"First Flag" badge has precise public timestamps that could be correlated with flagged posts

It’s possible to see a full list of everyone who has been granted the “first flag” badge, and the corresponding RSS feed first-flag.rss gives a timestamp that’s precise to the second for when the badge was grantedAt. That’s far too much information, and makes it possible for someone to correlate those timestamps with the time their post was flagged. This holds even more strongly on forums with less traffic.

Please consider not supplying timestamps, or ideally, not supplying any public information about other users with the badge. Ideally, I’d suggest having a list of “sensitive badges”, and not showing any public information about who else has those badges: no usernames and no timestamps.

9 Likes

That’s a good point! I wonder if we should have special code path for this badge @sam?

1 Like

I wonder if we should just pull the badge? I am not sure if it is worth carrying a special path here and not certain this badge really has too much value.

@joshtriplett one simple thing you can do on your instance is disabling the badge.

6 Likes

Fixing it in the query should be a simple matter of date_trunc('hour', flag.created_at) as granted_at but considering whether the badge should be around at all is also a good point.

2 Likes

Pulling the badge seems like a reasonable approach as well. Moderation doesn’t seem like something to gamify.

Also, hour is still much too precise for small instances.

3 Likes

We definitely want the badge, so if you want to take the “time truncation to month” fix @riking that’d be ideal. There’s not nearly enough flagging in general, so we need all the encouragement we can get…

In the meantime @joshtriplett you can disable that badge on your instance.

2 Likes

I am not sure doing anything but removing the badge is worth it.

I got flagged, I go to first flag page, if this is a new user that flagged me, regardless of date truncation, I know who it is. (The last person who got the badge)

My recommendation, if we don’t want to remove the badge, do nothing, people worried about this can disable the badge

5 Likes

Sounds good to me. I’ve disabled the badge on my main instance, as a consequence of this thread. But I see that flagging should have value in the case of a larger (more problematic) forum.

In a small or not-busy forum, there’s a risk of retaliation.

Maybe the badge could be disabled by default: owners who need the boost to flagging activity can enable it.

1 Like

Sure – good to bring it up here so others with the same issue can find it and a possible solution, to disable the badge.

1 Like