How about a built-in duplicate user detector?

[Pavel Chernitsky]

Banning, blocking and moderating problematic users is all well and good, but if the user decides to open a new account and the site's admins can't detect it as a duplicate, all those tools are pretty useless.

I saw that through the years there have been a few plugins developed by the community, but I think that this should be a built-in integral functionality of the suite. Also the plugins are currently not available for purchase so I'm salty 😄 

What do you guys think? Should we have a built-in tool to help us find and intercept trolls and toxic users? Especially given how fairly simple is should be to implement (makes a cookie and then checks for it).

[CoffeeCake]

I would agree. IPS has some ways of showing this now, however it's very difficult to see it unless you already suspect it from a moderator perspective. Things like shared devices should have a better way of being surfaced in the various control panels, so that you can easily see a list of those devices at the device level that are used between multiple accounts, rather than from the user level.

This would greatly help in identifying problematic issues.

[Pavel Chernitsky]

Any thoughts on the matter from the @IPSStaff? (Here's another idea, allow tagging of user groups, but we can leave that for a future version) 🙂 

[Morgin]

+1 from me. We have a rule only allowing one account per user because people often post and then want to distance themselves from something poorly received. It devalues the community to have a bunch of people utilizing multiple accounts, along with the trolls who make multiple to seed arguments. I would love to see some sort of opt-in centralized Invision user checker sort of like the global spam tracker. Make it a subscription add on, doesn’t matter to me. Just need some modern user moderation tools that don’t require so much manual work. 

[ahc]

Given that most of these tools rely on IPs, which for most people are dynamic and can be easily changed, I don't see the point.  We tried to do this early on when we switched to IPS and it didn't stop people from making multiple accounts if they applied a tiny bit of effort.

Same with a cookie.  It would take nothing for someone to clear their cache and bypass that within 30 seconds.

[Pavel Chernitsky]

Fairly few people know about the cookie thing, and we've had had a cookie-based tool on our previous platform and it worked very well.

Edited June 29, 2020 by Pavel Chernitsky

[Morrigan]

Then you have people that live in the same house, you have people that do share devices because they can't have a computer per person in their house or utilize public locations (like libraries) to register/view a site.

No other service gives a flying pig's butt about it, why should you? If the new account isn't causing issues, why does it matter that they have re-registered?

[Square Wheels]

16 minutes ago, Morrigan said:

No other service gives a flying pig's butt about it, why should you? If the new account isn't causing issues, why does it matter that they have re-registered?

I'm not suggesting it's a good or bad idea, but at least one use case would be for banned people trying to get back in with a new account.

[Pavel Chernitsky]

7 hours ago, Morrigan said:

Then you have people that live in the same house, you have people that do share devices because they can't have a computer per person in their house or utilize public locations (like libraries) to register/view a site.

No other service gives a flying pig's butt about it, why should you? If the new account isn't causing issues, why does it matter that they have re-registered?

There's no problem with any of those situations.

Let me reiterate, I don't mean that this system should auto-ban or perform any action. It should notify the staff that "It looks like person 1 and person 2 are using the same computer", And if by chance one of those person has already been misbehaving/moderated/banned, you can - at least - keep your eyes open on the the second person. 

Without such a system, the entire warning system is nothing more that you asking problematic users very politely to play nice. But if they don't want to, they just open a new account. It's basically a rule-keeping system that only works on rule-keeping people.

 

We have recently moved our community from VB to IPS, and we've had a good increase in traffic and registrations. However, we have been recently "under attack" by a few toxic trolls, who we have banned. Now we have new topics opened by newly registered members, some of which look borderline troll-y. How can our moderators know which of those - if any - are legitimate topics and which were opened by one of those trolls' new accounts? Currently, We have NO way of knowing (The ip tools are useless in a community our size, I have yet to see an ip that had was used by only one user).

Edited June 29, 2020 by Pavel Chernitsky

[Pavel Chernitsky]

Any other input on that issue?

[Black Zero]

Hello Members

This is a good option which unfortunately is not included in the invisionpower board, many times it happens that a member deliberately violates the rules because he knows that at most I will be banned and then he Will rejoin with a new registration. VB had some tools that worked much better. But I have been facing the same problem since I moved to InvisionPower. Unfortunately, I want to find some members who theef my forum data and sell it to different groups. And I find them and ban them, but they come back with a new registration. I would be happy if Invision successfully incorporates this tool as it will make the job much easier for many members like me. It should be noted that if a member is using more than one account or has a previously suspended account and he adds a new account again, the admin panel should show whether or not to ban it. I give this option plus 100 points

[Joel R]

There is a Duplicate Member application in the Marketplace from @CodingJungle that you can investigate.  

 

[PPlanet]

3 hours ago, Joel R said:

There is a Duplicate Member application in the Marketplace from @CodingJungle that you can investigate.  

 

I'm using this and for the most part works well. I have suggested the author to have an option to move detected users to a different group, other than or as an alternative to banning them, which is what the app does now as one option.

So, I have an "Inactive" group where they still can access the board and see a message saying the account has been disabled at their request or because it's a second account, and urge them to contact us to sort things out. So far it's me doing the chasing up after just being notified by the app, and changing second accounts to this inactive group or not. If the app switched them automatically the initiative would be left to them to contact us. As it is now, it's a pain in the butt to follow this through.

Why does it matter? I sell subscriptions to access parts of the forum, but at the same time I provide a small daily number of free views behind the paywall per member. Most only create second accounts to cheat the system and duplicate, triplicate or sometimes more the number of free views.

[Pavel Chernitsky]

21 hours ago, Joel R said:

There is a Duplicate Member application in the Marketplace from @CodingJungle that you can investigate.  

 

Thanks. It was unavailable when I started the topic. 
Still, any plans on having such a functionality built in to the core suite?

[Aiwa]

On 7/18/2020 at 3:29 PM, Pavel Chernitsky said:

Thanks. It was unavailable when I started the topic. 
Still, any plans on having such a functionality built in to the core suite?

Doubtful, that’s why we 3rd party developers exist.. To cater to the little things that you need vs the features IPS releases based on a myriad of different data collection sources and interest. 

This topic has come up in the past and likely why there is a resource that has been in the Marketplace for it, for quite some time, on the order of years. 

Edited July 20, 2020 by Aiwa

[Pavel Chernitsky]

I agree, but I think that there are integral things and features that a software company should include in its product. 3rd party developers are a very important part of such a large scale product, but I don't think it's a good idea to solely rely on them for what needs to be a core part of the product.
3rd party devs can do different variants of existing things (themes, and various ways to show announcements are a prime example for that) or niche products that provide a solution for a very narrow and specific use case. Because, like we saw here, a 3rd party dev can decide to take their app down and that's it, if you need it, you're screwed. Or, they WILL eventually stop providing support or not be able to adapt their app/plugin for a new version. If I have something to fall back to (like, say, the default theme), it's manageable. If it takes away a major functionality that I cannot replicate even closely with the default tools, that's a big no no. 

Just to be clear, I'm saying any of that out of disrespect for 3rd party devs. I think they (you) are a vital part of any program and should be embraced. I'm talking from painful experience with VB and phpBB over the last 18 years where you would one day use a plugin and all your users love it, and the next day it's not supported because of incompatibility with the new version, and the dev is nowhere to be seen and not answering your emails, and your users hate you because "you took away a feature".

[CoffeeCake]

The particular app in the store mentioned above is a bit lacking in the way it lets you view the individuals with multiple registrations. Its UI is less than desirable to quickly see affected accounts. Things like sorting are broken, and sometimes blanks appear. You need to drill in on the basis of a given user and then see the alts registered. It'd be nice to see some attention on it from @CodingJungle to sort out the interface issues that remain. That said, it does alert when there's a duplicate through a mechanism separate from the built in mechanism IPS has available (so it only shows results for logins and registrations happening post-install).

IPS has a built in feature that shows devices in use by multiple accounts, but again you have to start at a user and drill into the associated devices. When you look at the device, you can see what other users have used that device. What would be nice, in the shipped version IPS makes, is to surface the existing data where you could browse from the shared devices and then see associated users. Basically a "list shared devices" report and associated members.

@Pavel Chernitsky makes some great use cases, that clearly aren't things that are needed or wanted for everyone. I think it's a good exercise to talk about these ideas and connect with other community managers to gauge where there's similar needs and interests.

[Aiwa]

@Pavel Chernitsky You make a good case for core vs 3rd party, however I fail to see how this particular feature lives within those borders. You primary debate seems to revolve around user experience, things that are visible to the user, that has a fallback. I don’t see how this falls in such a category. This is an admin only feature and something I see as a hot spot for 3rd party devs to step in for boards that require this feature. 

Yes there is risk with some developers leaving applications unsupported, or not providing updates when a new IPS version is released, that causes broken functionality. That said, if the app does serve as the hot spot mentioned above, another dev will pick up on the value of the feature and move forward with a replacement. Ideal, no. Probable, yes. 

Don’t get me wrong, I see value in your request. I simply disagree with the need of it being in core. I’d rather IPS focus on more valuable features. 

[Pavel Chernitsky]

15 hours ago, Aiwa said:

You primary debate seems to revolve around user experience, things that are visible to the user, that has a fallback. I don’t see how this falls in such a category.

That's exactly true. What I said was - and I'm sorry if I'm not articulating myself properly, English isn't my first language - that 3rd party devs are a valuable "resource" so to speak for making different versions of things that already exist (think of it kind of like modding for games), or products that serve a fairly niche use case, while things with diverse use scenarios or things that are the essentially the basis for other systems or should be an integral part of said systems (explanation in the next paragraph), should be a core part of the software. I can't stress enough the fact that this is the first thing (duplicate user "alerter") I need and actually think IPS should bake in to the core suite. When it came to all the other non-standard things I needed, I turned to the marketplace no questions asked, because I knew it's either something fairly few people need, or was a different take on something that already existed. 

In this case, I think it should be an integral part of the software suite mainly because a true user identification tool (that's what it actually boils down to) is the basis for an effective warning system. If you don't have such a tool, that alerts you (alerts only, DOES NOT do anything else) to duplicate accounts, your entire warning system if pretty much useless. because the minute you ban/take action against any rule-violator, they just open a new account and go on as if nothing happened, and you have NO WAY of knowing that for sure. Like I said before, a duplicate user detector is the basis for an effective rule "enforcement" system, and in the current state of affairs, it's only useful for rule-abiding users.

I mean, imagine getting pulled over by a cop for running a red light, and being told you're not allowed to drive anymore, only to be pulled over the next day, by the same cop, for running the same red light, and telling them "oh, so sir, I'm not Aiwa, I'm jeff, a totally different dude". having cops in that kind of a situation sound pretty pointless to me 😄

 

@Paul E. Actually, most of the things you mentioned, in my opinion,should be part of an addon and not baked into the core suite, since they are enhancements of a "feature" (can't think of another word to describe it) or quality of life improvements, and not a core functionality. In other words, with those features, finding a duplicate user is easier, but without them it's still possible. without a "those two people are using the device/might be the same person" notification, finding it is pretty much impossible with any level of certainty. 

[Adriano Faria]

18 hours ago, Paul E. said:

IPS has a built in feature that shows devices in use by multiple accounts, but again you have to start at a user and drill into the associated devices. When you look at the device, you can see what other users have used that device. What would be nice, in the shipped version IPS makes, is to surface the existing data where you could browse from the shared devices and then see associated users. Basically a "list shared devices" report and associated members.

Devices aren’t reliable too. IPS stores them in a cookie. Clear them and the user has a new device id and gets undetected. I’ve developed a resource to ban devices but it wasn’t approved due to that.

[Morrigan]

52 minutes ago, Adriano Faria said:

Devices aren’t reliable too. IPS stores them in a cookie. Clear them and the user has a new device id and gets undetected. I’ve developed a resource to ban devices but it wasn’t approved due to that.

Devices aren't reliable because you do ACTUALLY have people that don't have a device per person either. So even if IPS tracked the device if people used the same device how is that a duplicate account? There are whole families, friends of families. Hell I know people that can't even own a computer at home and so they go to the library. You going to flag every library computer as a duplicate device?

Then you have people that share phones and mobile devices. Or just borrow their friends. We're going to flag them too when they happen to log into their friends device? It just sounds meh.

Not all of us are privileged enough to own multiple devices. Those of us that are are blessed.

Edited July 22, 2020 by Morrigan

[Pavel Chernitsky]

@Morrigan I'll say it again - you DO NOT take any action based only one the fact that two people use the same computer. We've had dozens of members from the same families that were constantly popping off as duplicates and it was ok. BUT, when you ban a user, and 20 minutes later a NEW user is registered from the same device and starts acting abnormally, it SHOULD raise a flag, and you - as a community manager - need be aware of that so you can keep an eye open for that.

It is NOT an automatic ban hammer, it IS a tool to help draw admins' attention, the community manager NEEDS TO use their brains before banning people flagged by the feature.

[CoffeeCake]

Remember, tools can be used wisely and unwisely. A hammer can be used to try to fix an electrical wiring problem, bash someone's head in, or set a nail. Just because some people go with the first two options, doesn't mean hammers shouldn't exist.

[Morrigan]

The point is that some people will use a hammer for an electrical problem if they think that’s what they should do.

[Black Zero]

+100