Culling proxy trolls

Pat Mustard

Feel free to shoot me down in flames if this is not a good idea. My technical knowledge is limited. I figured that this post is probably more relevant to Feedback than Site Development, but please move it wherever it is most suited it, if necessary.

When users get banned, they sometimes re-register and access boards.ie by proxy. Take Chemical Burn, for example. He was a rereg troll that managed to last for more than four months, with more than 500 posts. His prison thread is here. He seemed pretty determined to rereg. I'm not sure if there is a feasible way of putting an absolute stop to that. However, I wonder if the average lifespan of a rereg proxy troll could be shortened.

Whether right or wrong, it's my understanding that some users access the site legitimately, using proxies. I am not certain why that should be though, unless they need proxies to circumvent restrictions at work. I'd be out of my depth if I was to speculate very far. In any event, my understanding is that many persistent rereg trolls are dependent on proxies in their attempts to avoid early detection.

So, would it be feasible to simply restrict use of logging in by proxy? I'm not talking about an outright ban on proxies, as I suppose that would have been done already if the idea was feasible. Again, feel free to correct me if that assumption is incorrect.

My suggestion is that there could be an amendment to boards.ie guidelines, to the effect that prior permission should be got, prior to logging in to accounts via proxy.

Possible ways of implementing a proxy login restriction:

(a) Restrict account logins by proxy to Subscribers. Rereg trolls surely don't hand over their credit card details, do they? If they did, it'd make it easy to track down most of them.

OR

(b) Restrict account logins by proxy to users who have prior permission, which is given to them by an Admin. Okay, I don't know how many of the 600,000 registered accounts are active, so I can't say for sure exactly how such permissions would be implemented, but maybe I have a few ideas.

Possible ways to implement positive permissions for login via proxy:

(1) Keep a list of users who are allowed to login by proxy.
This could be a cheap solution, and, depending on numbers, it might be workable. Suppose that boards.ie guidelines were amended to require users to get prior permission in order to use proxies to log in to their accounts. I'll guesstimate that 500 legitimate users will ask for this. If necessary, these permissions could be further restricted to users who are registered for more than 6 months with more than 50 posts, for example. Perhaps some exceptions could be made to postcount or time registered for certain special cases, by request. If a user logs in via proxy with permission, no problem. If he logs in to his account via proxy and he's not on 'the list', it's an immediate permanent siteban, if he's caught. I'm sure site developers could do better than this, but I would suggest that this could be implemented by even a simple Excel list. If a user comes to Admin attention for any reason, the Admin checks the list, sees that the user is using a proxy, and sitebans the user without the necessity to gather any further evidence.

(2) Change the site to only allow certain permitted users to login by proxy
I have no technical knowledge to implement this idea. In any event, I'm guessing that it could be done, with a certain amount of work, at a certain cost. I suppose that it could operate automatically.

Possible problems:

A. If too many people want permission to log in by proxy, then this could use up extra Admin time.

B. If people attempt to login to accounts from overseas, I am not sure if they might show up as possible proxy users.

C. VPN.

D. Perhaps restriction of use of login by proxy to subscribers rather than registered users would operate to reduce the overall number of users, which would be bad for business.

E. Some people will get unfairly sitebanned and have to explain themselves in order to get out of Prison, using up Admin time.

So the basic question is whether restricting login via proxy is feasible? What do people think?

Mr. G

No I don't think it is feasible or possible. Basically, when you set up your browser to use a proxy, all web traffic goes through that proxy and then out to the internet.

A lot of businesses use their own for virus prevention and web filtering, and allow boards to be used (eg on lunch breaks).

It would cause too much problems. Users could use a VPN which you cannot prevent.

KyussBishop

It's literally impossible to stop - there is no direct way to identify that someone is using a proxy, only indirect ways to detect if they 'look like' a previous user - which again is easy to work around).

The reregs probably don't even use proxies either - it's not like they had static IP's prior to reregging.

Black Swan

You don't have to use a proxy to stealth. I am in a free wifi hotspot at this moment while accessing boards. The IP address is not my netbook, rather the coffeehouse access point for about a dozen users (any of whom could also be accessing boards.ie right now). One or more of these coffeehouse users could be re-regs. It has been estimated that there will be 5.8 million hotspots by 2015. Do you wish to eliminate, restrict, or otherwise encumber access to boards.ie from millions of wifi hotspots? If I was the site owner, I would not be too enthusiastic about confounding these potential access points.

Furthermore, there are many ways to stealth without the use of proxies. There is freeware available to stealth both your IP and MAC, or wardrive, or use a shadow network, or hide behind a DMZ, or use a randomized IP provided by your ISP, or go to the many university and public libraries that give free access to online computers, or if banned at home can now access from work, a g/f's or b/f's or cousin's computer, etc., etc.

We do not want to make our registration process more cumbersome than it currently is. If we do, we may lose thousands of good members just to eliminate a tiny few re-regs.

And lastly, the vast majority of our members are not re-regs using various stealth methods to circumvent site bans. I like the anonymity that boards.ie attempts to offer its members, and if I want to access boards.ie using Tor, then I should be allowed to do so without any Big Brother hassles. So why should that vast majority of good members be inconvenienced by the tiny number of deviants?