Hacker News new | past | comments | ask | show | jobs | submit login

There have been a lot of instances of this happening to feminist or LGBT groups on Facebook and YouTube. These systems are fantastically abusable.



If I were setting up an automated abuse-report-receiving system that could automatically disable accounts, I would run some sort of filter for "is the account reporting the abuse itself a newly created account, and/or one with suspiciously low and non-human looking usage patterns?".

But on the other side, malicious actors can solve that problem by having clickfarm workers in bangladesh create 30 fake facebook accounts, post random drivel on them for a week to make them look like they're in use, and then use those to report abuse.


> If I were setting up an automated abuse-report-receiving system that could automatically disable accounts, I would run some sort of filter for "is the account reporting the abuse itself a newly created account, and/or one with suspiciously low and non-human looking usage patterns?".

That does not help against these kiddy vandals mentioned in the article.


yes, exactly why it's a hard problem to solve.


The solution is simple: Hire support people - and both train and allow them to deviate from the usual support flowcharts.

Oh, and check if they actually speak English well enough to communicate with customers. As a customer, I instantly notice outsourced callcenters.


The solution is not simple, if you're on the business management side and need to concern yourself with the fully loaded yearly office space, overhead, payroll/benefits cost of hiring hundreds of well trained, motivated, educated, english speaking customer support reps to support your 20+ million "free" customers...


It all boils down to classic capitalism: privatizing profits (money not spent on support teams) and socializing losses (wasted police funds on SWATting, often needed psychological care for victims, lost productivity due to hacks)...

Once these losses are factored in, the tide swings towards support staff. But unfortunately that won't happen any time soon.


Simple and cheap are not the same. The solution is simple, it's just also expensive. This is the general "problem" with customer support, good support is not cheap, nor is cheap support good.


The more latitude and discretion you give them, the more susceptible you'll be to social engineering attacks.


One can require the account before many years old before having much weighting.

Also, require verified phone number by sms or a verified non prepaid credit card.

Allow the user to use your site without that stuff, but restrict actions that spammers like to requiring it.


Requiring phone number or credit card is an extremely effective way to have a large class of (legitimate) users nope out of your service


requiring a credit card is a good way to stop 90% of the developing world from using your application... Stop a randomly chosen person on the street in a big city in India, Pakistan or Bangladesh and ask them if they have a visa or mastercard.


Heck, even in Europe they usually don't.


To report, not to make an account.


I guess this abuse reporting system was made to block spam via messages that are sent when adding a contact. But Microsoft doesn't check if the reported user is a spammer and whether he had sent any add requests.


The cases I've heard of have generally been crowd-sourced, not automated.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: