Also I hasten to add that this shouldn't be taken to be a proposed default policy or anything; it would only apply to individual ISPs for fixed periods of time, and only be noticeable to those unfortunate to share an ISP with a high-impact ban evader who cannot be traditionally controlled.

Ideally most posters (and even most posters sharing an ISP with said evader) would never have cause to notice this system.

1. Incognito users will probably suffer. Especially for my country.

2. My country has a few ISPs. For non-business users, they rotate our IPs using dynamic IPs. In this case, given a large amount of ban evaders (who keep clearing their cookies to gain new cookies), all new users will have to wait X hours/days to post. (Not necessary a bad thing since it keeps newfags out of 4chan hur dur)

3. What if they bake more cookies and store them away to eat another day.

Remove phone posting. 2016

>>5257
>1. Incognito users will probably suffer. Especially for my country.
Is there a pressing need to browse 4chan incognito? It doesn't actually do anything for their security unless they fear someone is going to access their physical computer later, though I guess it would prevent people from using shared terminals.

>2. ...all new users will have to wait X hours/days to post
My personal hope is that once a user can only evade once every three hours, some people will stop doing it so fervently, and it will calm down to the point that the restriction can be lifted on the ISP. If this never happens, well... as much as various site leaders have repeatedly expressed that 4chan should be a site without barriers, I think that a new poster could stand to lurk three whole hours before making his no doubt highly-improved first contribution.

>3. What if they bake more cookies and store them away to eat another day.
Cookies could have the IP address used to bake them stored with them. It's difficult to recover a dynamic IP once you've changed yours.

>>5260
>this kills the userbase

I'm not supporting mobile posters by any stretch of the imagination, huge chunk of them are obviously ban evading shitters, but we're too far committed at this point to yank anything like this without serious pushback.

Ban evaders and chronic shitposters are often insane so I don't think anything short of complete mobile banning will work

The first time someone gets a "you must wait 3 hours until your IP is whitelisted" message while trying to post, there'll be riots in the streets and anons storming the Bastille.

>>5263
mobile IPs could require some kind of registration? That would make evading less desirable, as you'd have to go through the effort of making some kind of account.

>>5266
Registration would go against one of the core values/qualities of 4chan.

>>5254
an hour is way too long.
I'd suggest waiting 5 minutes before you can post.

This won't eliminate evaders, but it should deter them from spamming.

Still, this would impact the userbase, cause general anger, likely make the site even less attractive for advertisers and cause other issues. I live in a country with few ISPs and dynamic IPs are the norm, this would most likely annoy me as an user.

A better ban system would be great, but finding a good way to do it isn't that easy.

>>5268
5 minutes is enough to deter pure flooders, but not nearly enough to discourage someone who thinks declaring war on a topic is hilarious.

Still, there should be no problem with your dynamic IP changing on you as long as you didn't switch browsers in the meantime (though I guess I didn't think this though because it necessarily opens the door to the cookie baking problem). The goal is still that your average poster living with a specially flagged ban evader should only ever be hit by this at most once and preferably zero times per device they're using to browse 4chan.

If it's still too oppressive as a permanent regime it could still be something that could be turned on for a day or hours at a time during the time that a poster is actively evading. But I guess if it were an easy problem it would have been solved a long time ago.

cookie editors exist (thank you sad panda)

>>5260
I would be a supporter of no phone-thread-creation.
>>5265
this is of course true too
>>5266
Registration of any kind is the biggest no-no of 4chan. It's not an option.
>5268
A wait period for thread creation is something I'd strongly like, even if it was as short as a few minutes. Even if it doesn't stop spamming inside threads, spamming inside threads doesn't kill anything like a single ban evader can wipe a board.

A better mousetrap for ban evaders has been a constant goal of everyone that deals with them for a long time. I point to this thread >>5163
>>5164 or any of the other threads around dealing with its ideas in efficiency in shitpost shovelry, which is what this all comes down to.

We all would like the process more manageable so we don't feel as outgunned and get as worn down. More people shoveling of course help, but are hard to find.

It's been said multiple times by multiple people in #janiteam that whitelists, cookies and posting timers will never happen because
a) They go directly against why people browse 4chan for (anonymity)
and
b) They would require an immense amount of restructuring for the site and they would place an additional and not indifferent load on the servers. Even though to the eyes of someone who browses it every day 4chan may look small, please keep in mind that this site gets millions of visitors and thousands of hundreds of posters every month.

