shadytail: (Default)
shadytail ([personal profile] shadytail) wrote in [site community profile] dw_biz 2012-04-12 01:52 am (UTC)

When a community moves over, DW will often generate a special invite code which the community and all its members can use. Would something similar work for mass individual account creation? That is, when an account creator would have to apply for a mass-creation token when they hits some threshold of scrutiny (according to any of the criteria mentioned in the post: number of accounts created, proportion with similar usernames, usage patterns, previous squatting, all of the above, etc.).

It might take some effort to implement, but when the threshold is reached, the account creation page sends you to a mass-creation request form, which you'd have to fill out with the reason for all of the accounts. Submitting the form would alert Support to a possible problem. This way Support and/or Abuse gets a feel for legitimate vs. squatting patterns and can fine-tune the scrutiny criteria accordingly. Also they'll know usage patterns change enough to justify updating the criteria (for example, when they get annoyed at having to review a bunch of perfectly legit applications.)

Hopefully the scrutiny criteria could be set so that they don't affect most RPers, but some would definitely be affected. So to offset the hassle, maybe mass-creation tokens could be requested directly through a form which would make it easier to create a bunch of accounts at once. You'd have to ask what features it'd need: usernames, basic setup info per account, and an explanation of the purpose of the accounts. The form would get routed to Support, who can review it (hopefully most of them could be rubber-stamped). Then the system could just use that form to automatically create and set up all the accounts. Since I'm not an RPer, I'm open to feedback about whether this would make life easier or not and what should be on it.

The idea is to put a small barrier to problematic levels of account creation. The gray area gets monitored but not prohibited, and ideally the legit users get something to reduce the added inconvenience.

---

About scrutiny criteria: my first thought is control charts. Not that you'd necessarily want to set up control charts for account creation, but the idea of a control chart is to let you know when a process starts misbehaving. For instance, the concept of upper and lower control limits and warning zones might be useful. I think a lot of the setup could come in handy in deciding when to start looking more closely. The NIST handbook has a nice chapter on control charts.

Over the years people have developed lots of rules for detecting an out of control process (that is, one that's not behaving like itself), which I think would be a good source of ideas on when it's worth taking a closer look at account creation. I'm pretty sure I learned a subset of the Western Electric rules in quality control class. The Wikipedia article has better pictures.

Dreamwidth isn't so much trying to detect changes in the account creation process as filtering out abuses in account creation, so using control charts directly isn't appropriate. I gather they can lead you astray if you're not careful. But both problems involve figuring out what's normal variation and what's signaling a problem early on so you can deal with it.

Post a comment in response:

From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.