denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_biz2012-04-11 06:02 pm

RFC: username squatting: how should we handle it?

So, one of the things that has come up repeatedly recently is the question of username hoarding and account trading/selling. We've been trying very hard to work out a policy to manage the problem (and how to handle it when it happens) that will be fair to everyone and will only affect people who are honestly abusing open account registration, not people who are using the site legitimately.

People have reported some of the most egregious squatting/hoarding and trading, and we've been holding off on taking any definite actions because we've been having trouble formulating a policy that's fair to everyone and working out what consequences there should be.

We have an idea of what we think we should do, but we also know that this has the potential to negatively affect people who are using the site in a performative/creative style (roleplay, fiction projects, collaborative performance art) instead of a personal journaling style. We don't want to interfere with that legitimate use, so we'd like to hear feedback. To keep the discussion away from "pick holes in a specific proposal", I'm not going to share the full range of what I'm thinking yet; instead I'm going to lay out the problem and let everybody brainstorm.

The goal here is:

* To formulate a policy regarding username squatting that prevents squatting, without placing undue restraint on the many and varied ways people use Dreamwidth for performative/creative work;

* To prevent rewarding people for bad behavior and encourage fair play and community responsibility;

* To prevent username trading and selling (which is not only a violation of the Terms of Service but is a very bad idea because a traded account will never and can never be secured);

* To take away the advantages of username squatting/hoarding with minimal administrative overhead and in a way that returns desireable squatted usernames to the pool of available usernames.

1. The Problem

Open account registration means that people can create accounts easily, which is great for activity and ease-of-use but has also led to multiple people creating hundreds of accounts in order to sit on usernames they think will be useful or valuable later.

This is a problem for multiple reasons:

* It leads to people trading or selling usernames that have some kind of value to the community. (A side note: Trading or selling an account is against the Terms of Service, because a traded account will never again be secure or secureable. We have asked and asked and asked people to stop doing it, and it's still happening. We're likely going to start cracking down more on account trading and selling, whether it happens on or off Dreamwidth. If you have an account you don't want to use anymore, set its status to 'deleted', and the username will be available for renaming to after it's fully purged from the system; the rename process is deliberately set up to both move the old contents of the account out of the way and to prevent security problems in the future.)

* It leads to people registering accounts and usernames they have no intention of ever using, because those usernames have value and can be used in those trades. This prevents people who would actually use the account (and the username) from having access to those usernames, and encourages people who would not otherwise want to violate the Terms of Service to participate in account trading because they want those usernames.

* It rewards people who are behaving badly and penalizes people who are not behaving badly, encouraging a "land grab" mentality where people who would not otherwise behave badly feel that they have to act now or lose out. (In short, it's a textbook example of the tragedy of the commons.)

* It results in hundreds of accounts with usernames that are desireable to the community sitting around empty and unused.

* It requires us to spend dozens of person-hours adjuticating disputes, handling complaints, and researching situations of username hoarding and account trading, which is time that could best be spent elsewhere.

(One note I should also add: for all of this, I'm only discussing personal accounts -- not communities. Communities can be passed from admin to admin without the same security risk.)

2. Additional Considerations

Putting any kind of numbers on what constitutes "legitimate" use, and addressing any question of how many accounts one person can have, quickly runs into a problem. There are legitimate reasons to have and use multiple journals, and any time you try to quantify the question, you quickly run into the problem of separating abusive account registration from legitimate account registration. There is simply no easy way to put one set of numbers down and say "this is the limit", because Situation A can wind up being abusive account registration despite not hitting the numbers (if the person registering the accounts has no intention of ever using them, or is registering them because there's a very slim chance they might want to use them someday but it isn't likely) and Situation B can wind up being legitimate account registration despite exceeding the numbers (if the person is using those accounts, has used those accounts, or honestly intends to use those accounts relatively soon).

(Not to mention, someone with malicious or self-centered intent could always say that they do intend to use the accounts very soon, when in reality they don't intend to use the accounts for anything other than trading, selling, or hoarding.)

We definitely know there are multiple reasons to want to have multiple accounts, and on the surface, it is often impossible to separate abusive account registration from legitimate account registration. It's a spectrum, and it's wickedly hard to develop any kind of objective metric: there is an inherent amount of subjectivity, and intent plays a huge part. (And, of course, we can't know what someone's intent is, not for sure; all we can look at is behavior.)

We do need to do something, though, because there are few definite cases of what we consider abusive account registration going on: not only is it unfair to the community as a whole, but if we don't do something about it soon, the problem will only get worse as others see that there is an advantage to behaving badly and no incentive to not behaving badly.

3. Some Examples

Using some examples from roleplaying that people bring up a lot whenever this sort of discussion arises, I'll give some examples, in order to properly calibrate what I'm talking about.

You'll note that in each of these, instead of giving numbers, I'm saying "a high number of accounts" or "an extremely high number of accounts" -- I don't want to get into giving numbers, because that makes people immediately focus on the numbers and start thinking of ways that they can imagine needing X number of accounts instead of thinking about the underlying questions. Whatever numbers we go with, if we do go with a number-based policy, will almost certainly be set by looking at the actual patterns of registration and use; instead of saying "500 accounts" or "1000 accounts", we will instead say "registration at one standard deviation" or "registration at the 99th percentile" or something like that. (We also won't ever go looking for instances. I'm talking, here, about what we should do when they're reported to us.)

I'm also not defining "activity" (or 'light activity', 'regularly used', yadda) based on concrete numbers -- number of posts, number of comments, etc -- because if we say something like "any account with fewer than 5 posts and 10 comments made by 2 weeks after creation" or whatever, then people who are looking to hoard usernames will create an account, make 5 posts and 10 comments within the first 2 weeks, and continue onward. (Not to mention, people who want to make trouble for other people will hover over accounts that have been created by people who already have a lot of accounts, and on that 14th day will report them to us and say "look, this is being squatted!")

With those caveats in mind, examples of what I would consider all the way over on the "this is probably abusive account registration" side:

* the person who registers an extremely high number of accounts within a very short period, with multiple usernames for every single character they can think of all at once, without any plans to start using those accounts in the near future but just to have the names;

* the person who registers every possible variant of every possible username that they can think of for a particular character in order to try to keep anyone else from being able to play that character without coming to them to trade/sell the account;

* the person who sees that a particular fandom is getting popular and goes to register every variant of every username they can think of for every character in that fandom so that they have a lock on the fandom;

* the person who registers every username they can think of for a character or fandom, then immediately lists them for sale/trade.

All the way over on the "this is probably legitimate account registration" side:

* the person who has a high number of accounts, but regularly logs into each account to make posts or comments with the account;

* the person who's been playing heavily on DW for a long time, so has a high number of inactive accounts that still have content in them (because each account was active once and was retired when the game ended/they dropped the character/etc) who wants to keep the old content for posterity's sake or in order to keep a game's archives preserved;

* the person who plays the same few characters in a number of different games that each require a unique journal, so they have multiple accounts/username variants for each character but each one is regularly (or semi-regularly) used;

* the person who has a high number of regularly-used (or previously-used-but-archived) accounts, but also has a handful of accounts that aren't being used yet, for characters they're developing.

In the middle, and not at all as clear-cut -- things that could be perfectly legitimate if done by Person A but, if done by Person B, could be an attempt to circumvent any policy we wrote by looking like legitimate account registration while really being a cover for abusive account registration:

* the person who has an extremely high number of accounts, a small number of which are heavily used, the larger part of which are very lightly used (one or two posts, the occasional comment), and a large part of which are being held in reserve (any/all of: a placeholder post, a filled-out profile, a lightly-customized style, but no real activity past the initial creation and placeholder setup);

* the person who has an extremely high number of accounts, each of which was very lightly used for a very short period of time and then allowed to fall inactive;

* the person who has an established pattern of registering a large number of accounts for characters they might want to play someday, but who has a pattern of not doing anything with those accounts for a very long time (if at all).

4. The problems of putting that into policy

So: how do we write a policy that allows us to distinguish "almost certainly abusive account registration" from "almost certainly legitimate account registration", is sensitive to the grey areas in between, and can't be easily gamed by people who are trying to look like they're creating legitimate accounts but are really just abusing the system?

One thing that is not helpful in cases like this is looking purely at numbers of accounts registered. Whenever this comes up, some people immediately ask, "Well, what do you need all those accounts for?" There are perfectly legit reasons to have a large number of accounts, though: that is absolutely not in doubt and we don't ever want to get to a place where we put absolute hard limits on usage. People who are using the site heavily are awesome! People who are doing great creative things on Dreamwidth are awesome! We love seeing it!

We just don't want to reward the people who are trying to capitalize on open account registration, and we want to strongly encourage people against registering accounts "just in case". In an ideal world, people would only register an account when they're ready to start actively using it very, very soon. (Barring a margin of error for "I made this account and then my life exploded and I had to put everything on hold for a few months", of course, which is a major problem with any time-based guidelines.)

Another problem: given that there are all these grey areas and all these huge whopping questions of intent, any time something like this is reported to us, it requires a ton of research. We don't want to spend hours of our time looking into every single last case of "this person has a lot of usernames registered" that's reported to us in order to figure out where on the sliding scale of legit vs abusive that particular situation falls. We've got very limited resources for investigating that kind of thing: DW has two full-time employees, three part-time employees, and a bunch of volunteers, but most of those people are technical (and everybody who handles ToS stuff also does tons of other work) and we flat-out don't have the resources to spend much time on this kind of thing.

Any answer has to take all this into account.

5. Disincentives

There are a few disincentives we can apply to prevent username hoarding and trading/selling. There's advantages and disadvantages to each; I won't get too far into them, just list them off and hit the highlights.

The solution can also be a combination of some or all of these, and when we start talking about "eminent domain" type solutions of confiscating squatted usernames, I'm definitely not talking about unilaterially taking all the accounts away from somebody we think is username squatting without contacting them first and talking over each particular, unique situation, arriving at an agreement about what constitutes reasonable usage in that situation, and letting people decide which accounts they want to voluntarily relinquish. I'm also, again, not talking about us going out and actively looking for possible squatting scenarios: I'm talking about what to do when people report potential squatting to us, and we think there's a really good chance that at least some squatting is involved.

That having been said, here are some of the possibilities:

* We can manually rename accounts that have been squatted. We've done this before, in the early days when people were trying to "land grab" popular usernames: the account still belongs to the person who registered it, it just gets renamed from "username" to "ex_username123", just like a rename token does. Big advantage to this one is that it preserves anything that might have been in the account, just under a different username. This makes the system think "username" has never been registered, so it can be created from the account creation page as though it never existed in the first place. Disadvantage is that it is work: we have to write a custom script for each instance.

* We can scramble the password so it can't be logged into, force the account status to deleted, and purge it from the system. This preserves any comments that were made elsewhere (in communities and in other journals) -- they show up with the account username crossed out -- and frees the username up for being renamed to. It can't be registered from the account creation page, but it can be renamed to using a rename token. Disadvantage is that it doesn't preserve any content that was in the account itself, and (like the other option) it's a lot of work.

* We can put in some kind of technical restrictions on account creation, trying to limit how many accounts someone can register per week/month/whatever. (We already do this with communities, in order to prevent landgrabs there: the restriction is set at a level where few people ever run into it during the course of legit use, and those people who do run into it with legit use can just spread out their comm creation over time. Anything we did to similarly restrict personal account creation would be set at a point where we thought people wouldn't run into it regularly unless they were deliberately trying to namesquat, and then be adjustable over time if it gets tripped too often by legit use.) I'm really on the fence about this: I think it would be too likely to interfere with legit use. We could always implement this and then set the limit to something we think is really high, though.

* We can implement some kind of technical restriction on account creation that kicks in after you have a certain number of accounts registered somehow -- either a blanket "after you have X accounts registered, you can only make Y accounts per week/month/whatever", or something that we can enable for specific people who we think are abusing open account registration. The advantage to this (and to the previous bullet point) is that they're relatively hands-off and don't need much attention from us; the disadvantage is that it might start an "arms race" of people trying to work around the restrictions, and it doesn't do anything to handle cases where someone already has an extremely high number of accounts registered.

* We can say that we don't care at all about how many accounts people have registered or whether they're using them at all, but if/when any kind of account trading gets reported to us, we can "confiscate" the account (whether it's already changed hands or whether it's just been listed for trade). The advantage there is that it would keep us from having to do any kind of judgement call about squatting, and it would definitely address the trading/selling problem. Disadvantage is that it would just drive trading/selling even further underground than it already is, and we'd have more problems verifying whether the trade/sale offer was actually made by the person who controls the account -- it would tempt people to try to "frame" holders of popular usernames (post somewhere saying the account is for trade even though they don't control it, screenshot the post, report it to us) in order to get a popular username. It also wouldn't address the case of someone squatting on hundreds of usernames for the "ooh shiny" factor rather than future trading/selling.