This said, blocking mobile posters wouldn't work. Legit posters and casual users would find themselves blocked from contributing, while shitposters would only have to change user agent to evade the filter, and there's too many providers in the world to compile a list of every mobile provider and putting them all under filter (which brings us back to point b), which wouldn't even work because even the most basic phone browser supports proxies nowadays.

The real problem is with the most dedicated rule breakers, and they will never get stopped by filters or blocking, otherwise wordfilters would've solved this problem ages ago.

File: 1432500480717.jpg (78 KB, 452x468)

78 KB JPG

>>5272
>thousands of hundreds
hundreds of thousands*

>>5254

This is very similar to the Wikipedia idea of a soft block, where an IP is blocked except for those who have already created accounts, or in this case, made any post.

Speaking from that experience, there are always people that will: make an account (or in this case, post inconspicuously) under a different IP, such as there phone, and then use the cookie to continue posting; or like >>5257 said, store cookies away for a rainy day.

Like >>5261 said, this could be mitigated somewhat by storing the IP address in the cookie, but now we need a whitelist cookie for every IP address the user posts from. I don't know what 4chan does because I'm not a developer, but on Wikipedia we used Varnish for an HTML cache, and having many different cookies with different logic that determined whether a certain user was blocked would have created a lot of cache fragmentation, reducing the performance of the site.

One of the ideas behind blocking vandals (and ban evaders) is work mitigation: how much effort is the evader willing to put in to keep evading? A cookie blacklist is useless because most evaders will put in the small effort of using incognito, but there are other ways to track users across IP addresses. Wikipedia has not used them due to privacy concerns, but I'd imagine we could care less on 4chan.

For example:

* E-Tag caching: works across incognito, and requires evaders to install a browser extension to force cache clearing. Depending on 4chan infrastructure, this can even be done with a normal-looking resource so it'll be a while before users figure out we're doing this.

* Canvas fingerprinting, which cannot be evaded unless you're using the Tor browser, but would need to be combined with other data to make sure the identifier is unique.

* HSTS supercookies, which don't work for Firefox anymore, but iirc Chrome refused to fix because they preferred security over privacy.

>>5274
(con't)

I think there is still a lot for us to explore in terms of blacklisting. There will always be one or two people who want to put in an obscenely large amount of effort, but if an evader has to switch browsers, install an extension, refresh their IP, and change their User Agent every time they get banned, I have a feeling we'll be able to lock out most people.

>>5274
>Wikipedia has not used them due to privacy concerns, but I'd imagine we could care less on 4chan.
People already cry like it's another holocaust whenever anyone in the staff does anything at all, how do you think they'd react if not only something like what you listed was implemented, but it was also done in secret (like canvas fingerprinting)? Privacy is a real concern for a lot of our users. They like 4chan precisely because their posts and opinions cannot be linked back to them.

>>5267
>Registration would go against one of the core values/qualities of 4chan.
>>5271
>Registration of any kind is the biggest no-no of 4chan. It's not an option.

We said the same thing about Captcha, and it has been here for years.

>>5277
I don't know why you're trying to conflate those 2 very different issues, or why you seem so enamored to the idea of undermining something as fundamental as not needing to register an account to use this website. Evaders have been a thing long before mobile browsing was commonplace and would continue to be a thing no matter how draconian a registration system or cookie whitelist you impose. At the end of the day you'll only inconvenience regular users

Even if that was a tenable solution, you really ought to stop and ask yourself if it's actually worth going to that length just to curb ban evasion. It's not, and that much really should be obvious.

>>5278
>people spamming stupid shit vs people spamming stupid shit
>conflating 2 different issues

If you want to argue it wouldn't work, fine. But don't act like I suggested some terrible solution.

While I'm enthralled at the prospect of banning all dumb mobileposters forever (okay, not really), I think that's likely to be a dead-end discussion that should be had in another thread if it needs to be had at all.

>>5272
>a) They go directly against why people browse 4chan for (anonymity)
I've heard the idea brought up and dismissed a few times but I'm not sure it's ever been on the grounds that they unconscionably violate the "spirit of anonymity." IIRC the issues usually brought up are the barriers placed in front of new posters and overall practicality.

