methods?

understanding down June 20, 2024 6:15 AM

Also, maybe this is an opportunity to use a comments form more secure than Google’s?
I apologize if my S:N ratio was too weird. Some LSB people elsewhere needed that. MIR

wiredog June 20, 2024 6:26 AM

Insert “Argument Clinic bit” here.

There are only two other places I go to that allow comments from people who aren’t logged in with an account: One is Reactormag (formerly tor.com, the SF publisher), and they hold them for moderators and also have a lot more resources than one guy running a bespoke blog. The other is Dave Barry’s website, and the comment section there is getting more toxic and politicized.

Dinah June 20, 2024 6:33 AM

I’ve received three e-mails in the past couple of months about people who have given up on comments because of the toxicity.

I largely gave up on them long ago. Partly for toxicity. Partly because I realized that I first started regularly following you in the RSS days because I value your expert opinion and the comment section is, well, to paraphrase a great man: ask amateurs to comment about security and you get amateur comments about security.

I am going to disable comments on the weekly squid posts.

Losing most comments will be no loss. However, my understanding is that you use the squid comments as an invite for missed news items. Assuming those comments provide value, do you have an alternative plan for collecting missed items?

iAPX June 20, 2024 6:59 AM

Aren’t rules created to be hacked? 😉

The more rules the more loopholes and the more problem to enforce them with consistency.
This seems a very simple set of rule, and a very reasonable one.

The ability to comment on a gentlemen’s agreement without having to register beforehand is refreshing, thanks for this space and community!

Clive Robinson June 20, 2024 7:49 AM

@ Charles, ALL,

“What do you think about requiring identity verification for all social media accounts, via third-party identity verification services?”

I personally think it’s a very bad idea.

For quite a few reasons but primarily,

1, it’s a trust system that will fail and fail badly.
2, It’s an unneeded and unwarranted and effectively illegal surveillance system.

Consider the second point carefully.

As a consumer with cash you can go into a store or similar, make a purchase and leave. The transaction is effectively anonymous. But with the receipt you can take back any goods that are defective and get a refund (which should also be in cash).

As an online purchaser you to should be entitled to the same level of anonymity without question.

You should not have people profiting off of your details that have no need under law to know them.

Likewise in most streets you can walk down them without proof of identity etc.

In the US if you check the law you have various rights not to incriminate yourself and be secure in your person, papers and possessions from unwarranted interference.

Why should the “electronic world” be any different?

I could go on at length about the almost lowest form of scum around like Palantir and similar. That are not just data aggregators but they draw unwarranted inference from the data that they then pass on for profit that others treat as though factual, when there is no evidence to support the claims sold.

Being forced to “produce papers” which is what it is, is what you expect from Police States and similar despotic governments and states.

It takes very little thought to see just how the at very best virtually minimal advantages will be outweighed not just by the cost of running such a system but the very great harms it will cause.

If you can not see this then you realy need to study quite a bit more of history about how such systems of serfdom became murdering police states.

Wannabe Techguy June 20, 2024 8:13 AM

Bruce, what about questions? As my name shows,I’m not an IT professional and I do learn here from you and others(though of course, some of it goes over my head).That being said,some of my questions, like recently when I asked someone why they trust government(any government) were given smart ass replies that didn’t answer my question. Sometimes, I’m just curious what people are thinking.

Andy June 20, 2024 9:31 AM

I maybe haven’t followed enough of Friday posts but is it possible to refer to an example of toxic comment? Maybe sanitized of toxic words? I fear people may be a little too thin-skinned these days. I remember a perfectly-valid comment of mine being flagged to the moderator. I don’t remember the outcome

dbCooper June 20, 2024 10:40 AM

I’ve been a follower since the Counterpane Newsletter days. The past months have certainly seen toxicity in the comments, seemingly from just several users and one very vocal user. It’s so unfortunate when a uncouth minority ruins what a majority enjoys and benefits from. Another example of the unfairness that is life.

Thank you Bruce for trying to salvage this valuable port of the blog. Sincerely hope it does not come to all comments being prohibited.

Jaqulyn June 20, 2024 12:11 PM

While I support this policy on the whole, I am going to miss the comments on the Squid posts. That was the main reason I read them. The vagueness of what is considered on topic allows for people to discuss and link to some really amazing stuff at times.

Clive Robinson June 20, 2024 1:51 PM

@ Bruce, ALL,

The problem with killing the squid page is that a very significant number of news stories that later became threads were fed into the blog.

This “pre-selection” gave everyone the chance to read the story in advance of it becoming a thread and could thus get their thoughts in order etc.

Now a story that is very old to me and I’ve been waving a red flag over which is the death of E2EE on single devices is now here for all commercial consumer OS’s from Apple, Google, Microsoft because of the now AI hardware in the CPU “neural network support” systems. All of which now will sit there and read the User Interface for “Surveillance Purposes”

The Bull-Scat put out by Apple and Microsoft is “Child Protection” it’s nothing of the sort. It monitors everything you do and in MS’s case updates a series of databases every 5secs or if the database is online in the cloud as often as it can do.

The story the other day that MS were pulling back on it is “a steaming load” as they say as it’s a Beta product in Win-11 that is still very definitely moving forward.

Any way although I’ve been warning about this killing of E2EE by end-running it on the device, and giving advice and mitigation for over a decade… For many it’s snuck up on them apparently without warning, which is why videos like,

https://m.youtube.com/watch?v=c52pKpYeZ74

Are starting to appear.

Jon June 20, 2024 2:10 PM

I rarely post but I do frequently read comments. Perhaps a function could be introduced for viewers to tag toxic/unnecessary/off topic comments so readers can be a first pass of review. That way you and others don’t have to necessarily read all the comments – just those that are flagged.

A next step would be to ban repeat offenders. One of the comments above raised the thought that a handful of commenters were generating most of the toxic comments. Perhaps they can be at least partially managed this way.

Charles June 20, 2024 2:58 PM

@Clive Robinson

You have misunderstood my intent, along with the proposed implementation. Here’s a simple analogy that will help everyone understand. If you have ever been to a nightclub, you will know that many of them do identity and age verification at the door, and will give you a wristband or stamp to indicate that you have passed the verification. They don’t care who you are, retain your information, or care what you do once you are inside. Same goes for the bartenders inside: they don’t care who you are, and you remain effectively anonymous. There’s no way to trace your wristband back to your ID.

David Rudling June 20, 2024 5:48 PM

I understand some people’s concern concern about being unable to raise possibly interesting news topics without the Friday Squid thread.
However if the moderator is reading every post it shold perhaps be possible to post on any current topic something like:-

@Moderator
OFF TOPIC NEWS ITEN
Lorem ipsum dolor ,,,

giving the possibility for a message judged to be of sufficient value to be trasferred by either the modeastor or Bruce to a “New Item” thread instead of the one it was notionally submitted to, assumig this is feasible.
Of course it is our host’s blog and this may smack of allowing others to seek to hijack it.

Clive Robinson June 20, 2024 7:54 PM

@ Charles

“You have misunderstood my intent, along with the proposed implementation.”

Err not really I’ve “previous knowledge” of how such systems work in the real world rather than in theory, and the two are more than a country mile apart for “legal reasons”.

“If you have ever been to a nightclub, you will know that many of them do identity and age verification at the door, and will give you a wristband or stamp to indicate that you have passed the verification.”

By law in most places they are not allowed to record your ID, but such laws do not apply “online”, in fact the very opposite for a multitude of reasons, including US companies claiming they were “safe harbour compliant” when they were nothing of the sort. Hence the increasingly more stringent EU legislation.

But I have already described such a physical world “receipt” system. And the reason the stamp is not traceable backwards is that it is a physical real world tangible object that is too complex to use “serial numbers” or similar to make it traceable with (although time-stamp and CCTV systems are now being combined for “Patron Safety”).

Online systems however, supposedly to “prevent fraud”, are almost always a 100% traceable system with the equivalent of crypto protected serial numbers.

All this US company noise about anonymous tokens is nothing of the sort. Because they keep a record of both sides of the token. As either a user or business you only ever get to see one side. The token arbitrator how ever gets to not just see but record both sides. This they can and do store away “to be compliant with US Legislation” and also “give for free” to the US Government for “legal immunity” protection.

44 52 4D CO+2 June 20, 2024 10:09 PM

@Clive Robinson

Did you watch the full video you cited?

https://m.youtube.com/watch?v=c52pKpYeZ74

Towards the end, he proposes a solution of tacking on DRM to a data diode setup.

Smells like snake oil to me.

Better for people to operate under the assumption that “two can keep a secret, if…”

Blaziken June 21, 2024 1:44 AM

@Bruce

As a long time lurker and occasional poster, I’d like to apologise on behalf of the user community. You provide an excellent service, and it is shameful that we cannot be trusted to moderate our own behaviour.

Your position on allowing anonymous posts should be applauded.

I strongly relate to your analogy that this is like a gathering in your home. I can’t imagine the recent unpleasantness taking place at (say) a dinner party.

Please keep up the good work, and thankyou for persisting in the presence of those of us who cannot manage even a small degree of self control.

loon June 21, 2024 2:56 AM

The squid entries are … interesting, i guess? But if i want to learn about squid i go to zoo-sites. I come here to learn about security, and the friday free-for-all was a nice way to get to know a sort of stream of consciousness for the crowd that gathers here. So very sad that you deem this neccessary – how about you leave the friday comments open, and put a triggerwarning up top? Or perhaps you even find someone itching to do something fun like this : https://linus-neumann.de / 2013/05/die-trolldrossel-erkenntnisse-der-empirischen-trollforschung/

Anyways, kudos for financing a moderator out of pocket – and a humble request: both the submission and the eventual decision will be logged, so could you please have a scripted note that tells prospective commenters what the current mean time to publication(-decision) is? Some comments are not worth it if they trundle in 3 days after the fact.

Z.Lozinski June 21, 2024 6:48 AM

I understand why, but it’s frustrating that one of the spaces on the internet where we can have reasoned discussions on security is attacked by griefers.

I for one really appreciate the effort Bruce puts into keeping this blog going, and the depth of comment from the regulars. I have always thought it is a nice touch that a group focused on secutity works off reputation without requiring log-ins and it would be a shame to lose that.

An aside on identity. I shared a flight with Chris Holloway (who for a time was iBM’s chief cryptographer). We were discussing identity, and he observed that in practice most identity was attestations by various authorities (all the way from your mates down the pub, the company HR department to government-issued identite) they had come across you before. He observed the only way to get definitive knowledge of person’s identity was in the maternity ward, before the umbilical cord is cut, as after that point there is always a way to defeat whatever system is in place. Which then comes back to the idea that the attestation of a group that knows / interacts with you.

Robin June 21, 2024 9:52 AM

A number of commenters have remarked on the fact that Squid posts often contain interesting and/or useful snippets, links or news items that we might not have seen ourselves.

Can I make a tentative suggestion: that a mechanism be found for people to flag up items of interest. A sort of mini-comment: a meaningful title, short (200 words?) description, a link to further information. No other discussion or commentary.

The idea no doubt needs refining; guidelines for what is “interesting”; ways to avoid hacking/contaminating/bots need to be thought through; acceptable ways to announce links found; perhaps some collective moderation with upticks (and downticks?).

Obviously a lot depends on how – or even if – this could be integrated into the existing blog. Is it worth thinking over?

@Moderator: if this is something Bruce would definitely rather not do, then please just send this comment straight to the waste-bin!

SomeFox June 22, 2024 4:51 AM

I have noticed a change in tone in the comments since a while and I feel minimal non-invasive screening like this is much welcomed.

If by all means even editing should be an option, by this I mean cutting out needless parts and put […] placeholders.

The fastest way for me to completely ignore a comment is this: “@ALL”
By default any comment is for everyone to consume. This type of attention grabbing behaviour needs to be curbed.

Maybe the editor will see this, but I won’t make the effort of writing an email for this suggestion. Thanks for the blog and thanks for leaving the comments open, for now.

Michael Elling June 22, 2024 7:19 AM

“well, I guess this doesn’t technically quite break a rule,” but “is this actually contributing.”