* Or, of course, we can officially say that we don't care about any of this, let the situation stay exactly as it is, and not do anything if people are squatting on a ton of usernames. We're kind of on the fence. I mean, this is all a lot of work to handle what is, right now, not very many instances of truly egregious cases. The only thing that makes me a little nervous about picking this is that this sort of thing spirals: what's a relatively minor problem right now could become a major problem as people feel like they have to grab everything they might want someday as fast as they can, leading to squatting as defense against squatting. Still, we could always officially Not Care as a service, and leave it up to the community as a whole to enforce whatever social norms they felt was appropriate by methods of expressing disapproval, community shunning, etc.

I'm sure there are other possibilities I'm not thinking of, so that's why I'm posting -- to see what ideas y'all come up with!

There are a ton of other things I can think of, but this is long enough already and I don't want to make it too overwhelming. I'll turn the discussion over to the floor and see what everybody comes up with.

Parameters for discussion: you don't need to give more examples of legitimate use or reasons why people might want to have multiple accounts. Likewise, please don't offer up specific situations (either hypothetical or actual) and ask "is this squatting?" We know there's tons of reasons why people would want to have lots of accounts (and we want to encourage the creative use of DW and avoid having any kind of "chilling effect" as much as possible), and we're not ready to talk specifics yet.

As always in discussions such as these, please remember there are many different ways to use Dreamwidth, and a) any solution we put into place has to work for the benefit of the service as a whole; b) we're looking for solutions that will, at best, only slightly inconvenience legitimate good-faith usage, while stopping things that are negatively affecting the entire community; c) however, it may not be possible to completely avoid affecting legitimate good-faith usage completely and this is a trade we may have to make.

With that, I'll turn it over to the floor for discussion!
pith: (Default)

[personal profile] pith 2012-04-15 05:20 am (UTC)(link)
This is a tough one. I do have many personal communities registered and most are currently empty, because I've been too lazy to mirror them from LJ. Do I intend to use them? Absolutely. Have I utilized them in the past year? Probably not much. But like I remember reading in one of the DW updates, there are also people who legitimately forget that they registered and are happy when they come back and see that their account is still around. And as others have said, it almost has to be a case-by-case thing.
siderea: (Default)

Addressing squatting for trade

[personal profile] siderea 2012-04-15 05:30 am (UTC)(link)
Here's a technological hack: if one email address has greater than f(n) free accounts (for whatever f(n) you want), flag all those accounts as "held". "Held" accounts can't have their email addresses or passwords changed, but otherwise work as usual with all normal functionality. An account can be "unheld" only at DW's dispensation -- perhaps a fee charged, or maybe the user is simply asked whether they bought the account unaware of the security and ToS issues.

This way, people can create all the accounts they want for their own use. If they trigger the threshhold for this, it won't even effect them unless they need to change their email or password, in which rare case it will be easy enough for them to tell DW that it's a legit case and DW remove the restriction. But it intercepts buyers trying to take ownership of accounts they've bought, and substantially thwarts them, reducing the commercial squatting value of accounts.
bens_dad: (Default)

[personal profile] bens_dad 2012-04-15 02:13 pm (UTC)(link)
If I allow a DW user access to some web page or service via OpenID authentication, and that account is then transferred to some other user, whether by renaming or selling, I am now allowing the new user access to my protected service with the privileges of the original user. I understand that a revised version of Open ID (version 2 ?) allows some sort of solution to this problem.

Do pages like DW "Manage Circle now make it trivial for me to give access to an OpenID account using v2 semantics, or do I have to understand the difference between v1 and v2 to be sure that an account with privileges in my circle loses them if the account is "re-owned" ? What about adding a DW user's OpenID as an LJ friend ?

Until it is easy for users to give privileges to OpenIDs safely, I would like to block *all* changes of user for any DW user-name.
paysdelamour: (Autre ⚜ Apology)

[personal profile] paysdelamour 2012-04-16 04:30 pm (UTC)(link)
Loving all the discussion here, and I thank the entire DW staff for allowing input from the userbase. I mostly have questions that concern (unfortunately somewhat selfishly) mostly myself ([personal profile] metanaito) and my roleplay accounts (this being one of them), though I'm sure the answers I receive could also be useful to someone.

