this post was submitted on 19 Jun 2023
163 points (99.4% liked)

Lemmy

2172 readers
9 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to [email protected].

founded 4 years ago
MODERATORS
 
  1. I create a well crafted post to a normal site that gets 10.000 upvotes.

  2. I change the URL to a malicious site.

  3. ??????

  4. Profit

you are viewing a single comment's thread
view the rest of the comments
[–] BombOmOm 25 points 1 year ago* (last edited 1 year ago) (4 children)

The url and title should both be locked after a post. The contents should be free to change, that way updates and such can be posted if necessary.

Comments can continue to work as-is, there is a similar danger there, but it doesn't matter nearly as much.

[–] deweydecibel 28 points 1 year ago* (last edited 1 year ago) (2 children)

Title should be editable for at least a few minutes after a post, up to maybe an hour at most. Anything after that, it becomes a method of slipping shit past the community by masking it as something else, or changing it down the road to fuck with search engines.

Also, it increases the amount of work mods have to do by not only monitoring new submissions but having to continuously monitor old ones for edits.

At the very least, edits to the title should not overwrite the original after a short grace period but instead be considered "alternative" or "additional". You can add onto it (i.e. Update: Cat has received scritches), but you can't alter the original.

I know we all hate Reddit for obvious and understandable reasons, but not everything it did was stupid. This is one of those things where the restriction was to both protect users and prevent abuse, not just because Reddit is mean and doesn't like users.

[–] joyjoy 4 points 1 year ago

Moderators should be able to edit post titles. Something configurable per community.

[–] T156 1 points 1 year ago

Maybe have it be something that can be set per instance/community, and/or up to operators/moderators, like how downvotes are currently configured?

That way, mods that don't mind it can allow it, and ones that don't want it can remove it.

Although some way to be able to check and revert changes would probably also be handy, just in case of a malicious/accidental edit, whether due to a malicious user/operator/moderator, a bot going rogue, etc.

[–] MarsAgainstVenus 10 points 1 year ago

Maybe have a 5-minute window to allow for typo corrections and such. Otherwise, yeah. This could become dangerous.

[–] T156 5 points 1 year ago

Maybe something like a 5-minute update window? That way, you can fix issues with it, before it's locked for good.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Titles being editable is really useful. So many posts have misleading titles, causing posts to have to either get removed or flaired (I don't think we have an equivalent of flairing yet).

Plus, unless we're prohibiting editing the body or even comments within posts, it has similar risks to editing the title or URL. Though the post URL is the one most likely to get clicked and thus is the highest risk.

It is something tooling could help detect. Moderator tools could detect posts changing the URL and flag the post for review. The general idea of spam filters apply well here. Spam filters aren't just for completely preventing spam, but also for flagging potential spam. We could train spam filters on diffs of comments so that they can recognize when posts seemed to have completely changed in a way that we'd classify as spam.

[–] T156 1 points 1 year ago

But at the same time, letting the title be edited can also cause problems later on, especially if it's something that can be used to feign support, or something along those lines, on something a bit more malicious.