Jump to content

Mod Page Permissions Update


Pickysaurus

Recommended Posts

On 12/17/2024 at 9:16 AM, Dark0ne said:

It's about creating barriers to entry for malicious actors. If they have to jump through hoops which take days (to accumulate 1,000+ UDL), rather than minutes (to make new accounts/steal accounts with no previous mod uploads), to spread the links to their viruses that last all of 10-30 minutes up on the site before a moderator removes them then it becomes far more hassle to them than it's worth. Now users can help warn others about the malicious nature of these files, via the comments section, while they wait for moderators to action the reports.

We know what we're doing. We really don't need the negativity.

Sorry, but I am gonna shout some reality into your echo chamber.  I know in this new Orwellian World we live in "reality is negativity", but ... c'est la vie. 

First, these new restrictions neither changes, interrupts nor disrupts the malware uploaders' process, so it won't slow them down, let alone stop them.  Your "solution" is unrelated to the problem it purports to address.   If you want to make a barrier, create a deeper vetting process for mod uploaders, a process more restrictive than the perfunctory one time email address verification used to vet average users.  One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

Second, these new restrictions could actually penalize legitimate "new mod makers" by opening them up to spammers.  New Mod Makers can no longer block the avenues by which detractors harass and harangue mod makers. 

Third, these new restrictions assume the majority of mod users actually read past the mod title and/or viewing the pretty picture before clicking the download button.  Hell, most casual users don't even bother to read the whole description so how many can one realistically expect will actually make it to the comments or bugs tabs before downloading?

Finally, I take exception with the statement "We know what we're doing".   History (20x20 hindsight) seems to invalidate that statement.   But, that is a discussion unrelated to the topic at hand and best left for another time. 

I have said my piece.  Via con dios. 

Link to comment
Share on other sites

Quote

Sorry, but I am gonna shout some reality into your echo chamber.

Hello pot, you're black.

Quote

First, these new restrictions neither changes, interrupts nor disrupts the malware uploaders' process, so it won't slow them down, let alone stop them.

You mean, the process where they make a mod page and turn off comments and bug reports straight away? Ok.

Quote

One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

Actually a good idea that we have considered, but one requiring quite an extensive rewrite of both the users service and the mods service (which is already planned). We're looking for quick wins at this stage until we can spend the many months of work on more complex solutions.

Quote

Second, these new restrictions could actually penalize legitimate "new mod makers" by opening them up to spammers.  New Mod Makers can no longer block the avenues by which detractors harass and harangue mod makers. 

New mod authors getting "spammers" and "harangued"? What are you going on about? This is a strange clutch.

After 1,000 UDL, not a large ask by any stretch as some have already mentioned, their tool suite increases.

Quote

Third, these new restrictions assume the majority of mod users actually read past the mod title and/or viewing the pretty picture before clicking the download button.  Hell, most casual users don't even bother to read the whole description so how many can one realistically expect will actually make it to the comments or bugs tabs before downloading?

The assumption is on your end. What was actually said was, "To further improve your safety in the community, we've changed the default permissions on mod pages to combat this." and "Now users can help warn others about the malicious nature of these files, via the comments section, while they wait for moderators to action the reports."

If it can help to warn a few more users about the malicious nature of the links in the readme.txt documents in these fake mods, which it will, then that's great.

Quote

Finally, I take exception with the statement "We know what we're doing".   History (20x20 hindsight) seems to invalidate that statement.   But, that is a discussion unrelated to the topic at hand and best left for another time. 

Ah yes, another good giggle from you again, thank you. Here I am, 23 years later, having created, bootstrapped and run this community from nothing to tens of millions of users a month, growing year on year since the start, with clearly no clue of what I'm doing! Silly me 🙃

Once again, I do wonder why you are still here, using this site when you're always so desperate to come in and "shout some reality" and criticise our actions whenever possible? Is it perhaps time for you to move on, because this merry-go-round with you is getting tedious. It's been over 3 years now. You either need to get over it and stop the bitter, banal gibes or you need to leave. I'm bored of it.