My first question entails accounts that are rarely or never used for a period of time being considered possible candidates for account-squatting. I suppose my question boils down to, "How does one define rarely or never, and how does one define near future?" For an example, I have several roleplay accounts which have yet to have any icons placed in them. This is either because it has been difficult to find icons (e.g., because a popular icon community for these muses' fandom on LJ shut down completely in the Great DW Migration and doesn't seem to be reopening on LJ or DW) or it has been difficult to make icons (e.g., for my character [personal profile] kipps I have to wait for "The Woman in Black" to come out on DVD in order to get his character down and make at least a few rudimentary icons for him). I do intend to use all these accounts in the future, however, I have not been able to mess with them since their creation, for the most part. Some of them I made in December and just haven't gotten around to yet because of school, however, I am actively trying to look for ways to use them once I get icons! I just want to be assured that these accounts would be safe. I tried my best to come up with usernames that will not be ridiculously popular and possible candidates for purging/deletion, but sometimes it happens.

My second question falls somewhat into the realm of account trading, which is definitely a possible issue and one rule I certainly did not mean to or want to violate. I have an account, [personal profile] sandoval, that was given to me willingly by an RP partner of mine. Given, not sold or traded for another name. She simply wanted this particular character to play with for her character, and I was willing to step in and play Sandoval for her. My question is whether this would also fall under this trading you're trying to avoid. I've been using this account pretty recently as of late (I can give you a post to prove it) and I've not had any problems with the original creator of the account, as we've been roleplaying just fine. I will gladly give her the account back if she asks for it, so it's not as if I'm being greedy or anything. And as I said, no money was exchanged, and no account names of mine were given to her. I was just asked to promise that if I did decide to play this character full-time, that I would join [community profile] paradisa with him. I am trying to be upfront and honest with you, and I'm terribly sorry if this has caused any major dilemmas in any rules you might make in the future in terms of caveats. If this is considered in violation of the rules, I'm willing to hand the account back with no trouble. Though I'm fairly certain my RP friend would be sad :(

Anyway, that's my two cents worth, and I hope I've clarified everything to your liking. If you have any questions, please feel free to let me know. Thanks for your time!
overbite: {happy} (to tell her what to do)

[personal profile] overbite 2012-04-18 05:59 pm (UTC)(link)
As far as the person who gave you the account goes, <a href=">this</a> was said elsewhere on the matter. I believe it essentially boils down to, "giving away accounts is probably a bad idea because of security reasons, but it's not like you're going to get in trouble for it." So you're okay!
paysdelamour: (Autre ⚜ Sheepish)

[personal profile] paysdelamour 2012-04-18 08:59 pm (UTC)(link)
Well that's good, I'd hate to be in legal trouble. :'D
ladyasul: An animation showing a young man, dressed in a uniform, playing with a cooking pot on his head, like a helmet. (Goofy)

[personal profile] ladyasul 2012-04-25 11:11 am (UTC)(link)
As to your first question, having an account that you don't post to, or upload to, or even comment with, isn't the issue; some users have logins and aren't active in participation, but use said logins as ways to view friends' restricted posts, for example. Or perhaps they'd started the account, and then Real Life reared its head and dragged them off for ages, and they may still return in the future, only to find their old account... still there waiting for them(!)

That's perfectly fine.

What isn't so fine is that sort of squatting where someone registers umpteen billion accounts at once, so they can sit on those and sell them or something.

Having a dozen RP accounts still being slowly prepped aren't the issue. I'm sure no one's glaring at you over that. :)
paysdelamour: (Default)

[personal profile] paysdelamour 2012-04-25 03:02 pm (UTC)(link)
That's good to know! I know a lot of people were snapping up names in the move to DW. Thanks for answering.
ladyasul: Top: a screen-capture of the Kernel Panic error screen from Mac OSX. Below: the words "This again? FSCK it." (technogeekery)

[personal profile] ladyasul 2012-04-25 10:05 am (UTC)(link)
I think there're a lot of good points that've been brought up so far, and some that really could bear reiteration and consolidation. Notably, some ideas here (especially [personal profile] elf's comment) and [personal profile] kyrielle's comments here have caught my attention.

As for the current situation, and to help prevent it from happening again, I think those and a couple other ideas could be used together to great effect:

One part is, DW deals with the never-validated accounts. Another validation link is sent to their associated email address when this plan hypothetically goes live. If they remain unvalidated for two weeks or longer, they're un-registered (if that's possible?) as though they'd never been taken in the first place.

The second part is in switching to something like the on-demand invite codes, or perhaps more accurately, requiring account validation on creation. Someone would enter their email address and desired username, and a validation link would be sent to their email address. If they so such as want to log in with this account they've tried to make, they have to validate within a week (two or three days, even?), or else it gets un-registered. During this time, it can't be registered by anyone else, or namechanged to.

