thecel
morph king
- Joined
- May 16, 2020
- Posts
- 24,760
- Reputation
- 52,362
I’m thinking about making a site that shows .org members’ locations on a map and can possibly facilitate IRL meetups among .org members. A major decision to be made for how the site will work is the tradeoff between functionality and privacy.
The more info the site can provide, the more that users will have to give up privacy. The less that users have to reveal their info, the less useful info the site can provide. Because members have different privacy concerns, I’m not certain about the system that the site should use.
Poll Choices:
All the systems that have maps will—
I’ll implement the system that a plurality of .org members prefer. Vote in the poll.
The more info the site can provide, the more that users will have to give up privacy. The less that users have to reveal their info, the less useful info the site can provide. Because members have different privacy concerns, I’m not certain about the system that the site should use.
Poll Choices:
System 1. Shows locations on a map without asking users for verification other than a basic CAPTCHA. Pros: Highest privacy level Cons: Giga vulnerable to spammers and trolls. Anyone can post locations repeatedly; CAPTCHAs just slow them down. This system is next to useless for meetups because usernames are unknown. |
System 2. Collects locations from anonymous users who must prove they are .org members without revealing their usernames. In the sign-up process, each user will be asked to VISIT an old, obscure .org thread with their .org account. The server will check that there’s a logged-in viewer by looking at the bottom of the thread’s webpage where it says the numbers of “looksmaxers” and “bluepillers” viewing the thread. If the .org member has “show your current activity” disabled in their privacy settings, my site won’t know who the .org member is, but it will know that the user has an account on .org. Pros: High privacy level and better protection against non-members sabotaging the site Cons: People can still submit duplicate locations because the maps site has no way of knowing when the same .org member makes multiple accounts on the maps site. Next to useless for meetups because usernames are unknown. |
System 3. The same as system 2 with the addition of a private messaging system for users to exchange usernames. RSA private/public key encryption will be used to prevent the site owner (me) from knowing users’ .org usernames. After a username send, the site will ask each user to PM the other user on .org with a specific code word to prove to the other user that they are who they said they are. Again, the site doesn’t know the usernames. Pros: Better than system 2 is for meetups Cons: The “code words” feature doesn’t help much to prevent malicious behaviors. 2 users can validate the legitimacies of each others’ claimed usernames only after they already know the usernames and the locations. A troll can LARP as another .org member to get someone else’s location and then just run with it. The encryption may be hard for some users to use correctly. |
System 4. Collects locations and usernames. In the sign-up process, each user will be asked to REACT to an old, obscure .org thread. Their username will be visible beside the reaction. The server will check this to verify that the user is the .org member who they say they are. Pros: Duplicate prevention so it’s much more difficult for spammers and trolls to sabotage the site. Good for meetups because users may exchange usernames. Cons: Low privacy. The site owner (me) can see all users’ locations. Users can still troll by submitting fake locations and baiting others into doxing themselves, but this problem can’t really be solved because anyone can lie no matter how robust the security system is. |
System 5. The same as system 4 (usernames are known) except there’s no map because the site will collect SHA-256 hashes of users’ locations rather than their locations in plain text. The site won’t show locations on a world map and instead will just check if there are any other .org members who have the same location as you by comparing hashes. Users may exchange usernames. Pros: Users can only check if there’re users near them and cannot see a map of all .org users. This makes it harder for malicious doxers to dox .org users; a doxer would have to guess a bunch of cities rather than simply look for where the .org users are on a map. Since locations are hashed and not collected in plain text, I won’t know users’ locations unless I do a brute-force attack (which I won’t). Cons: Worse for meetups. Different ways of naming a place make different hashes; e.g. “New York” and “New York City” make different hashes, and the site can’t know that they’re the same place. The site owner (me) can brute-force a list of cities to figure out users’ locations. I won’t do this, but I understand if people aren’t comfortable with me having the possibility of doing it. |
All the systems that have maps will—
- require users signing up to provide their locations BEFORE they get to view the map
- disallow users from changing their locations more frequently than once a month
I’ll implement the system that a plurality of .org members prefer. Vote in the poll.
PSL Map Interest Poll
I’ll make a PSL map website if at least 50 members are interested. It’ll be a site that shows where .org members live around the world. Anonymous. Usernames aren’t exposed. I might make a feature that lets users mutually exchange locations if they both agree, but it’s risky because some users...
looksmax.org
Last edited: