Concerns about moderating policies

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

Status
Not open for further replies.
So the site was compromised and the end users were not informed? Was any user data compromised? The "take it down and hide it" attitude might not be the best attitude here. Personally I don't think that should be moderated out...
 
richiewrt:
So the site was compromised and the end users were not informed? Was any user data compromised? The "take it down and hide it" attitude might not be the best attitude here. Personally I don't think that should be moderated out...
Click to expand...

If user data were compromised it would have been communicated.

R..
 
And what steps were taken to insure that? How do you know?

Not trying to hijack the thread, but my professional curiosity is tweaked by this.
 
richiewrt:
And what steps were taken to insure that? How do you know?

Not trying to hijack the thread, but my professional curiosity is tweaked by this.
Click to expand...

I'm a moderator on the site. For this kind of information I have to rely on what the site admins say. The measures they take are unknown to me.

What I can say as a moderator is that when users' accounts get hacked, which has occasionally happened by people who have managed to guess their passwords, then the mods usually hear about it very quickly. The homepage was modified in November and since then, which has been more than 6 months, we have had no reports of people contacting us that their account has been hacked.

To keep things in perspective, there is very limited information available on the database about users. Someone who got away with the entire database would be able to find a list of email addresses, birth dates and ip numbers that they have used to post from. The rest of the information on file is publicly visible.

If you would like to discuss this with an admin I can ask someone to contact you via PM. I'm not sure you would be much wiser for it, however, because for obvious reasons the admin's aren't likely to tell someone exactly how they are securing the site.

R..
 
Diver0001:
To keep things in perspective, there is very limited information available on the database about users. Someone who got away with the entire database would be able to find a list of email addresses, birth dates and ip numbers that they have used to post from.
Click to expand...

That information is VERY valuable to hackers. A lot of people reuse username and passwords across sites, or sites use email addresses for usernames. Especially if the database included passwords, even if those passwords were hashed once they have the database, they have all the time in the world to crack the passwords. At a minimum, I would expect a notification to go out to users who's information was in the compromised database, and a forced reset of their passwords. Maybe this particular instance they didn't gain access to the database and merely defaced a web page, but since we weren't informed I don't know.
 
richiewrt:
That information is VERY valuable to hackers. A lot of people reuse username and passwords across sites, or sites use email addresses for usernames. Especially if the database included passwords, even if those passwords were hashed once they have the database, they have all the time in the world to crack the passwords. At a minimum, I would expect a notification to go out to users who's information was in the compromised database, and a forced reset of their passwords. Maybe this particular instance they didn't gain access to the database and merely defaced a web page, but since we weren't informed I don't know.
Click to expand...

It's a valid point. I made a report of this post to let the other mods know if something similar happens again that we should post a notice advising users to change their passwords as a precaution.

R..
 
2airishuman:
A conclusion I have reached, over 25 years of doing this, is that users that are subject to lengthy bans (anything over a week) do not return as productive contributors. They do one of three things:
  1. Most commonly, they leave the site altogether.
  2. They return under a different identity and try to adopt another persona to avoid detection.
  3. They return, but are angry about what they perceive as unfair treatment, both for the ban itself and the real or imagined "short leash" or "double standards" they are kept on. Typically this ends in another ban.
Click to expand...
A very good summary. One additional point to re-emphasize, that may help the discussion: bans, of any magnitude or length, are usually something that occurs WAY down a long road. I really don't want to ban anyone from anything on SB, for any length of time. So, by the time we get to a ban of some sort, a lot of effort has already gone into trying to communicate with a user, to point out what issues we are having with their style, and their approach to interactions on the board. From my perspective, notwithstanding the good intentions of a Mod trying to 'counsel' a user, even that level of engagement (i.e. far short of any ban) will in a few cases produce outcome 3., above - the user is angered by the attempt, and their subsequent behavior becomes even more hostile, not just to other users, but now to the Mods as well. It is unfortunate when that happens, because it not infrequently leads to a series of short vacations, and eventually a permanent vacation from SB. Fortunately, that is the less common outcome, but it does happen. Most of us don't want to have our 'hand slapped'. That is human nature. I think the impersonal character of the web makes the slap feel worse, and also makes it easier for the user to let their anger roam freely. In an ideal world, everyone would understand that a cautionary PM is simply an attempt to help the user be more effective as a SB participant. That actually happens more often than not. Users respond, 'Thanks for the heads-up. I didn't think my comments were that bad. But, I will be a bit more careful going forward.'

