Notify Feature can be easily abused

Thank you. :slightly_smiling_face: But I think the kudos goes to @jimmynewtron for discovering this one.

7 Likes

Isn’t the “Flag” feature meant for this purpose?

5 Likes

The idea is not that it should not be possible to notify users, who aren’t logged in. But someobe, who is not logged in should not see the notify button, since you are only allowed to notify, if you are logged in.

3 Likes

I agree with @jimmynewtron that the “Flag” feature is much better for that purpose. If you want to include a response, just use the “Something Else” option.

5 Likes

@dan worked on rate limiting invites, so maybe he has suggestions also on rate limiting the notify feature.

I also am on the fence about whether it is a worthwhile feature to have at all - as far as I know, it is rarely used and the emails it sends are a bit confusing and technical looking. I tried it recently to get a response from someone who was in a rush and just emailed back without reading the instructions in the email carefully, resulting in a bounced email which she then ignored because she was busy.

In this day and age I think it’s just as easy and more effective to just grab the link and paste it into an email or text or tweet or whatever. I feel this way about invites too.

7 Likes

I see were your coming from, personally I still like the invite feature as it can come in handy when working with a large community for tracking invites.

1 Like

Sorry, to be clear I am not talking about getting rid of the invite system at all. I love the invite system! I just mean it is more effective to get the invite link and send it yourself rather than depending on Discourse to send an email.

3 Likes

My apologies, got the complete wrong end of the stick there.

3 Likes

Another simpler option would be to piggy back on the @mention limits . Conceptually it is the same thing and @mentions also trigger an email by default when you are away

Also supportive of getting rid of the feature, it is odd and often causes confusing notifications cause you can never bundle a “why?” with it.

Thoughts @codinghorror

7 Likes

I’m new to editing the site, are there any resources that will inform me on how to edit the css of the site.

Somebody within my community just found out about how this feature can be easily abused.

4 Likes

I would add it as a theme component like this:

  • Go to /admin/customize/themes
  • Click on install and then create new
  • Give it a name, and select ‘component’.
  • Create
  • Add it to your theme
  • Click on the Edit CSS/HTML button and paste the code into the Common tab

And save. :+1:

Though it only hides the button superficially. It doesn’t disable it.

8 Likes

Ah well then, thank you @jimmynewtron ! PM me and I’ll mail you a little something in appreciation as well! :hugs:

(this applies to you too Jammy)

8 Likes

I think it might be more useful if it allows you to attach a response.

Also, it’s a way more subtle method of directing somebody’s attention to a specific topic/reply.

Yeah, but I have a feeling that’s about to change now that Discourse is unifying the share dialogs into one.

3 Likes

Looks like we have two approaches here:

  1. remove the notify button entirely from the share popup. From now on users copy/paste links to share topics with other people.
  2. make the notify button work the same way as an @ mention. Limits are the same as @ mentions, and the email the notified person receives is the same as an @ mentioned person gets so if they decide to reply by email, the reply will reach the topic.
8 Likes

I personally like the 2nd option, but I’m sure others will want to disagree with me.

5 Likes

I prefer option (1) @codinghorror , your call? (1) is a lot easier to do (simply removing code) and the feature as it stands is already problematic cause the “ping” gives you absolutely no context of why you are being pinged.

5 Likes

Yeah, I also prefer option two. I feel like we should give the “Notify” feature a chance and try to fix it instead of removing it altogether.

2 Likes

But at the end of the day, I don’t really care, as long as we can remove the danger, I am happy.

1 Like

Of course, but I think we could easily turn this situation around.


Hence, my proposal. :slight_smile:

We could go with this approach.

1 Like

Could that approach be open to abuse? Would there be a record of what is written there for moderation? (ie. How easily could it be used to send ‘secret’ messages)

3 Likes