Mod Page Permissions Update

[ScytheBearer]

On 12/17/2024 at 9:16 AM, Dark0ne said:

It's about creating barriers to entry for malicious actors. If they have to jump through hoops which take days (to accumulate 1,000+ UDL), rather than minutes (to make new accounts/steal accounts with no previous mod uploads), to spread the links to their viruses that last all of 10-30 minutes up on the site before a moderator removes them then it becomes far more hassle to them than it's worth. Now users can help warn others about the malicious nature of these files, via the comments section, while they wait for moderators to action the reports.

We know what we're doing. We really don't need the negativity.

Sorry, but I am gonna shout some reality into your echo chamber.  I know in this new Orwellian World we live in "reality is negativity", but ... c'est la vie. 

First, these new restrictions neither changes, interrupts nor disrupts the malware uploaders' process, so it won't slow them down, let alone stop them.  Your "solution" is unrelated to the problem it purports to address.   If you want to make a barrier, create a deeper vetting process for mod uploaders, a process more restrictive than the perfunctory one time email address verification used to vet average users.  One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

Second, these new restrictions could actually penalize legitimate "new mod makers" by opening them up to spammers.  New Mod Makers can no longer block the avenues by which detractors harass and harangue mod makers. 

Third, these new restrictions assume the majority of mod users actually read past the mod title and/or viewing the pretty picture before clicking the download button.  Hell, most casual users don't even bother to read the whole description so how many can one realistically expect will actually make it to the comments or bugs tabs before downloading?

Finally, I take exception with the statement "We know what we're doing".   History (20x20 hindsight) seems to invalidate that statement.   But, that is a discussion unrelated to the topic at hand and best left for another time. 

I have said my piece.  Via con dios. 

[Dark0ne]

Quote

Sorry, but I am gonna shout some reality into your echo chamber.

Hello pot, you're black.

Quote

First, these new restrictions neither changes, interrupts nor disrupts the malware uploaders' process, so it won't slow them down, let alone stop them.

You mean, the process where they make a mod page and turn off comments and bug reports straight away? Ok.

Quote

One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

Actually a good idea that we have considered, but one requiring quite an extensive rewrite of both the users service and the mods service (which is already planned). We're looking for quick wins at this stage until we can spend the many months of work on more complex solutions.

Quote

Second, these new restrictions could actually penalize legitimate "new mod makers" by opening them up to spammers.  New Mod Makers can no longer block the avenues by which detractors harass and harangue mod makers. 

New mod authors getting "spammers" and "harangued"? What are you going on about? This is a strange clutch.

After 1,000 UDL, not a large ask by any stretch as some have already mentioned, their tool suite increases.

Quote

Third, these new restrictions assume the majority of mod users actually read past the mod title and/or viewing the pretty picture before clicking the download button.  Hell, most casual users don't even bother to read the whole description so how many can one realistically expect will actually make it to the comments or bugs tabs before downloading?

The assumption is on your end. What was actually said was, "To further improve your safety in the community, we've changed the default permissions on mod pages to combat this." and "Now users can help warn others about the malicious nature of these files, via the comments section, while they wait for moderators to action the reports."

If it can help to warn a few more users about the malicious nature of the links in the readme.txt documents in these fake mods, which it will, then that's great.

Quote

Finally, I take exception with the statement "We know what we're doing".   History (20x20 hindsight) seems to invalidate that statement.   But, that is a discussion unrelated to the topic at hand and best left for another time. 

Ah yes, another good giggle from you again, thank you. Here I am, 23 years later, having created, bootstrapped and run this community from nothing to tens of millions of users a month, growing year on year since the start, with clearly no clue of what I'm doing! Silly me 

Once again, I do wonder why you are still here, using this site when you're always so desperate to come in and "shout some reality" and criticise our actions whenever possible? Is it perhaps time for you to move on, because this merry-go-round with you is getting tedious. It's been over 3 years now. You either need to get over it and stop the bitter, banal gibes or you need to leave. I'm bored of it.

[showler]

45 minutes ago, ScytheBearer said:

New Mod Makers can no longer block the avenues by which detractors harass and harangue mod makers. 

Should such a problem occur to a new modder they can contact the moderators to have the comments section disabled.

[Gantz79]

I would like to make a small note, neither @Xilandro, nor @kevkas, nor I at any time have said or stated that those responsible for this site do not know what they are doing and did not want to spread negativity of any type, we just wanted to contribute a small opinion on something because we think this is a community where you can participate openly.

It seems that for some reason you have a very thin skin and immediately you take everything to heart, I think it would be a good thing for the ecosystem to follow you advice of “If you do not like something or have nothing constructive to add, it's best to simply move along”, but it is already clear that what I think or what the community thinks is not in the interest, OK.

Translated with DeepL.com (free version)

[Dark0ne]

6 hours ago, Gantz79 said:

I would like to make a small note, neither @Xilandro, nor @kevkas, nor I at any time have said or stated that those responsible for this site do not know what they are doing and did not want to spread negativity of any type, we just wanted to contribute a small opinion on something because we think this is a community where you can participate openly.

It seems that for some reason you have a very thin skin and immediately you take everything to heart, I think it would be a good thing for the ecosystem to follow you advice of “If you do not like something or have nothing constructive to add, it's best to simply move along”, but it is already clear that what I think or what the community thinks is not in the interest, OK.

Translated with DeepL.com (free version)

You need not worry, my recent comments were merely directed at Scythe. He has been a known contrarian on the site and of me ever since the changes we made in 2021 and will never miss an opportunity to try and get his bitter digs in whenever he can.

We normally just delete his misguided comments and move on, but after 3 years it's time for us to move on, so last night's message is the final warning for him. 

[Squirrel97]

If someone comments on these mods to warn others, couldn't the one who uploaded the mod still just immediately remove the comment and ban/block the commenter instead?

[Pickysaurus]

28 minutes ago, Squirrel97 said:

If someone comments on these mods to warn others, couldn't the one who uploaded the mod still just immediately remove the comment and ban/block the commenter instead?

They could, yes. But they have to waste their time sticking around to keep on top of the comments section to do so. Most of these posts are a "drop and run" so they don't even look at the page once it's published. 

[Lollia]

On 12/18/2024 at 5:21 PM, ScytheBearer said:

One solution might be to require mod uploaders to create and maintain a 2FA account using a legitimate authentication application and requiring re-authentication at each upload request which would elongate and change their process.

 

23 hours ago, Dark0ne said:

Actually a good idea that we have considered, but one requiring quite an extensive rewrite of both the users service and the mods service (which is already planned). We're looking for quick wins at this stage until we can spend the many months of work on more complex solutions.

 

If this should come to pass, and if this would happen to be the 2FA format I am thinking of, could you please possibly consider not making it fully mandatory, or at least have some sort of option that does not require a phone? I would be more than happy to provide a second email address for purposes of authentication.