"Body is too similar to what you recently posted" should be turned off for private messages?


(marten) #1

I’m trying to tell 5 people that I no longer have any Atom.io invites left. They’ve sent me private messages. Surely copying/pasting “Sorry, I’m all out” should be allowed?

I realize there are probably counterpoints against this, but I wanted to provide a data point in favor of dropping the limitation.

Same goes for the limit to how short messages can be: I wasn’t allowed to just reply “Sent!”, which cost me about 5 seconds of my valuable time :stuck_out_tongue:


(Jeff Atwood) #2

Minimum PM body length is already a site setting, I am fairly sure.

I am not sure we generally want people sending dupe PMs to everyone though? You could just add their name to it.


#3

While I agree with the OP I also acknowledge the quoted follow up. Adding a variable such as a name is a simple way to circumvent the body text similarity message but at the same time, if it is so simple to circumvent how worthwhile is the security measure?

I mean if we’re worried about bots, spamming, etc. then a programmer can quickly adapt a bot to add junk text in various locations in a randomized way to circumvent this. Of course I could be underestimating the algorithms used by the ‘similar body text’ calculations. Still…if an easy change like this could allow a bot spammer access to a community as large as this it would likely be worth the slight additional effort to the programmer right?

Within our own community we always ask ourselves the question; is something we’re about to implement for the sake of security more likely to complicate and frustrate our users or more likely to actually increase security and that overweighs the costs to the users & usability?

I guess it also further depends upon the priorities of the given community.


(Jeff Atwood) #4

TL;DR spammers are really really lazy.

There are also forms of griefing that become a lot easier without this kind of blocking in place.


(cpradio) #5

That wouldn’t necessarily work if you were responding to several individual PMs. If, for example, I’m a staff member and I’m on vacation and I get a chance to checkin and I see I have 10 new PMs from various members. If I want to respond to each of them stating I’ll get back to them upon my return, I wouldn’t want to do that in a group PM. I don’t want to expose them to each other.


(Kane York) #6

Hey %USER%, I appreciate the message. I’ll get back to you on DATE when I’m done with vacation.

It’s slightly more work, which is exactly what spammers want to avoid always. Just like having to GET /session/csrf before making any programmatic requests.


(cpradio) #7

Sorry, I haven’t done a group PM yet, but can the recipients see who it was sent to? Such as To or CC by email? Or is it treated more like BCC?


(Régis Hanol) #8

All recipients can see the list of all the participants in the PM.


(cpradio) #9

Okay, so there would be cases I wouldn’t want that, so doing a general reply to a group of users would defeat the purpose. I wouldn’t necessarily want to expose the recipients to each other. So that isn’t a viable solution for me (granted this would be a very low priority for me, as I don’t do it often enough to need it right away).