>b) They would require an immense amount of restructuring for the site and they would place an additional and not indifferent load on the servers.
Yeah, I'm aware that 4chan's server capacity is not unlimited. Adding some sort of post authentication layer to 4chan is likely to have a noticeable impact on the site. I don't know how much that would be compared to what we already have (I think the most computationally expensive operation associated with a single 4chan post is thumbnailing it, but I don't actually know) but that's a practical consideration which we can measure concrete trade-offs for if it's decided that a better mousetrap would actually be improvement.

>there's too many providers in the world to compile a list of every mobile provider
We already block all open proxies and Tor exit nodes and there's a lot of those, and the vast majority of people share a few major carriers. Not saying that we should ever actually DO this, but there is a difference between something being technically impossible and something being a workable but bad idea.

(cont.)

cont. from >>5280

>>5272
>The real problem is with the most dedicated rule breakers, and they will never get stopped by filters or blocking, otherwise wordfilters would've solved this problem ages ago.
You don't have to be an autistic and dedicated rule breaker to dodge a filter, or, for that matter, evade a ban. All you have to do is think that the word filter is stupid (which takes about 1 second to get around) or that the mod who gave you the ban is a big fuckhead (which takes like 30 seconds to get around). Both of these aren't exactly rare sentiments on 4chan.

Making it harder to evade bans is not going to eliminate the endgame autists who are both highly dedicated and technically skilled, but a lot of people evade all their bans simply because of how easy it is. Better shouldn't have to be the enemy of reasonable; a nice, sturdy lock on your bike isn't going to stop an professional bike thief but it still makes it much less likely that somebody will run off with it.

>>5274
>>5276
>Wikipedia has not used them due to privacy concerns, but I'd imagine we could care less on 4chan.
>Privacy is a real concern for a lot of our users. They like 4chan precisely because their posts and opinions cannot be linked back to them.
I believe it's been said explicitly in #janiteam and possibly elsewhere on 4chan that 4chan was not ever planning to implement most of the things that Panopticlick uses, probably on both technical and principled grounds.

Using them doesn't necessarily mean you're unconscionably trampling over internet privacy or even anonymity if, you say, hash the data and throw it away every 24 hours (the EFF itself hosts the most well-known example), but I don't anyone's going to try and harden 4chan to that degree. Certainly not before lesser measures have been exhausted and found wanting and it's not even obvious that those are even under serious consideration.

On a last note, I would also like to mention that in the OP I was envisioning something that would be a replacement for the range ban system and only used for limited periods of time on a small number of ISPs, not a general site-wide default 4chan policy.

Part of this is highly self-serving that it's a lot easier to justify relaxing a restrictive system (the range ban) than restricting a relaxed system (posting in general).

Given the number of dynamic ISPs shared by thousands if not millions of people (mobile and national ISPs) it could be that this is a fundamentally flawed premise, but I don't want to jump ahead into considering major changes to the way 4chan works in general.

>>5280
>We already block all open proxies and Tor exit nodes
We don't. We only block those that are banned, either manually by mods/janitors or via rangebans. And even then there's often false positives. Just ask how many appeal requests mods get every week from people who are mistakenly caught in a proxy/tor node ban.

>the vast majority of people share a few major carriers
You seem to forget that there's hundreds of countries in the world, each with several different providers.
Not counting the countries that have providers which serve phones and desktop connections from the same IP pool, of course.

gonna reiterate what a lot of people already said:

ignoring the fact it's against the ethos of the site, it'd be inconsequential for shitposters to farm whitelisted cookies for use. salting with an ip is largely irrelevant because a shitposter would just use his existing botnet to farm for cookies, so they'd still be valid.

beyond that, trying to store identity information and track sessions for 20-odd million users with or without an actual user system would be a significant increase on overhead for a site that traditionally runs incredibly lean, and every hit would require db hits which is very different from the static rendering that 4chan currently uses to achieve it's efficiency. Look at how badly 8chan is failing to scale its software with presumably close to 1/1,000,000 of the traffic.

if you've been around for a while you'd know that our lovely friends on the other side of this issue are incredibly pervasive and have engineered some idiotically efficient and autistic solutions to circumventing bans, post timers, captcha, etc. afaik the ponyspammers still are using a custom browser extension to pipe posts through a rotating proxy list while maintaining a type of scoring, and this was post-captcha where they at least had to type that. look at kimmo if you want an idea of what it could be.

it's a nice pipe dream but ultimately won't happen. captcha has been the one exception but that had very different circumstances and implications.

