Finding originating account of anonymous posts

I’m trying out posting anonymously and trying to think of everything that would need to be in order
before I can introduce this.
Absolutely love the ease of use of this feature from a user’s perspective. Cute little icon, perfect.
The most important question I haven’t been able to answer myself is: what would be an easy way to trace the author of any given anonymous post and find the actual account it originated from? Is there any I’m missing?
In our case being able to make this connection is necessary; it is imperative that our moderators can quickly follow up on any abuse.

The whole point of anonymous mode is that it’s not easy for an admin/moderator to figure out who posted it. If you need to be able to track who wrote any post, don’t enable anonymous mode.

To link a real user to a anonymous account, you’d need to do some digging, likely checking IP addresses, writing styles, last seen times, and more.

3 Likes

Is the underlying idea here that ease of use promotes abuse? Of course with something this privacy-sensitive you would have to tread very, VERY carefully. But isn’t the same true for many other actions that are readily available to admins, like, entering people’s mailboxes and whatnot?

Quite a long story short: there is a use case here.

1 Like

sorry, it did not see this: Can staff be able to see real author of anonymous posts - #6 by Un3qual

and i did not notice that this even has a query in it:

so i’m off to try this out.

… no?

Open the admin user page for the anonymous user, and click Show Email. The controlling user shows up as a login method. Or was that removed?

1 Like

Nope:

4 Likes

I must say this puzzles me… the point of it is to enable members to disclose (hyper)sensitive information without a possibility for their fellow community members to know it was them.

This inherently makes it super super super abusable. Thinking of possible agressive retorts to said sensitive shit is not something I want to do for a long time 'cause boy it’s depressing.

I need to be able to tell them that of course if needed, we can Do Stuff.

How am I going to protect my members if all I can say is ‘sorry guys, this is the big bad internet for you, nothing I can do’?

Anyway, query said no. Is there anybody who could give me pointers on how the shadow account is related to the ‘real’ account, database-wise?

There’s a good reason why that feature is disabled by default. You should have a really good reason to enable it and you should trust them to not abuse that feature. Maybe use a higher anonymous_posting_min_trust_level?

You can use the following query in the Data Explorer if you really need to find out who’s who. But, if you need to use it on a regular basis you should really ask yourself if your community members are ready for the anonymous posting feature.

Choose the right query depending on your version of Discourse:

Query for Discourse v2.3 and newer
SELECT a.username AS anonymous_username, u.username AS original_username
FROM users u
       JOIN anonymous_users au ON (u.id = au.master_user_id)
       JOIN users a ON (a.id = au.user_id)
Query for Discourse v2.2 and below
SELECT a.username AS anonymous_username, u.username AS original_username
FROM users u
       JOIN user_custom_fields ucf ON (u.id = ucf.user_id)
       JOIN users a ON (a.id = ucf.value::INT)
WHERE ucf.name = 'shadow_id'
ORDER BY a.username
13 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.