The world we live in is far from ideal, however. So, here's a sanitized hypothetical example of the less than ideal: two users repeatedly get into personal bickering, across multiple threads, with one repeatedly accusing the other of being incompetent, of not having the experience he claimed, etc. The two of them routinely derail otherwise informative threads. So, a Mod sends both of them a friendly PM, asking them politely to 'take it outside' - if they have some personal dispute or antagonism, please address that outside of SB threads. Unfortunately, the responses do justice to 6 y.o. children - 'he started it', 'it isn't my fault, he looked at me wrong', etc. What one, or both, could say in a PM reply would be, 'OK, you're right. I can't stand that guy, he's a complete idiot, but that's between the two of us, and I don't need to make it a public issue in SB threads.' A reasonable response, no public condemnation invoked, problem solved. But, that doesn't happen. One of them in fact replies that the problem is really with the Mods, not him, and that the other user should have already been banned for posting bad information (aka, information with which he didn't happen to agree). That user has some subsequent posts moderated - by several different mods - in response to Reports submitted by other users. After that, he starts complaining about the Mods 'whining' at him, and being 'biased against' him. You can guess the outcome. Short vacation, another short vacation, a longer vacation, and finally, a permanent ban. Reading 2airishuman's informative summary, I think the ultimate outcome in such a case is probably predictable after the first response to the PM.

But, we will still at least make an attempt to salvage the situation.
 
Last edited:
A bit disconcerting. It is one thing to remove a harmless hack and not trouble the members unnecessarily with that information. It is a bit different to use your moderation capabilities to delete member posts that recorded and anounced that hack. It seems to me that the good of the business and the good of the community may not always be compatible.
 
Diver0001:
...//... I guess to you we probably appear to make more bad ones than good ones. ...
Click to expand...
Not at all. I can only imagine the mess if I were at the switch.

Diver0001:
... I can understand that because you are also one of the people who cuts against the grain. You're an out-of-the-box thinker, a little cynical at times, somewhat suspicious of authority and you have a higher than average tolerance for people being blunt. There lies the rub. If we were to moderate to that then we would probably alienate a lot of other users. ...
Click to expand...
Most impressive analysis.

I'm starting to feel very much like pilotfish. I really need to step back for a while.
 
Diver0001:
I can't speak to the reason why you were told that the post was removed but don't forget that aside from being a pleasant pass time for us, Scubaboard is a business.

I'm sure the fact that the site was hacked was very amusing but ask yourself this. If the website from the business you work for was hacked would they put it in the spot light and laugh about it or if they would remove it and get on with business?

Like I said, I don't know what you were told but to me, personally, it would seem unwise to (a) draw attention to the fact that the site is vulnerable to being hacked and (b) make it sound like a joke, therefore potentially leading others to think we find it ok.

I would have removed it. Any mod would have in order to give the site admins the time they needed to figure out how it happened and plug the hole.

R..
Click to expand...
I dont find it amusing, I am a firm believer of freedom of information. A better approach from the board would of been once the issue was resolved, would be to let the people that it may of affected know there was an issue and there personal data is safe. Not just delete it and pretend it never happened. Poor form imho.
 
Status
Not open for further replies.

Similar threads

MAKO Spearguns
Info Dano Compares a Roller VS a Conventional Band Gun
Replies
0
Views
1,372
MAKO Spearguns
MAKO Spearguns
CuzzA
Picatinny Rail Flash Light Quick Disconnect for Speargun
2
Replies
16
Views
2,028
mariner156
mariner156
LI-er
Trip Report Diving Truk Lagoon in December 2023, comparison of Odyssey Liveaboard vs land based accommodations
2
Replies
11
Views
1,316
wlecyt40
wlecyt40
tridacna
Trip Report Bunaken Oasis and Spa: Oct/Nov 2023
2
Replies
11
Views
1,727
gajahduduk
gajahduduk
E
Upcoming Purple Urchin Dive 7/30/23
2 3 4
Replies
32
Views
2,328
Cthippo
Cthippo
https://www.shearwater.com/products/perdix-ai/

Back
Top Bottom