Seemingly widespread ratings manipulation

[NotWise]

What's missing is the regular bone-cutting sweeps that used to undo all their "good work" in the form of the monthly contest determination. Most of the consequential sweeps have been for the themed contests, and the sample is too small on those to get anything but trolling of the contest stories for the most part.

We have disagreements, and I'll drop all but this.

The sweeps have been very active, at least for my story. In the year-and-a-half before mid Oct, 24 it got a total of 175 votes with 10 votes removed. In the year-and-a-half since mid Oct, 24, it got a total of 168 votes, with 61 votes removed. That's six times the number of votes swept in the same amount of time.

The problem isn't that the stories aren't being swept. They are. The problem is that the fraud detection system isn't finding the votes to sweep, which it always did before.

 

[EmilyMiller]

The problem is that the fraud detection system isn't finding the votes to sweep, which it always did before.

This

The trolls have evolved, the site hasn’t. It’s easy to post malicious votes that the regular sweeps miss. Well it requires a little work… or a script.

 

[jsmiam]

Did you somehow miss the part where I wrote "implement a check for the referrer URL AND how much time was spent on the site before the vote got cast"? Also, as long as you visit the site, you WILL send a referrer, even if it's just "literotica.com". Because voting is a FETCH request.

Server logs can be mined for that purpose. There is a sessionid.

But. giving ideas and hints and a “how to” to those who may not have thought of some methods isn’t helping. If I remember correctly there’s even a rule about it here somewhere. You should remove your post.

 

[Bramblethorn]

Did you somehow miss the part where I wrote "implement a check for the referrer URL AND how much time was spent on the site before the vote got cast"?

Nope. I saw the bit about the time check, I didn't mention that part because I had no issue with that part. I was asking specifically about the referrer URL part of the proposal, because I was curious about how you proposed to handle cases where people access a story in ways that don't supply a referrer URL.

Also, as long as you visit the site, you WILL send a referrer, even if it's just "literotica.com". Because voting is a FETCH request.

OK, so you're talking about the referrer URL for the vote request? My bad, I thought you were talking about how how they initially arrived at the story.

In that case, am I right in thinking that this referrer URL would not be useful for the case where somebody repeatedly loads the page, does [stuff that bypasses other checks], and then clicks the vote button, since they're sending referrer URL = [story URL] same as any legitimate voter would do?

(genuine question here; I am not an expert in this stuff, just trying to understand as best I can)

So the case we're talking about catching through this measure is, what, somebody who has a script set up that just runs that vote/FETCH request directly? Disclaimers again, but I feel like for somebody who already has enough know-how to do that, adding a referrer URL to the request isn't a huge obstacle to overcome.

Though, I also have to say, if you are THAT privacy oriented that you would intentionally disable standard browsing functions, you kinda just have to live with the fact that standard functions of websites then won't work.

I'd go along with this if we were talking about something like online shopping, but Lit is exactly the kind of site that should be making itself as friendly as possible to privacy-oriented visitors. (Especially when it is quite a low-tech site in many other ways.)

I've had stories on toplists. It's a nice feeling. But if there's a conflict between protecting toplists and protecting privacy, I'm Team Privacy all the way.

It's all fun and games until the Seduction of Innocent Children and Kids Online Act (2029) requires site operators to hand over everything they have on people writing or reading immoral filth...

And, again, this isn't about making manipulation impossible. If you're tech-savvy and motivated, NOTHING lit does will stop you. But if that's the consensus you people keep blabbing about whenever a proposal is made, you can just as well stop complaining about the problem. Because NOTHING will ever be done if NOTHING will ever be good enough.

Real talk: if every single person in this thread agreed with your proposal (which, let's be clear, is more thoughtful than most I've seen on this topic!), that still doesn't mean it would be implemented. People complain about this shit here because it's annoying and complaining about it makes us feel slightly better about it, not because we think Laurel and Manu are reading these threads to figure out what they should do.

This is about making it not as easy as it is right now. Because, right now, you don't even have to visit lit AT ALL. You can just open the Tor browser, post six lines of code into the console, and then have it do nothing but send a vote for a list of stories you specified before getting a new exit node and repeat the process. If you implement a referrer and maybe a 30 second wait-time before a cast vote counts, it would, at the very least, get rid of all the casual one-bombers.

I'm not sure your idea of "casual" matches mine here ;-)

I can see some ways to address that Tor-list-voting scenario without collecting more data about users than Lit already does. But it would be counterproductive to publicise them; anything I might post here on detection methods is more likely to be seen by bombers than by folk who'd use it for good.

 

[TheLobster]

In that case, am I right in thinking that this referrer URL would not be useful for the case where somebody repeatedly loads the page, does [stuff that bypasses other checks], and then clicks the vote button, since they're sending referrer URL = [story URL] same as any legitimate voter would do?

Not only you're right in that particular case, but also in general. The referer (sic) of a voting request (which is a POST one, btw; "FETCH" is not a thing) will always be the story URL.

 

[OverconfidentSarcasm]

I'm not sure your idea of "casual" matches mine here ;-)

Well, my definition of "casual" involves all the ones who do it "casually". The problem is that, writing six lines of code might be a thing of two minutes for some of them, even if it would require a lot more effort for others.

In my personal opinion, most of the score manipulation on this site is done by readers who either downvote everything they don't want on "their" site (like the BTB crowd in LW who downvotes every cheating story on principle), and fanboys who want to "do their part", so to speak, to support their favorite author.
These types open a story after reading the little description, and downvote it without reading it. Or they see a story competing with an author they like, and downvote it the same way. They don't bother with researching how the voting mechanism works, and don't bother automating the process with scripts and bots. They're happy having downvoted something.
But, with how easy it sadly is, the chances of some of the casual vote-bombers simply googling how to automate it and then getting a thrill out of it, is rather high. Yes, if one knows what they're doing, and actually researches the subject, nothing Lit implements would give 100% protection. But they COULD make it so all the "casual" bombers wouldn't have such a big impact anymore.