Activated social login, temporarily deactivated normal signup
post by habryka (habryka4) · 2017-10-14T03:59:11.873Z · LW · GW · 11 commentsI have just activated Facebook, Google and Github signup. It currently automatically gives you a username that is just your first name and last name concatenated (or your Github username), but it probably makes sense to allow you to change your username manually in the long-run. Let me know if you run into any problems.
We've also had some spam accounts being a bit annoying, so I've deactivated normal account signup. I will activate it again after I've built some smarter spam account detection systems. If you need an account not associated to a social login in the meantime, just ping me on Intercom and I will set you up with something.
Oh, and also comments at -5 karma or below are now by default collapsed.
11 comments
Comments sorted by top scores.
comment by quanticle · 2017-10-15T02:12:16.384Z · LW(p) · GW(p)
Can you please explain why you're enabling social login, when there is significant evidence that social login buttons degrade usability? To summarize the two links, social logins put additional cognitive load on the person logging in, as they now have to remember what kind of login they used, in addition to remembering their specific login details. Moreover, there is an implicit assumption that people only have a single Github, or Facebook, or Google account. If they do not, then they have to go and log out of whichever OpenID/OAuth provider they were using, login to the "correct" account, and then try to login again on LessWrong 2.0.
The only advantage that social logins provide is that they free the site from having to store usernames and passwords. But LessWrong 2.0 is storing usernames and passwords anyway. I fail to see what value adding yet another login method adds.
I'm deliberately not commenting on the privacy aspects of this, as I'm sure there are other commenters who are more qualified to talk about that aspect of social logins and feel more strongly about it than I do.
↑ comment by habryka (habryka4) · 2017-10-15T02:44:31.050Z · LW(p) · GW(p)
I mostly don't think the arguments for social logins degrading usability are particularly good. I personally much prefer logging in with my Google account, and end up forgetting my password on sites that allow Google login much less often (and also can generally expect my credentials to be much more secure with those sites, since I go through great lengths to keep my Google credentials safe). Hackernews was also not very convinced by that article when it came out, and in the meantime the case for social logins only got stronger. Most of my disagreements with the article that you linked are explained in that thread.
I agree with the Nascar problem, which is why our login menu does not have the relevant logos in their respective brand colors, but instead went for a deemphasized plaintext version, and while there is a very slight effect of reading the names of the relevant brands, I don't think anyone would describe our current login menu as falling prey to the Nascar effect.
We also have an additional reason to prefer social login, and which was the reason for why I implemented this feature now, which is the prevention of sockpuppet, troll and spam accounts. They were a major problem on the old LessWrong, and continue to be somewhat of an issue on here. I might end up having to sometimes temporarily deactivate normal signup when our other anti-spam and anti-troll measures fail (such as I did yesterday), and since it is much harder to create hundreds of fake FB accounts, Google accounts or Github accounts, we can leave those signup options on, even if the normal signup is currently being spammed to death.
↑ comment by quanticle · 2017-10-15T03:02:20.626Z · LW(p) · GW(p)
We also have an additional reason to prefer social login, and which was the reason for why I implemented this feature now, which is the prevention of sockpuppet, troll and spam accounts.
But how does social login prevent that? I have three Google Accounts, two Facebook accounts and two Githubs. It's not any more work to create these additional accounts than it is to create a new LessWrong account.
↑ comment by habryka (habryka4) · 2017-10-15T03:20:19.747Z · LW(p) · GW(p)
While it is possible to have two to three FB accounts, and similar for Google and Github, all of those platforms are quite good at preventing you from getting 100 accounts or more. And if you do create them, it's fairly easy to check whether something is wrong with them (i.e. whether they were just created, or had no activity on them, etc.) Yesterday we had someone generate around 100 spam accounts on here, which would have been much harder to do on any of these platforms (not impossible, but much harder). They use a variety of stuff, from IP-tracking to requiring somewhat hard-to-get-by information such as phone numbers, real-life addresses, etc.
comment by Said Achmiz (SaidAchmiz) · 2017-10-14T06:38:54.809Z · LW(p) · GW(p)
Oh, and also comments at -5 karma or below are now by default collapsed.
Please add a way to turn this off, and/or change the threshold!
↑ comment by habryka (habryka4) · 2017-10-14T07:04:23.731Z · LW(p) · GW(p)
Yeah, that seems reasonable to add to the feature-list. I feel that in general we want to have a better user-settings panel that allows you to change a variety of stuff, but I haven't converged on a good implementation of it yet. I don't like the current settings page (and this will definitely become much more necessary as we fix and improve our notification system).
↑ comment by Raemon · 2017-10-14T19:49:02.528Z · LW(p) · GW(p)
One question: what is the intended number of "people who have been posting a couple weeks" that -5 karma is meant to be approximate? (I can imagine a case for "1 or 2", just wanted to check if that was your intent, since -5 means a different thing than it used to)
↑ comment by Raemon · 2017-10-14T20:02:30.914Z · LW(p) · GW(p)
Ah, I just figured out why the threshold was set to -5, and it is indeed the correct threshold until we solve some moderately hard problems. :P :(
(Actually, given the circumstances I'd set it slightly lower)
↑ comment by Said Achmiz (SaidAchmiz) · 2017-10-15T01:44:20.710Z · LW(p) · GW(p)
Sorry, could you explain, for those of us who haven't figured it out? Why is –5 the correct threshold…?
Edit: I followed the link, but I don't feel enlightened :(
↑ comment by Raemon · 2017-10-15T04:43:39.583Z · LW(p) · GW(p)
So this probably actually isn't true any more because of the login thing, so upon reflection I don't endorse the claim. But there's a person who was creating numerous fake accounts, all posting that exact message over and over again, which was (among other things) showing up on the Recent Comments thread.
My first thought had been "it should take more than one downvote to make a comment disappear" (and many people have Karma strength of 5), so this new policy was basically a one-hit KO. My thought after seeing how many copies of this one obvious-intended-to-offensive-for-its-own-sake thought was "okay, nvm, we at least temporarily need it to be possible to one-hit-KO these things until we get a better solution."
But, hopefully, the other changes introduced in this patch probably mostly solve that problem.
↑ comment by habryka (habryka4) · 2017-10-15T02:47:38.983Z · LW(p) · GW(p)
I mostly just eyeballed what karma levels bad comments and spam comments usually ended up at, and -5 seemed like a reasonable threshold. Having it be a bit lower seems fine, having it be higher seems bad, since it means a single person with vote-weight 4 can hide your content, which seems bad.