
Ask HN: How can HN allow login without an email and not be full of bots? - seph-reed
When I created an account today, I was really impressed by the fact that I didn&#x27;t have to input an email before I started commenting.  It almost seems unprecedented, especially given this is a site that caters to hackers.  How can Hacker News have a login flow like this and not show any huge signs of abuse?<p>I tried searching for an article on it, but found nothing.  In terms of general &quot;login without email&quot;, the best I could find was a UX discussion.  Anyone have any leads?
======
smt88
Dang has mentioned that they have a lot of fairly sophisticated code that
they're always tuning to prevent spam, upvote rings, bots, etc. I believe they
intentionally keep their methods secret to make them more difficult to
circumvent.

Outside of those efforts, what makes you think HN is _not_ full of bots? Lots
of links are posted by new-ish accounts, and we have no idea whether upvotes
are human or bot.

If the bots behave convincingly enough like good HN citizens, there may be no
way (or no desire) to shut them out at all, and none of us would ever know.

As for comments, it's likely that much of the anti-bot policing is first done
by algorithm, and then the remaining effort is by us, the readers, leading to
the high-quality comments that we typically see.

~~~
seph-reed
> what makes you think HN is not full of bots?

Good point. I suppose I just always imagined a place full of bots to be a bit
more messy.

On the subject, how funny it would be to train bots to be polite and to the
point (rather than clickbaity). How funny it would be to be engrossed in a
community, and think "wow, what a bunch of nice interesting people," but
really they're robots that are mindlessly striving towards being the perfect
neighbor.

~~~
dilippkumar
Anecdotally, I once tried to create an account on HN by going through tor - HN
allowed my account creation to go through and even let me post my comment.

But my comment wasn't visible to anyone else.

It was all very clever.

I think the HN's simple user interface is deceptively simple - there is
clearly a lot more going on than I had assumed.

~~~
dang
There are lots of filters based on past activity by spammers, trolls, and so
on. But in the scenario you describe, moderators would eventually review your
comment and restore it to visibility, assuming it wasn't bad in some
noteworthy way.

Users with 'showdead' turned on in their profile (and who have karma > 30) can
do the same: if you see a [dead] post that shouldn't be dead, you should vouch
for it by clicking on its timestamp, then clicking 'vouch' at the top of its
page. This is why we added that feature.

~~~
Tomte
> Users with 'showdead' turned on in their profile (and who have karma > 30)
> can do the same: if you see a [dead] post that shouldn't be dead, you should
> vouch for it

Wow. I've been on HN for some time now [1], and that's news to me.

I remember seeing "vouch" before, but not for a long time. I simply assumed
you had taken that privilege away from me.

It makes sense to only show it for "showdead" users, but it never occurred to
me.

Edit: [1] and it turns out that today is my cake day. Very fitting. :-)

------
kazinator
E-mail will not protect against bots. Spammers who operate bots are
sophisticated enough to run their own domains, under which they can generate
valid, working e-mail addresses programmatically.

If e-mail validation worked, then sites that have validated your e-mail
wouldn't be throwing captcha's in your face.

------
brudgers
Paul Graham not only rhymes with spam, his interest predates Hacker News.

[https://www.infoworld.com/article/2674702/techology-
business...](https://www.infoworld.com/article/2674702/techology-business-
paul-graham-provides-stunning-answer-to-spam-e-mails.html)

[http://www.paulgraham.com/antispam.html](http://www.paulgraham.com/antispam.html)

------
caspervonb
Email isn't a fail-safe, its ridiculously easy to get throw away email
accounts. Hundreds of new domains are freely available every month (and
subsequently block lists are updated each month).

Also, beep-boop, how do you know we're not all bots? ;)

------
pisky
Reddit doesn't require an email either - they just use a dark pattern on the
registration popup to somewhat hide the fact. I doubt any bot makers fall for
it, so I don't think they did it to prevent bots anyway.

------
scarejunba
Not popular enough. Even Reddit was fairly spam free at 10 or 100x the
traffic.

------
developer_zero
Hmmm. Maybe they track click times, post times and post frequency? like if the
post is done in an inhuman amount of speed it is flagged as a bot post?

Dunno just throwing Ideas. hahahahah

------
yellowapple
The dirty secret: everyone on HN is a bot.

Even dang.

Even me.

Even _you_.

~~~
quickthrower2
Well I keep failing those "are you a robot" traffic light checks, so maybe I
am.

~~~
ivanfon
Some of those can take me a minute or two... I'm almost starting to be
convinced that I'm a robot.

I guess that's what you get for using Firefox and extensions that value your
privacy