>>5276
well just because people bitch on /qa/ shouldn't stop us from acting, whether it be this or something else.

>>5282
I think that is an important distinction to make.

Just because you have a grenade in your toolbelt doesn't mean that it has to be used in every case, it can be used rarely, when necessary while maintaining the use of the scalpel most of the time.

>>5283
Just because there are 3 phone carriers in Vanuatu doesn't mean we can't do more for the 4 major carriers in the US where the majority of traffic comes from. We can do more with what is the common problem and leave outlying be.


The point is that more new tools in the toolbelt to use is a good thing. Coming up with new tools is the goal, not 4chan accounts, finding a way to make it work instead of flat out dismissal.

>>5286
And again, as other people said, to do something like this would need a complete restructuring and overhaul of the site, which won't happen. 4chan has limited manpower. The amount of developers involved in it can be *literally* counted on the fingers of one hand.

>>5288
>The amount of developers involved in it can be *literally* counted on the fingers of one hand.

Using American Sign Language, I can count to 999 on one hand.

File: i have no words.jpg (10 KB, 240x250)

10 KB JPG

>>5290

>>5288
Is there a reason they don't bring on more devs? I'm sure some of us here would help out with stuff (I'm guessing it's some sort of legal thing).

>>5294
>misuse literally
>get smartass response

>>5295
why would hiro let smelly janitors touch the precious source code

>>5296
>misuse literally
>implying I was misusing it

These new janitors, I swear.
Go read moot's blog posts. There's less than 5 developers on 4chan. In fact i'm not even sure there's more than two who are currently working on it (that is, desuwa and MVB, the two who are publicly known).

>>5284
>salting with an ip is largely irrelevant because a shitposter would just use his existing botnet to farm for cookies
Most shitposters don't have a botnet, they just have the ability to reset their IP address. Once you lose the IP it's hard to get back.

Tracking doesn't necessarily have to be done on visit, it can be done on post (in which case five to ten minutes of wait might be more appropriate).

>afaik the ponyspammers still are using a custom browser extension to pipe posts through a rotating proxy list while maintaining a type of scoring, and this was post-captcha where they at least had to type that
The lion's share of evaders, even the irritating ones who flaunt their evasion, aren't nearly this autistic. Ponyspam level autism is a special case and very far from the "typical" evader.

>>5288
4chan has gone through a couple nontrivial upgrades in the past, including the inline extension and the json API, and five developers is a small startup's worth. Granted they're probably being paid $tacos or thereabouts for what time they donate but even if there's no bandwidth now or for the foreseeable future it can go onto a backlog if it's eventually decided that it's not a terrible idea.

Implementing a version of this with the most crippled functionality (whitelisting IPs when rangebanning) would take work but that, for all its multivariate problems, still wouldn't require a complete overhaul of posting.

>>5300
>Ponyspam level autism is a special case and very far from the "typical" evader.
I've been here for over a decade. I'm telling you right now that the level of autism has been pretty consistent, and what I learned quickly was to not underestimate people who will dedicate exponentially more time to a problem than I'm willing to.

>>5302
why are we here? just to suffer?

>>5304
just remember
you're here forever

>>5304
you feel it too, don't you?

What makes me upset is the fact there's been more and more people ban evading or just generally shitposting on mobile.Yes, it's easy to complain compared to putting up a solution other than temporarily rangebanning an area but I just want to bring it up.

>>5309
>What makes me upset is the fact there's been more and more people ban evading or just generally shitposting on mobile.
It's still a negligible amount compared to the people who never evade, or never post at all. Evaders can be vocal but they're a very small minority. Just be glad it's not worse.

Could a workable solution be some method of tracking the devices the most pervasive and severe evaders use, and blocking those specifically via a flag check? An old newgrounds game that had especially pervasive cookies set comes to mind in terms of the general idea.

Basically I was thinking it could be some new tool for the Manager/Senior Mods wherein they can mark a specific poster's IP to get this treatment, which delays post deletion/block from posting/etc until the next time the user posts and sets some sort of difficult to delete cookie somewhere in the device's relevant %AppData%-like quadrant, whose specific location would be recorded on our end. Then if a post is made from that specific IP range in the future, it could check to see if any marker(s) exist and block the user redirecting them to the initial ban in the system.

