Tell HN: t.co is adding a five-second delay to some domains

>>xslowz+(OP)
I think that HN itself also shadow flags submissions from a list of domains it doesn't like.

Try submitting a URL from the following domains, and it will be automatically flagged (but you can't see it's flagged unless you log out):

  - archive.is
  - watcher.guru
  - stacker.news
  - zerohedge.com
  - freebeacon.com
  - thefederalist.com
  - breitbart.com

>>mutant+l1
Well, yes, many sites are banned on HN. Others are penalized (see e.g. https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...). None of this is secret, though we don't publish the lists themselves.

Edit: about 67k sites are banned on HN. Here's a random selection of 10 of them:

  vodlockertv.com
  biggboss.org
  infoocode.com
  newyorkpersonalinjuryattorneyblog.com
  moringajuice.wordpress.com
  surrogacymumbai.com
  maximizedlivingdrlabrecque.com
  radio.com
  gossipcare.com
  tecteem.com

>>dang+p1
Would be nice if the lists were published though with a link to the list from the submission form.

>>jemmyw+12
The problem is that if you publish the lists it leads to more abuses. For example if spammers find out which sites are banned then they just post other ones.

>>dang+O2
> For example if spammers find out which sites are banned then they just post other ones.

I don't think that makes sense. The supposed spammers can just try looking up whether their submissions show up or not when not logged in.

>>mutant+o3
That also requires additional effort on the spammers’ part. Increasing cost of attacks is an effective defense strategy.

>>lcnPyl+x3
Increasing cost of attacks is effective against good faith people, not spammers.

Even Cory Doctorow made this case in "Como is Infosec" [1].

The only problem with Cory's argument is, he points people to the SC Principles [2]. The SCP contain exceptions for not notifying about "spam, phishing or malware." But anything can be considered spam, and transparency-with-exceptions has always been platforms' position. They've always argued they can secretly remove content when it amounts to "spam." Nobody has challenged them on that point. The reality is, platforms that use secretive moderation lend themselves to spammers.

[1] https://doctorow.medium.com/como-is-infosec-307f87004563

[2] https://santaclaraprinciples.org/

>>rhaksw+m7
In my experience, increasing cost or delay even a little bit cuts out a disproportionate amount of bad stuff.

I once had the domain 'moronsinahurry' registered, though not with this group in mind...

>>DamonH+oE1
In your experience where?

No research has been done about whether shadow moderation is good or bad for discourse. It was simply adopted by the entire internet because it's perceived as "easier." Indeed, for platforms and advertisers, it certainly is an easier way to control messaging. It fools good-faith users all the time. I've shared examples of that elsewhere in this thread.

>>rhaksw+pP2
I think that you are reading this too narrowly. SPAMers etc are often in a hurry. For example, simply avoiding responding for a second or two to an inbound SMTP connection drops a whole group of bad email attempts on the floor while no one else even notices.[0] Another example: manually delaying admitting new users to a forum (and in the process checking for bad activity from their IP/email etc) seems to shed another bunch of unwanteds, and raising the cost a little with some simple questions on the way in, also. This point about small extra delay and effort deterring disproportionately bad behaviour is quite broad.

[0] https://deer-run.com/users/hal/sysadmin/greet_pause.html

>>DamonH+iD3
In your cost/benefit analysis, you overlook the harms created by secretive actions. That's why I asked for details about your experience.

The internet has run on secrets for 40 years. That doesn't make it right. Now that everyone and their mother is online, it's time to consider the harms that secrets create.

>>rhaksw+ZD3
There are bad actors, and many of them are lazy/stupid. Their activity imposes a tax / harms on the rest of us. One way to minimise that harm to the good actors includes some mildly covert measures. The sendmail GreetPause is hardly a secret for example: it catches a common deliberate malicious protocol violation and is publicly documented. This is not unique to the Internet nor new; see also banking and personal security and so on.

>>DamonH+EE3
This subthread started with a discussion about how "HN itself also shadow flags submissions" [1]. That's a slightly different form of moderation than the t.co delays.

Another commenter argued "Increasing cost of attacks is an effective defense strategy."

I argued it is not, and you said adding a delay can cut out bad stuff. Delays are certainly relevant to the main post, but that's not what I was referring to. And I certainly don't argue against using secrets for personal security! Securitizing public discourse, however, is another matter.

Can you elaborate on GreetPause? Was it to prevent a DDOS? I don't understand why bad requests couldn't just be rejected.

[1] >>37130143

>>rhaksw+UG3
Here's another reasonable summary:

https://www.revsys.com/tidbits/greet_pause-a-new-anti-spam-f...

I get several thousand SPAM attempts per day: I estimate that this one technique kills a large fraction of them. And look how old the feature is...

zlacker