[wp-meta] [Making WordPress.org] #4696: Hide profiles.wordpress.org from non-logged in users
Making WordPress.org
noreply at wordpress.org
Wed Aug 21 12:43:28 UTC 2019
#4696: Hide profiles.wordpress.org from non-logged in users
------------------------+---------------------
Reporter: jdembowski | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone:
Component: Profiles | Resolution:
Keywords: |
------------------------+---------------------
Comment (by jdembowski):
Replying to [comment:12 jonoaldersonwp]:
> Let's separate out these concerns.
>
> **Firstly**, on principle, we shouldn't be making decisions which
negatively impact the experience and quality of life of our users, based
on frustrations we have with spam and abuse. As a user, if I've completed
my profile, I expect to be able to see my profile. Given that new users
won't be able to, that's a potentially confusing experience. We should
signpost that and explain the situation, or risk alienating new users.
Did I mention we're not FB, Twitter or anyone's shingle? I did right? ;)
I agree about setting expectations and what I am proposing will not in
anyway impact anyone viewing your profile if you are a new or experienced
user in the community. Being logged in is not a bar, it's a requirement.
If you want to add a notice to the profile page editor then I am good with
that.
> **Secondly**, the profiles pages are for whatever users decide they're
for. If they want to use them as their personal homepage, that's fine. If
they want to use it to advertise their consultancy services, fine. With
the exception of overtly 'spammy' scenarios, if they want to try and sell
their lemonade from it, that's fine, too. We should encourage flexibility
and ownership of use cases. That's good for our users, and good for
wordpress.org.
Nope, I totally disagree with that. See my reply to the first concern and
if a brief notice needs to reinforce that is needed then cool.
I honestly and not trying to be repetitive but this is the real point: The
profiles.wordpress.org pages are not anyones home page, it's not a social
media, it is not a shingle for promotion of any kind. It is not a SERP
quid pro quo for participation in the community and it is not a hosting
service for light web pages.
That is the reason that profiles.wordpress.org is such a quagmire of spam
pages. The number of fake, temp email logins created just for that purpose
outweighs the number of real users signing up for real support or
participation. I believe the signups on a daily basis is ~2,000 and I am
confident saying that only a quarter of those are legit.
> **Thirdly**, if our issue is the creation of spam accounts, we should
take steps to resolve that, rather than working around it at the expense
of our users. Why don't we use honeypots, or, e.g., Google's invisible
Recapcha system (with a ham/spam feedback mechanism, and a score threshold
for instigating additional requirements such as an image captcha)? There
are myriad options here to bag and tag these registration attempts before
they ever get anywhere near having a profile.
Again, I disagree. That just moves the solution from something that can be
achieved to something that will not accomplish anything.
Making the profiles.wordpress.org pages like the support/users in that you
need to be logged in will work. I can prove it: it works on those other
pages successfully. The spam target and business driver is
profiles.wordpress.org. Let's fix that by making it hide the fields save
the name and Slack handle ''unless you are logged in''.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/4696#comment:14>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list