Other ways this might be made more difficult to block could be taking a book from virus protocols by having a pair or some number of files that all cause the post to be blocked and, upon said failure our end regenerates the other keys (Not the keys themselves, last thing we'd want is to have shitposters claiming 4chan gave their computer a virus) or some sort of built in extra tools to help law enforcement in some ways? Either way I'd expect something like this would only be used against the most disruptive evaders that exist, extremely sparingly, but the concern for hampering average user performance is pretty severe and it may be a step too far for so little. I'd like to hope that there'd be some way under the hood to ensure the server doesn't perform any strenuous checks for IPs/IP Ranges unless there is a good reason, so unless there's a pending marker out it would never even consider it those parts in the posting algorithm, but I'm not a blue palm and can't say I know server side overly well, or even if this is feasible anymore. That NG thing is 6 years old and cookie deletion is probably significantly stronger in the meantime.

>>5314
Something like this is likely never happening, any ways to ban users is not going to be happening on their computer. Privacy issues and all.

>>5314
>>5315
cookie bans already exist and have for a long time

File: cookiemonster-o.gif (356 KB, 320x180)

356 KB GIF

>>5316

>>5328
MOOOOOOOOOOOOOOOOOOOOOOODS

>>5328
ANON claimed this post was a joke.

>>5331
Clearly he means we're going to throw a pizza party and shoot some cans down at the range, have a good old time, and convince him to reform his ways.

>>5277

I think the issue of red boxes was much more pressing than evaders personally. Evaders aren't nearly as oppressive as machine ran spam was.

File: orbital_ion_cannon_by_ale(...).jpg (189 KB, 1131x707)

189 KB JPG

>>5328
Anything less than orbital bombardment is unacceptable desu senpai.

>>5263
>this kills the userbase

4chan was better when the userbase was smaller anyway.

No reason why phone posters couldn't still lurk, but I think they should have their posting privileges revoked.

>>5393
I find it funny that Australia/NZ regularly gets posting taken away.

>>5393
I don't say that far, but I do say that posting of images and especially posting of new threads should be a privilege and not a right of phone posters. If there is spam using phone posting then we should be quick to take it away on that board for a time.

>>5395
I'll also say that a time requirement ip feature for at least creating new threads would be nice.

Stops the immediate airplane mode.

>>5393
These days I only use my phone for lurking because my mobile internet is awful and I just really dislike keyboard typing, I also had captcha issues too which didn't help.

>>5395
I agree. I've been observing some of the recurring bad threads that pop up on the boards I janitor and I have a strong suspicion that they're created via phones. If some restriction is placed on phoneposting I think that if you use a 4chan pass while posting from a phone you should be able to do everything you can do while posting on a PC.

Couldn't some sort of cookie tracking for phone posting be implemented? Wherein, similar to OP's idea, but on a device basis so when a phone posts, it has a cookie derived delay on the next time it can post, regardless of the IP being posted from? Seems if we can cut down on the rate phone posters can post (which shouldn't be an issue realistically for most posters and wouldn't be as obnoxious to legitimate users, the more evaders we can simply dissuade. The more steps we add to the evasion process the fewer will have the autistic fervor to continue on, and the general quality of threads beset my numerous minor evaders would hopefully increase.

>>5254
I'm pretty sure I've submitted 50+ ban requests on the same individual in the last 12 hours. By the time I go to sleep I would not be surprised if he had accumulated 100 evasion BRs in a 24-hour period.

Forcing janitors to choose between allowing someone to shit up a thread with impunity and going to sleep is stupid.

If it's a matter of developer resources, I would be happy to commit them myself.

>>5393
I support this

>>5547
>Forcing janitors to choose between allowing someone to shit up a thread with impunity and going to sleep is stupid
This is not a technical problem and there is no technical solution. The problem is some users who are willing to expend that much effort to be abusive, including circumventing more or less any technical hurdle we can place in their path.

That goes for most of this thread. Improvements to make janitoring easier is one thing, but improvements to make ban evasion harder are a time sink with little profit.

I bumped this thread with a comment that had been addressed through a channel outside of /j/, so I removed it.

Please enjoy the anachronism.