Good to see the notion of “incentives” brought into the picture. But this is a heavy handed and non-scalable approach. What if incentives and disincentives were built into the code in a far more subtle and generative and sustainable and scalable way. Subtle, as the author suggests people reflect how much skin do they put in the game. Generative, such that it adds to the original content or commentary, provides an alternative perspective, or debunks the discussion or opinion with fact. Sustainable, in that things are not constantly repeated and therefore wasteful for everyone. Lastly scalable, in terms of time, cost, applicability, usability, etc…

Comments have been broken from day one because the internet itself lacks a global incentive and disincentive system. But we can start with comments to fix the problems of the mothership.

JG5 June 22, 2024 9:10 AM

Sorry to not have had much to say lately. Unpleasantly busy. I try to follow and was saddened by the degradation of discourse. I think of Bruce, Clive, and MarkH often, and hope that they are doing well. I remain interested in participating in a broad discussion of security topics, from computer security to all of the things that it touches. As long as we are up-voting topics of interest, it would be a nice touch to be able to down-vote the petty sniping. Unfortunately, any credible voting scheme requires something roughly equivalent to a login. Or someone will loose the kraken-bots.

Metalobster June 22, 2024 3:28 PM

Ouch, I’m going to miss the squid comment thread. I check the rss occasionally but on weekends I often enjoy skimming last weeks’ squid thread. Yeah there are better sources for security news but I enjoy the discourse captured by those threads and specifically Clive’s contributions. I proposed a “comment barber” browser extension a few years ago when we saw a significant uptick in political trolls (no one liked the idea but I found it useful for ignoring the trolls).

I agree it has gone off the rails lately, but surely there is some middle ground besides disabling comments on it. Would you accept financial donations for additional moderation?

Dancing on thin ice June 22, 2024 4:12 PM

@Clive Robinson

By law in most places they are not allowed to record your ID

The large nightclub I worked for used a vcr to record an id along with the person presenting it as far back as the 1980s.
It proved useful proving the club was careful when it was raided. The kids had thrown out the fraudulent ids they presented and showed officers their real identification.

A quick look of the United States brought up only 1 state that prohibits the practice but several others that require it for purchasing liquor.
There are stipulations on who has access and how long to retain it such as police investigations. (Though we both know that may not always be true.)

44 52 4D CO+2 June 22, 2024 11:21 PM

@Escaped the Moderator

I’ve never had a reason to look at that site (//soylentnews.org/article.pl?sid=24/06/20/1558253)

100+ comments, most of them unrelated to the new policy here. There is an interesting question posed though – why do some want to destroy anonymous forums – I don’t think it should be that difficult to speculate about possible motivations.

Quickly5407 June 23, 2024 1:44 AM

If somebody does not deserves to deal with this is you, Bruce.

It is incredible how you are looking for other solutions than disabling comments or requiring verified accounts, unlike the… 95% of the Internet?

I want to thank you for this blog, you are always a trusted source in which I can rely on to understand complex things (such as TPMs dilema).

I wonder if the old Internet was always as toxic as it is now? Do you think that there might be ways of correcting toxicity?

Anonymous June 23, 2024 4:55 AM

First off I express my condolences regarding Ross Anderson.

Second of all I cannot say I am terribly surprised by this outcome. And with fear of hypothetical LLM powered ‘spam bots’ it calls into the question the potential feasibility of anonymous commenting systems on the Internet altogether.

While LLMs seemingly have issue with differentiating between factual and fictional information I would be curious if modern day ‘sentient analysis’ could keep some of the trolls and other timewasters at bay. Just an idea.

JazzHandler June 23, 2024 10:06 PM

I’ve only commented here a couple times over the years, but I have learned SO MUCH from this blog. Much of it from the comments on the squid posts. True, a lot of it is knowledge that I never needed, but I still enjoy having it.

So I hope you find a way to keep the comments, but if not, I’m still quite grateful for this site and everything I’ve learned by reading it.

Thomas Stone June 24, 2024 11:13 AM

Bruce,

As far as I am concerned, your blog is required reading for everyone who is concerned about security. I strongly recommend it to all the other security developers that I work with. You constantly open our eyes to issues we were not aware of but need to be concerned about.

The above will not change even if comments are disabled. It will be sad if it comes to that but it is wholly understandable. Just don’t stop blogging. You are a cherished resource in the crowd I hang with.

Esker Riada June 24, 2024 11:39 AM

Readers run the gamut from teen gamers to academic luminaries.
The comments do seem to drift toward the lowest common denominator in this egalitarian model.
Charge money for premium access – that should sort it out!
As an aside, I would like to see commenters self-sanitize. We all have opinions on good guys, bad guys, state actors, etc., but conjecturing at every opportunity that Putin is behind all digital evil or that Biden is responsible for this, that and the other thing is puerile. Where possible the community should focus on technicalities without policiticizing.

Who? June 25, 2024 11:14 AM

@ Charles

What do you think about requiring identity verification for all social media accounts, via third-party identity verification services? User anonymity can be maintained, as identity verifiers need only to pass back to website requesting identity verification an affirmative response, and some sort of identity token. My assumption is that this process would ensure website operators are able to enforce bans of abusive users, and mitigate the effects of bots and trolls, while maintaining plausible anonymity.

I would suggest you reading the book “Privacy is Hard and Seven other Myths,” by Jaap-Henk Hoepman:

https://mitpress.mit.edu/9780262547208/privacy-is-hard-and-seven-other-myths/

I think you will find the chapter on third-party identification services illustrative on how leaky these services are right now (and how powerful, being a central point where surveillance against you is easy). Of course, there are ways to turn these authentication services more privacy-friendly, but do you really think these services really want to be privacy-friendly?

In general I like this book, but Mr. Hoepman has too much confidence in laws as a mean to protect citizens, at least in Europe. I think differently, our well known regulations (e.g. GDPR) are here to protect the interests of corporations, not citizens. After all, Governments are owned by high-tech, not citizens.

I think the goal of this forum —please, Bruce, correct me if I am wrong— is preserving the anonimity of readers as much as possible, because some matters we talk here can be challenging if we lose anonimity.

Anonny Mouse June 25, 2024 6:46 PM

If the new policy does not work, there is one more that can be tried. Replace the comments with an invitation to send a “letter to the editor.” From time to time the best letters can then be published. More brutal, but it does not require an excessively timely response to received letters, while making the filter more or less aggressive as resources permit.

Noah June 25, 2024 8:30 PM

FWIW, I’d be interested in knowing the rate of received comments after a few months. Not because I think or want the number of useful comments to drop off, I’m more interested in whether the rate of crappy comments (rightfully) blocked by the mods goes down over time. Put another way, does the policy actually cause people to stop submitting crud, or does it continue regardless? Not that I’d be able to do much (if anything) with the info, but I sure am curious.

Herman June 26, 2024 10:47 AM

@Anonny Mouse

I believe this is the worst idea. You don’t need to select “the best” comments, you only need to filter the worst. Trolls usually don’t return if you take away their soap box and audience.

A sadist unable to get a reaction is never satisfied. Of course the moderator is the only soul exposed to possible unfiltered abuse. Which is why you should have several moderators to limit the abuse potential.

vas pup June 26, 2024 2:44 PM

@Bruce stated “1) are on topic, 2) contribute to the discussion, and 3) don’t attack or insult anyone.”

He agrees those are subjective in nature. When you have no objective criteria that is always huge place for misuse.

For IT and security in general (even when it subject related to humans as a weakest link) 2+2=4 not whatever is subjectively feasible.

Moreover, sanitizing post by name only not by subject without notice is leading for double standard. That may apply when blog is in Liberal Arts not security.

I hope You and Moderator will read and keep this post.

44 52 4D CO+2 June 26, 2024 9:11 PM

@Noah

I’d bet the flood of crappy comments has already dropped precipitously. You’d now have to wait a long time before responding to your own posts without making it obvious that you are submitting crud. It’s like starving a fire from oxygen.

Leave a comment

All comments are now being held for moderation. For details, see this blog post.

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.