This would neatly cut out the potential for someone to register seven hundred billion usernames and simply never validate them, but sell them off to people, letting those buyers have their email address be the first validated. It would also work with the third part, if those squatters did validate to hold onto them, so they could sell them.

It might work well enough to have the "Create a free account" link's target page, where they submit their wanted username and email address, to put up a reminder against the selling and trading, and "Remember, while we don't enforce a strict limit on the number of accounts, do try to be reasonable about only registering accounts that you actually want."

The third part is, on changing the email address associated with an account, especially when the prior email address wasn't yet validated (for those still falling under the jurisdiction of the first part of this) there's a re-validation email sent out to the new addy which states, in bold, that if they purchased or traded this account from someone else, that it's in violation of DW's TOS, and they should click HERE for more information (and potentially to report such a sale -- and then DW staff gets a heads-up as to potential violators?) Also, a note explaining that "this is important, as the prior email address ("$prioremailaddy") is considered the originating owner of the account, and could potentially be used to reset control of this account, yadda yadda, read more HERE as to why this matters, and contact DW staff $HERE if there's circumstances and this info needs to be poked at, such as having lost access to your original account."

Fourth part is, of course, that the email-changing could contribute to another sort of tracking/flagging system: in $account1, $OriginatingEmail is changed to $Email1. But that same $OriginatingEmail was changed to $Email2 on $account2, and $Email2 was already associated with four other accounts that've been around longer than the account whose email was just switched. And then $account3, also previously associated with $OriginatingEmail was just switched to $Email3, which is associated with yet another group of accounts and looks to be of another user... which points to $OriginatingEmail's owner giving away or selling accounts, and should be further investigated -- a flag goes up in the system, "Contact $Email1, $Email2, and $Email3 individually about this potential issue and request details on $account1 $account2 and $account3, respectively, all being transferred from $OriginatingEmail?"

In which case, if $OriginatingEmail's owner really was selling accounts, they get all their accounts frozen and renamed, to free up those held usernames again, or... however you guys want to deal with that. (I do like the idea of simply freeing up the squatted names, though. And prolly turning over original-owner status to the people who'd ended up with the accounts, if they'd been duped into buying them.)

Fifthly, sending an email to all the accounts that haven't been logged into in forever. "Hey -- you have $username on DW, but we noticed that you haven't been back to DW in a year. Please contact us if you have issues / need to reset your password / etc." I bet a lot of people would like that. (Heck, why not implement that on its own anyhow?) It doesn't need to be any use-it-or-lose-it notif, but just a reminder that the username exists might even bring back a couple of people that'd had interest, but then were sidetracked and forgot. much for consolidation. (Did I mention lately how much I love DW's generous comment-length limits? Because I really do. ♥)

Any thoughts?
phoenix_candy: (Default)

Idea Replies

[personal profile] phoenix_candy 2012-04-26 12:13 am (UTC)(link)

I think your idea are quite well thought out.

Part 1: There is only a single flaw with this part that I can foresee, which is that due to real life some people may not check their e-mail as often as they used to. I think I have checked my e-mail once in the last month due to family situations.

Part 2: For this I would say three days maximum, as if you have time to create an account you also have time to check the e-mail to validate said account.

Part 3: Well said.

Part 4: Well said yet again. I especially like how parts three and four create a flagging system.

Part 5: This method is used by allpoetry to get ahold of individuals who have not posted in various lengths of time. As someone who holds an allpoetry account; this method does in fact bring back users who were generally interested and then life sidetracked them.

Despite that it would be a lot of coding (and let's face it, it would be) all of these suggestions seem to address the majority of the concerns DW has concerning this matter. As a side note, allpoetry has a system where on your profile page and all pages with poems; a title that is granted based on the number of poems. For example on my page it says "I'm a level 1 "amber angel" poet". The thing is, there are multiple levels per gem, and I think it would help discourage the squatting. Just a thought.
ladyasul: A picture of the back of a fairy, with their red-and-gold wings spread out. (Default)

Re: Idea Replies

[personal profile] ladyasul 2012-04-26 02:10 am (UTC)(link)
Thanks for the feedback!

Re: part 1.... this is only talking about currently not-yet-validated accounts, though. If you were to sign up for an account, and then not check your email for a month afterwards, once it gets switched to validate-from-the-start account creation, then you wouldn't have created the account in the first place. Unvalidated accounts are so restricted in what they're capable of doing, I don't think they can even post to their own journals, can they? They can fill out their profile pages and pick a journal layout, but it's next to useless otherwise. They can't join communities, I don't think they can subscribe to other accounts or grant access yet... but I haven't actually played around with an unvalidated account much, to say this with any accuracy. I generally go right to my email when I make an account for anywhere, as a matter of habit.

