Regarding invites and forum visibilities

[kazukidevnull]

I know that the plan is to just keep it to invited members only or ones joined trough the Champaign code during the beta, but what is the thoughts in regards to keeping it that way such that everyone who wanted to join had to have a invite code? i know it's something that likely will be not done since we want as many people as possible to join which invite only schemes have a negative affect on, but i also feel that with as many invites each user gets, it shouldn't really have that much a impact on amount of people joining.

then again, i just realised that this may prevent people who are totally new from joining due to lack of invites, but then again, if a person are new and but truly want to learn and get a career within the industry, the person will likely join various other social networks such as discord servers, mastodon servers, following people on twitter, etc related to such which will likely quickly provide them with multiple people with invites to give out. 

Reason for this is that i feel it could reduce the possibilities of things such as bot signups and reduce the amount chance of people double-accounting, sock accs(for whatever reason) and other negative problems forums often have as well as making the forum feel more trustworthy . but as i mention, this is something i can understand if decide not to do, but wanted to mention for hearing at the very least.

 

Regardless of the things mentioned about, from what i can see at the moment, the forum is publicly visible, and while i do understand the reason behind it, i also wondering about the thoughts on making it visible for signed in people only as doing that reduces what sites like waybackmachine, google cache and other scrapping/indexing tools and services(including OSINT related ones) can get access to easily and thus is better for members privacy and possible making it easier to talk about things without worrying it getting instantly indexed/scraped by something and pulled out of context. if combined with invites only, even better if it was combined with invites only, although i doubt that is going to happen🤔

[MalwareTech]

I think you hit the main issue with invites, we want to be careful of gatekeeping beginners who haven't made industry friends yet.

With regards to forum visibility & access criteria, I'm open to ideas and member feedback. Here are our current concerns:

• Lack of indexing hampers attracting new members. We'd need some seriously high caliber content to spread via word of mouth alone and maintain activity.
• Similar to your point, topics being only visible to member gatekeeps people who are new to the industry.
• Private forums will always have vulnerabilities or moles. I want to avoid creating a false sense of security which encourages people to share sensitive information here.

My biggest concern is that we don't hit critical mass and activity dies off.

[jubjub]

We should be fine on the botted accounts thing and sock accounts shouldn't become too big of an issue. Ideally we'd be able to remove any problematic accounts before they can be too problematic whether they're sock accounts or not.

It's definitely an idea that hasn't been ruled out yet though and any negative impacts of opening up to everyone will be taken into account before that happens. We appreciate the feedback and welcome more people to give their thoughts.

[Florian]

what is if we add something like an application request. 

People without an invite code can send like an application and a Group of designated user will review these from time to time?

so everyone has the possibility and we can still keep somehow a private community

[Nova]

Open community, open threads. Mark seemingly sensitive content with TLP:WHITE if intended for sharing in public.

If its not TLP:WHITE use encryption and mark it accordingly.

[ChickenKing]

I'd be curious to see what ends up happening content-wise if/when the forum is completely open. I think with good moderation it can thrive. Look at the cybersecurity subreddit for example, that sub would have easily gone to hell without the moderation, so I think it's something to consider. 

[Nova]

7 minutes ago, Florian said:

what is if we add something like an application request. 

People without an invite code can send like an application and a Group of designated user will review these from time to time?

so everyone has the possibility and we can still keep somehow a private community

Actually, seconding this.

[jubjub]

9 minutes ago, Florian said:

what is if we add something like an application request. 

People without an invite code can send like an application and a Group of designated user will review these from time to time?

so everyone has the possibility and we can still keep somehow a private community

What would the criteria for approval be? Keeping in mind we don't want to gate keep people who are new.

[Florian]

3 minutes ago, jubjub said:

What would the criteria for approval be? Keeping in mind we don't want to gate keep people who are new.

it's not about gatekeeping. it's more about keeping the bots away.
i don't see a need for any requirements. Just no bot spam

Edited November 7, 2022 by Florian

[jubjub]

1 minute ago, Florian said:

it's not about gatekeeping. it's more about keeping the bots away.
i don't see a need for any requirements. Just no bot spam

But then the bots will just apply? I don't see the difference other than people having more work to do. I wouldn't worry about bots, I've got plenty of ideas to deal with that problem when it becomes relevant.

[Nova]

5 minutes ago, jubjub said:

What would the criteria for approval be? Keeping in mind we don't want to gate keep people who are new.

Not much if any.

1. Filter bots

2. Obvious malicious motives

3. Inability to request access without a hatecrime

That just about does it.

[jubjub]

1 minute ago, Nova said:

Not much if any.

1. Filter bots

2. Obvious malicious motives

3. Inability to request access without a hatecrime

That just about does it.

It wouldn't really filter bots since there'd be no way to differentiate between a bot and a normal user before they've posted anything. Same with the other 2 points. In order to filter those out there would need to be criteria people would have to supply to pass.

[Florian]

are bots that "clever" that they will create a real looking application

mostly they post just garbage non sense with an phishing link or two. -> Personal experience

[jubjub]

8 minutes ago, Florian said:

are bots that "clever" that they will create a real looking application

mostly they post just garbage non sense with an phishing link or two. -> Personal experience

Well what would an application look like? What is the actual thing people have to do in order to register? Filtering bots through this process isn't really needed, just trolls and they likely have the ability to do the exact same thing that another user does.

[Giglio]

Dumb question - I had 3 invites, used one, went to use another. I don't see any invites now and even following the invite link in the Announcements area I appear to have lost the invites. Am I on double secret probation and if so what method of atonement is required lol?

Thanks

[MalwareTech]

We're testing open registration for today to see if server can handle the load

[Giglio]

Cool, thanks!

 

[ChickenKing]

6 minutes ago, MalwareTech said:

We're testing open registration for today to see if server can handle the load

hope all goes well! keep us posted