This seems to be hinted at already in the Democracy values, but its not being enforced (and should be). To encourage transparency and avoid trolling and spam, real names and photos should be required on all accounts, at least those that contribute to Core contributions and Petitions, etc. This should probably be accompanied by an extremely liberal moderation policy where banning or censoring users is a very rare and exceptional occurrence… allowing users to edit their posts would also encourage transparency (like GitHub does) so they can avoid being held hostage to a certain thread or proposal, etc.
Read-only archive : Issues · ClassicPress/ClassicPress · GitHub
Author : Jesse
Vote count : 5
Status : completed
Comments
This is very important, but I thing this kinda happens logging in with: GitHub, Facebook and Google. But it’s more difficult to check with E-mail. The question is how do you enforce this? This will get difficult very quickly.
~ posted by Remzi Cavdar
@Remzi , I think requiring GitHub OAuth login is a good idea. It’s more developer focused, and most accounts are “real” profiles. Plus, GitHub is arguably where open source development is going in the future, and where ClassicPress is focused too, so it kinda encourages developers to head that way too.
Anyway its pretty easy to verify names/profiles are real or not with a quick Google search… if they look suspicious, freeze the account and email them.
Also another thing I’m hoping to propose is that ClassicPress supports installing plugins and themes via GitHub and does not build out their own directory, which would mean even more reason to integrate GitHub. But I don’t want to hijack this Petition so I won’t mention too much on that…
~ posted by Jesse
Disagree. Would vote against this.
Breaks privacy. There may be a bunch of reasons to avoid using a real name on volunteer/crowd/international projects (marketing, business, competititive, personal). The name may be associated with some brand which is not always wanted, etc. And a person may don’t want to be accociased with CP, too.
Insecure in some cases. Personal data in relation to user generated content (links, domains, client descriptions, notes, prefered tools, versioning in support threads etc) brings sources for bruteforcing emails, logins, passwords and increases different risks. If “anonymous” user says “My clients uses plugin X of version Y” this is rather safe. If John Johnson says the same, this is a chance to exploit sites from his portfolio, or to make more accurate offers to entice his client base, or… Even if it is 99% safe, the last 1% have a right to decide.
This solves nothing as there are plenty of ways to avoid this security measures and we have no real instruments to define a user with 100% accuracy. Googling for names “looking suspicious” sounds rather funny. What would you find if 99% of my accounts use my name in cyrillic transcription? Or are we ok with analyzing SERP in Chineese? Who will perform all that “analysis”? What are criteria of “suspicious”? Is a photo taken 2 years ago ok? 20 years? And what’s the problem for a “bad boy” to imitate any local persona?
Tons of potential mistakes and absurd cases. I’ve already wrote some example scenarios somewhere in forums (dynamic gateway IPs and other mess).
(And probably the most importnat). This limits user rights and freedoms for no real benefit. It won’t stop trolls but it would turn a volunteer project into kinda private party with a strict face control.
And “Forcing” is not a method at all here. Noone pays users for contibution, so noone can “force” them to do something.
It always starts with a strict auth, then it requires real names, then it asks for a phone number, then for your passport, then for a credit card… We are not web police. Too much requirements for a non-profit, I think) Unacceptable.
~ posted by Ilya Ivanov
@Ilya , its not actually a new Petition as the rule exists already, but is not being enforced… real identities exist fine on GitHub, Facebook etc. I think your privacy concerns are irrelevant to be honest. If people want to contribute to a community open source project, expecting transparency is how you prevent things like hackers embedding malware or teams being corrupted , etc. Imagine 25 anonymous accounts voting to integrate XYZ feature, for example. And anyone who is an established developer has a serious web presence, if its that difficult to prove that they are real than they should probably not be contributing.
It always starts with a strict auth, then it requires real names, then it asks for a phone number, then for your passport, then for a credit card… We are not web police. Too much requirements for a non-profit, I think) Unacceptable.
Not really. Oath would probably be enough, just like other sites do such as CodeMentor, Spectrum Chat, etc. And yah, an open source CMS kinda needs to police things a bit to ensure transparency, unless its going to be a free-for-all like WordPress.org full of trolls, spam, and malware plugins. Personally, I wouldn’t really want to remain involved here for much longer with all the anonymous accounts creeping in here, who am I talking to exactly? It’s a bit absurd.
~ posted by Jesse
On requiring names/faces: Ilya lays out the reasoning well. Additionally, if people are not comfortable talking to anons, they should just refrain from doing so. It doesn’t make sense to implement an invasive policy on the entire community to solve a problem that is essentially self-imposed. I agree that names/faces are more personable and instill more trust, but, don’t support this as a requirement.
On editing/deleting posts: a post should only be editable until a subsequent post is made on the thread or the post itself is “liked”, whether by another user or by that same user. General users should not have the ability to delete posts. There has already been an issue with at least one user deleting tens of posts on the forum after a simple disagreement. This breaks the continuity of threads and diminishes the value of the discussion. I support a user’s right to leave for whatever reasons, but, don’t think they should have any opportunity to deface the system on their way out.
On censoring users: community members are allowed to flag any post as inappropriate, inflammatory, illegal, useless, spammy, or whatever. I’m pretty sure Discourse automatically unlists any post that gets flagged repeatedly. To me, this isn’t censorship – it’s community housekeeping.
On banning users: there’s a 3-strikes guideline in place before a permanent ban. This is more than gracious. If a person can’t behave or gel with the community within 3 strikes, a permanent ban makes perfect sense to me.
~ posted by Code Potent
As I have previously indicated on the forums, I strongly agree with this. As I also mentioned there, I don’t think this necessarily has to be reflected in someone’s username. But I do think we should know the identity of all those participating.
~ posted by Tim Kaye