  • Like 1
Link to comment
Share on other sites

I would like to make a small note, neither @Xilandro, nor @kevkas, nor I at any time have said or stated that those responsible for this site do not know what they are doing and did not want to spread negativity of any type, we just wanted to contribute a small opinion on something because we think this is a community where you can participate openly.

It seems that for some reason you have a very thin skin and immediately you take everything to heart, I think it would be a good thing for the ecosystem to follow you advice of “If you do not like something or have nothing constructive to add, it's best to simply move along”, but it is already clear that what I think or what the community thinks is not in the interest, OK.

Translated with DeepL.com (free version)

Link to comment
Share on other sites

6 hours ago, Gantz79 said:

I would like to make a small note, neither @Xilandro, nor @kevkas, nor I at any time have said or stated that those responsible for this site do not know what they are doing and did not want to spread negativity of any type, we just wanted to contribute a small opinion on something because we think this is a community where you can participate openly.

It seems that for some reason you have a very thin skin and immediately you take everything to heart, I think it would be a good thing for the ecosystem to follow you advice of “If you do not like something or have nothing constructive to add, it's best to simply move along”, but it is already clear that what I think or what the community thinks is not in the interest, OK.

Translated with DeepL.com (free version)

You need not worry, my recent comments were merely directed at Scythe. He has been a known contrarian on the site and of me ever since the changes we made in 2021 and will never miss an opportunity to try and get his bitter digs in whenever he can.

We normally just delete his misguided comments and move on, but after 3 years it's time for us to move on, so last night's message is the final warning for him. 

Link to comment
Share on other sites

28 minutes ago, Squirrel97 said:

If someone comments on these mods to warn others, couldn't the one who uploaded the mod still just immediately remove the comment and ban/block the commenter instead?

They could, yes. But they have to waste their time sticking around to keep on top of the comments section to do so. Most of these posts are a "drop and run" so they don't even look at the page once it's published. 

  • Thanks 1
Link to comment
Share on other sites

On 12/18/2024 at 5:21 PM, ScytheBearer said:

One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

 

23 hours ago, Dark0ne said:

Actually a good idea that we have considered, but one requiring quite an extensive rewrite of both the users service and the mods service (which is already planned). We're looking for quick wins at this stage until we can spend the many months of work on more complex solutions.

 

If this should come to pass, and if this would happen to be the 2FA format I am thinking of, could you please possibly consider not making it fully mandatory, or at least have some sort of option that does not require a phone? I would be more than happy to provide a second email address for purposes of authentication.

  • Like 1
Link to comment
Share on other sites

So, I saw one of those scam mods last night (In my time zone) and it seems they just play around the changes in a few ways.

For the Posts tab, they still work around it by preventing posting as a whole. There was the "No Posts can be made" message when on the tab. So while the Posts section is available, nothing can be posted, thus preventing flooding of "This is a fake mod!" warnings.

For the Bugs tab, they seem to be sticking around enough to delete, or otherwise hide any posts detailing how the scam mod is fake. If not sticking around, they most likely have a bot system to see if there's any posts and set them to delete/hide any warning posts.

Going on the above, I wager even if Posts were forcibly enabled in a similar way to Bugs, I wager the scammers would simply set up another bot to monitor posts and attempting to delete/hide warnings.

So there are still a few tiny flaws, but I'm not sure how they can be addressed without potentially messing with Nexus' systems more.

Link to comment
Share on other sites

5 hours ago, Zach9o9 said:

For the Posts tab, they still work around it by preventing posting as a whole. There was the "No Posts can be made" message when on the tab. So while the Posts section is available, nothing can be posted, thus preventing flooding of "This is a fake mod!" warnings.

So they could still just lock the post tab/thread instead? So these changes only prevents them from disabling the tab entirely. I thought it would also prevent them from locking it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...