Set anonymous mode trust level

Hi Guys,

I might be missing something here but we’ve got some categories that are trust restricted, there is a use-case for anon posting in these categories. Users who meet the requirements to access the categories and use anon posting mode find themselves too low a level to access back to where they were to make use of the function.

I’ve looked for something akin to “Anon mode trust level” but only found what trust is needed to use the function, not what trust is inherited or defined.

In plain English there’s people wanting to talk about depression or anxiety etc in “lounge” and using anon mode find themselves outside lounge with no way in.

Any ideas?

It feels like we need this:

image

If we sync trust level then it kind of makes anon less anonymous, I guess if min posting anon trust level is set to 2 then anon account should be tl2

I am pretty mixed on adding more features to the anon piece cause it feels to me it simply is not anon enough. If you want anon you use a throwaway account and connect via tor.

7 Likes

Is there not a supposition though here that anon mode users are to be trusted? We already have a setting to set trust levels to use the function afterall…

I accept freely that if you want to [anon anon] you can use a throwaway and connect via tor. This kind of begs the question what is anon mode for? I think it’s strongest use case is for trusted members of a site to share things and have the community understand that the anon post came from someone who is more or less a valuable peer of theirs.

There’s a VPN built into opera these days, Tor is free, Protonmail VPN I think is free, it’s trivial to separate out IP addresses from accounts etc, what’s less trivial is trusted-but-anon feedback/thoughts/views that are freely given by the poster for the benefit of the community. There’s a variety of takes on that that very specifically add to the discourse.

If nothing else it seems mismatched to require trust to use the function without inheriting that trust. Anyone posting anon when you need trust level… 3 to use it. Well, you already know that person is trust level 3 by default. That’s built in.

3 Likes

This also breaks the Always-Anonymous Categories plugin when the category has restrictive trust level settings.

It would be intuitive to copy the trust level to the anonymous user. On the other hand, this is a broader issue: categories could not just be trust-restricted but they can be restricted by any group membership, which would require syncing (and continuously re-syncing) all the users groups to the anonymous user. That could definitely be misused to figure out an anonymous user’s actual user.

Maybe it would work to be able to set default trust level and groups for the anonymous users?

The anon user inheriting the trust level of the original account it was spawned from makes a lot of sense though. That seems easy to me? It is a single account variable we always expect to be there.

Inheriting other group memberships would be HUGELY weird though.

3 Likes

Hmm I’m thinking… Inheriting it means you would need to sync it (otherwise other problems would be lurking around the corner), and syncing it would open the door to figuring out someone’s real identity / actual user by observing trust level changes.

I think Sam’s idea of setting it to the min anon posting trust level would be best.

Nah, I don’t think that is required.

The risk here is that if you have 3 trust level 4 users, if they go rogue anon, it will be easy to deduce who the anon is.

Inheriting min trust level required to unlock the feature though makes total sense and adds very little risk

1 Like

Oh I see, so you can’t use anon mode at all until you are a certain trust level?

Hmm. One thing I don’t like about this is that you have to know the site setting exists, and to change it, versus automatic inheritance of current trust level which

  • works all the time out of the box, zero config required
  • does not add a site setting

I still favor automatic inheritance of current trust level. It’s the least surprising thing, yes there is a minor downside with counting the number of users at TL2 or TL3, but them’s the breaks.

3 Likes

Are you sure?

Scenario 1: I’m at TL2, an anonymous user is being created, it inherits TL2. I go to TL3 but can’t go and post anonymously in my favorite category. I get a weird error.

Scenario 2: I’m at TL3, an anonymous user is being created, it inherits TL3. One year later I’m back to TL2. There is a category which allows me to post anonymously but does not allow me to read topics as myself.

Yes, I’m sure I don’t care about either of those scenarios, as I think they will be so rare in practice as to not matter. I think “good enough” is a quick simple code change to have the newly created anon user grab the current trust level of the user it is spawning from. Probably one line of code?

We could always improve the behavior later if people start complaining about it, but I doubt that will happen due to the rarity of this feature being used at all.

I like to scale the engineering effort to the rarity of the problem, personally, and I am a big fan of “good enough for now” solutions, provided they aren’t hacky, and I don’t think this would be.

2 Likes