The whole point of "validate or it's unregistered" after the validate-on-creation system would be switched to, would be to clear out those umpteen billion unvalidated, squatted-on accounts. (I'm sure the mods could even make this unvalidated unregistration a manual process rather than strictly automated, and put those squatters' huge collections on their To Unregister lists.)

Part 2: Limiting it to 2-3 days would also forgive those people who mistyped their email address, or entered the wrong one (like say, their work email instead of their personal.) ....of course, this could be helped with having a second email entry field, like how the "please re-enter the new password you're changing to" fields work. In fact, why not just have username, email address, and password all be required, and validation seals all three at once? If you don't have the time to enter a username, password, and email address, and then check your email... then try again in a little while, right? :) I'm sure it'd take less time to do that, than to post an entry.

Titles: I'd actually pass on this if offered; I don't measure my contribution to the community by how many posts I make, or how many comments. I'm actually quite involved in roleplaying (first via IMs, with individual friends, then on LiveJournal, and now my friends and I have come to Dreamwidth.) and I can say with certainty that my style tends toward long, thought-out replies, than quicker, shorter responses, and under a ranking system that rewards "contributions" by number, I'm sure my little novellas wouldn't get me a gold star as easily as someone with a third of my word count, but four times as many entries and comments.

For example, I haven't posted or commented much lately, because I've been busy working on several projects, including some S2 HTML arrangements and CSS styles. I'd rather be recognized for producing things like layouts (like [ profile] junkyardwolf, one of my RP character-centric works) for the community, than recognized for making a hundred posts in my personal journal about... I don't know, my puppy? :) (not that she's not the cuddly center of my meatspace world, but you see my point, I hope!)

Plus, many people who roleplay have an account for each of their characters (or sometimes several, like for use in multiple games, or the same character at different ages) and I know that I, myself, have been far more active with each of my characters' accounts while I'm busy playing them in a game, than I am with my personal account. I'm sure my titles would suffer for the distribution of my activities between multiple accounts. :) But within RP circles, this wouldn't matter. A player can have a reputation for being "That player!" and noted for their masterful plots, true-to-the-character characterizations, the help they've given the mods, the support they've given other players outside the game for meatspace issues, or diplomatic handling of tricky solutions. Those sorts of reputations stay with people regardless of titles on their accounts. (I know of one player who's well-known for some jaw-droppingly bad decisions within a game, inability to take important criticisms, and horrible attitude -- but they posted a lot, and played many characters. Oh, they had a reputation, all right...)

Would the awarding of levels to account titles be weighted more toward someone who spends twenty hours coding a new layout in S2, or someone who posts a thousand comments? (But what if the commenter were a counselor helping people in a survivors-of-something-awful type of support group?)

A titles/ranking system like that would work just fine on something like a poetry site, or a writing site, where the focus is on production, on contributions of submissions. Kudos to your poetry site, if people like those honor-badges as a way of helping them define their on-site reputation... but neither I nor my friends use Dreamwidth in such a way that such a system would have any meaning to us. Figuring out how to quantify contributions' quality, when one or even two types of contribution isn't even the focus of the site, for a place like Dreamwidth, might just prove to be more confusing a task than how to deal with name-squatters, at least as far as I can see.

Not trying to shoot down the idea, mind -- just offering my own views. (I suspect that my own title-rank would be mournfully low for years, lol.) How would a titles/ranking type of system be implemented meaningfully across Dreamwidth, and how exactly would it discourage squatting? I'm really curious.
stealthily: kim pine from scott pilgrim in a yellow bikini, her arms folded and side-eyeing someone (Default)

[personal profile] stealthily 2012-04-27 01:36 am (UTC)(link)
+1 to these ideas! (Although, while the cross-referencing of email addresses is quite useful, the squatter could just create multiple emails like they already do).
ladyasul: A picture of an RPG character, smirking. (TL;DR)

[personal profile] ladyasul 2012-04-29 01:11 pm (UTC)(link)
I don't think multiple email addresses would be able to excuse them from transferring multiple accounts from one email address to several others (re: part 4) nor from the buyers being alerted via the email-changing verification email that Something Fishy May Be Up Here (re: part 3) which is really the big part of this.

