Wiki is about to be closed
by Volker Weber
I added a wiki to this site to facilitate collaboration. This has been a mixed success. There are some pages, that work really well, like the AimIDs and SkypeIDs pages. It has not been used for very much else though.
Things are changing however. We now have a few very busy users who flood the wiki with their invaluable commercial messages. And frankly, I am a bit tired to go in there each day to clean them out. I mean, it is quite easy. Show revisions, select the last good revision, edit the page, save the page. The only problem is: I have to do it myself. And that is a little bit of work every day, as you can see here:
I am trying to avoid this kind of situation by banning large parts of the internet from editing the wiki. But IP-banning does not solve the problem. It can only be solved by either applying a login/password scheme or by a community that takes care of those edits.
Since there is no community that takes care of it and I have no intention to start to register users, the end of this wiki is near.
Update: Because Marco asked - he is not a spammer. His entry was the target of a spammer.
Comments
From a Notes point of view i would recommend not allow anonymous to edit pages but just create a page change request which has to be approved by you. I could imagine this is much less work...
Update...have a list for approved editors you know and autoprocess them. Less work. Don´t know wether this works, but should...
Well, not allow anonymous... But isn't that exactly the point of a wiki? Otherwise it wouldn't make much difference to vowe.net where there are a number of registered editors contributing as well.
As much as I don't like challenge-response with a graphic puzzle as a solution for email spam, I think it might be a good solution for Wikis. Forcing users to enter a real email address and respond to an email message before being approved to edit each page, combineed with whitelist and blacklist checks against the email address, plus a limit on the number of posts from any IP that isn't whitelisted would go a long way to solving the problem. But (a) someone would have to write the software, and (b) this would just be an escalation of the arms race. The truth is, there will never be a foolproof solution without strong Notes-like PKI-based authentication.
-rich
So how does a big wiki like wikipedia do it ? I've been on their site only a few times, but it always looked clean.
Do you mean that there is a large part of the wikipedia community that is just daily cleaning out the spam on the site ? That's just a big waste of time.
Richard Swartz, by Notes-PKI you mean certificates that are attributed by sender person or by sender server ? I presume sender person, but I've been away from notes now for a loooong time, so a bit rusty.
How would you link the certificate to the person so you know it's a real person and not a fake alias ?
I don't see a good solution for that unless you link it to real facts - a social security number, or the id card of a person (for those of us living in Europe).
Am I missing something ?
A Wiki, by design, is made to encourage the free flow of information. Thus, every barrier you create that will drive away potential donators of valuable content is in itself a direct opposition to the basic concept of a Wiki.
As I see it, there are only two ways to keep a Wiki "clean":
1) the community of users who are active cleans out the trash
2) you use something like an automated blacklisting tool (MT-blacklist would be a good example) that checks the submitted updates/changes/additions and if they match an unwanted pattern, rejects them.
For very popular Wikis like wikipedia maybe 1) is a working solution - I don't know. For Volker's Wiki is mostly maintained by himself this won't work. Unfortunately I don't know of any software that would implement solution no. 2).
Alex - Wikipedia is kept clean primarily by the fact that so many thousands of people are making the effort to keep it clean. They probably have some automated defenses as well, but I'm not aware of specifics.
Regarding PKI, I'm postulating a system of trustworthy end-user certificates issued by public Certificate Authorities. Currently, one can easily obtain user cerificates from various CAs for use with S/MIME messaging, but it's not free and very few people have actually done it. The validation of identity done by the CAs isn't perfect, either -- AFAIK, they rely on credit cards as the primary source of identity. If PKI usage became ubiquitous, certificate authentication wouldn't be the type of barrier to participation that Stefan brings up, but it certainly would be a huge barrier today. I'm not optimistic about PKI becoming simple enough and cheap enough to be ubiquitous in the short term.
-rich
Richard,
I think most people will only begin to use it the moment that it is available effortlessly and to use it is even less work.
Currently in Belgium the governement is launching a new id card with integrated chip containing your data. Everybody will get his or hers within the next few years. I think adding/connecting a certificate to it so you can use it to pay/order/send verified mail should not be that difficult to add to it.
(I already use a id+password+token received from the governement to input my taxes online - and I get an immediate result of how much I'll have to pay or receive !!)
While you are solving the global ID and SSO problems, I have locked down the Wiki. :-) Read here.
Alex -- I do agree. Technically, it would not be that difficult for the government to issue electronic tokens to citizens. And if the government listens to the engineers instead of the salesmen, they might even use technology that won't be obsolete in two or three years. Here in the USA, however, many people are very suspicious of government IDs. (And with our current government, I don't really blame them for being suspicious.) They would insist on a private sector solution with a choice of CAs, optional participation, etc. Of course, this makes the whole thing a lot less likely to really meet the need for ubiquitous trustworthy authentication.
So, Volker, now that we're done working on the global ID and SSO problems, what else would like us to work on? :-)
-rich