If a seller really wanted to cover their tracks, they'd be making a new email address for every account they were creating, to sell -- which, on the scale we're talking about, would be hundreds of email accounts, each needing to be usable before the new DW account is generated, for a validate-on-registration system. Of course, then there'd still be IP addy records, plus there would be the matter of the buyers getting that email letting them know that the seller's acting against the TOS (part 3 again) and that their newly-bought account is not secure.

That'll probably be the big point of this, I'm thinking -- raising user awareness that not only is this practice against the TOS, but that their bought/traded accounts are not securely their own. When the risks (the potential for having their bought accounts revoked by the seller at any time) outweigh the benefits, demand for illicitly squatted-and-sold accounts will drop. Without a market, and with higher risks and tougher barriers to pulling it off without getting busted thoroughly, suppliers will tend to lose interest.

Economics in action, that. :)

[personal profile] jnk 2012-04-27 10:39 pm (UTC)(link)
I just wanted to say that I appreciate the efforts the DW team is taking to openly communicate on an issue that most every community experiences on some level or another.

That said, I would like to share a bit of information about myself and how I use and view usernames on places like DW.

As a writer - both published and unpublished - I see places like DW as a way to express creativity and/or do networking under a certain title (book/story title), name (character), idea (like, booksaregood), or theme (like, thecolorpurple).

The username is the main and most prominent way to do so as it is what is displayed in the actual displayed URL and, depending on whether the owner of the username in question wants their content to be searchable, if the username is a 'good' username and search-friendly, it will also help the related content appear in search results.

For someone like myself, I would likely register a 'main' account for my published writing, a 'main' account for my other writings, perhaps a 'personal' account for personal-related (and most likely private) journaling, and then additional accounts related to my current works in progress and projects.

Given this, what I would be totally agreeable to would be have some sort of accountability system that people who are 'legitimately' holding names can take advantage of to help DW staff identify what usernames are being 'held' and for what reasons and under what 'main' username.

For example, let's say that JNK is my main username. If I wanted to register 'SomeNameHere' because it is the literal title of one of my published works or because it is the name of one of my characters from a published work, I would love to be able to tell DW that, "I am registering this username because it is the title of one of my published works (or because it is the name of one of my published characters)" and "this username is associated with XYZ username".

There doesn't need to be a subdomain or a new nameserver sort of system for this; just another field that only DW staff are privy to that says what 'main' account a username is tied to and another field that describes why the name was registered.

Obviously, people can make up BS answers and such, but the linking of multiple registered usernames by one person to their main account and being able to explain why would at least encourage accountability and perhaps even help people who are legitimately holding onto names feel more secure about the usernames that they are keeping in holding.

Hopefully my thoughts made sense; if not, please let me know and I will see if I can clarify.
viridian: (Default)

[personal profile] viridian 2012-06-21 09:37 pm (UTC)(link)
I do want to point out instances that might be legitimate but not look it - a lot of people who currently still play in RP games on Livejournal will register duplicate usernames here in the hopes of eventually transferring those RP characters here.

I know one such game that I belong to did actually just that, and it was a big game, and many of us had anticipated this move for some time and had registered 20something usernames at once because we wanted to have the same ones here (or in some cases, ones that hadn't been available on LJ but was available here) for our own use. I know I still have some accounts that I'm intending for my own personal use in games that haven't migrated, but I'm intending to mirror them because I don't trust Livejournal at all any more.

I would hate to lose any of those names just because they look suspicious, and would hope that I'd be given some warning and some time to prove that I intended to use them before they were simply changed or deleted.

Also, I really like the option above that someone suggested that limits the ability to change the email addresses/passwords - that would cut down on squatting for trading. If you also object to squatting for potential personal future use, that's another issue.
twigletzone: Red and white striped socks clothes-pegged to the guy rope of a tent. (Default)

[personal profile] twigletzone 2012-07-02 11:38 am (UTC)(link)
I'm sure someone else has already said this, but to be brutal, I think DW is currently in a situation where its only option is offering a technological solution to a social problem - and those only ever partially work.

Limits would *be* the technological solution, but they wouldn't completely remove overhead on staff because they don't solve the grey area. Short of setting up a committee of DW users to police namesquatting and do the research and evidence-gathering, I don't think DW can get the load completely off its admin staff if part of its mission as an organisation is to create a viable and usable community. Even if a committee was to go ahead there'd have to be a DW staff member giving a final vote on any question.

Page 3 of 3

<< [1] [2] [3] >>