moderated Re: Limit number of group aliases #suggestion


 

Bruce,

>>>
Premium/Enterprise groups can create an unlimited number of group aliases. Those names become unavailable for others to use. As GIO grows, this strikes me as increasingly problematic. Someone with malicious intent could even create hundreds just to fleece the system.
<<<

That can be/is a possibility but the good mitigating factor to that is that group aliases are not available in free groups so it would mean someone would have to pay $220 for a year (or monthly) in order to be able to do that "DNS parking", which lowers the probability it could happen.

But you are right, it can.  However,

>>> On that basis I'd like to suggest that 5 group aliases should be more than enough.

5 is too low IMO; regardless of retro-application of it or not, you would be handicapping certain types of groups which use the aliases for what they are useful over here, search keywords for finding the group***, and also prevent "competitors" from causing unnecessary group-related headaches.  For example, see attached, this printer hardware user group of mine, it covers the whole MicroDry (MD) line of ALPS printers plus re-branded ones.  As such, you can tell the aim/intent in my alias names, and by virtue of the whole model line +, it has to be big.  I'm sure there are other types of similar-purpose/function groups that do this, not just me or my type of group only.  I've also done a similar setup on another group which is a Special Interest Group which builds airliner model kits exclusively.

*** (I do know about the group description "hidden-text" trick but many don't)

But I have a relatively simple and easy suggestion to alleviate the concern without altering anything on current group aliases' functionality.  Here's the thing; alias creation/editing is an infrequent task, it may spike after (and a bit after) group creation, but after that, it should be relatively quiet; or the corollary, it may not happen until some time in the group's future and then go quiet again, same end result.  The point is, for all groups, any generated auditing data related to alias editing is not really going to be a large amount, therefore impact should be minimal/very-small on that end.  So,

- Create a "new"* table/place, GroupAlias_ActivityLog or whatever. (* "new" could be a literally-new one or use an existing table like the ActivityLog if it can support this)

- Add a few lines of code to the group-alias-deletion part, so it saves the pertinent info to the GroupAlias_ActivityLog, at the very least date & time, GroupID of where the alias was deleted from, OwnerID of that group, UserID & IsMod/IsOwner status of the person who did the deletion, and the alias text/pointer/whatnot; plus anything else that can be of use for this.

That's it, for now.  This would create the infrastructure needed and would start logging deletions.  Then we figure out how to get the warning light to blink.  My suggestion would be to create a reporting/trend-analysis script/job that at some specified interval depending on how quickly Mark would want to be given a heads-up.  It would compare all the group names that have been newly-created during that interval against the name of any GroupAlias_ActivityLog deletions during that same interval.  Also do a second same comparison but since-beginning-of-auditing-data this time.

1. If the count of matches (interval-only or since-beginning-of-log-data) is 0 all is kosher.

2. Otherwise break down the distribution of that count data based on the combinations of who did what and when, both for just the interval and since-beginning-of-log-data.  For example, how many new groups were created during the two timeframes:
- by the same owner, and the owner was the one who did the alias deletion. (more-or-less OK I'd think)
- by the same owner, and a mod was the one who did the alias deletion. (could point to the mod being cheeky/sneaky/whatnot, unbeknownst to the (possibly AWOL or non-savvy) owner)
- where the new group owner is neither the owner nor a mod of the alias-deleted group. (could be suspect)
- where the new group owner is a mod of the alias-deleted group and the owner was the one who did the alias deletion. (more-or-less OK I'd think)
- where the new group owner is a mod of the alias-deleted group and the mod was the one who did the alias deletion. (could be suspect)
- relationship between new group owner and their group membership in the group where the [owner/mod] alias deletion took place, or a member of any group of said owner/mod. (could be both I think)
And so on, you get the idea, whatever we may think could/would be suspicious.  For example, if the same group owner/mod seems to be consistently deleting aliases only for those to show up as new group names (at any point in time now or later on), by consistently totally unrelated people (i.e. they are not in a group the owner/mod are in), that would definitively be worth IMO having a look at, even if a cursory one at the very least.  It could be innocent (as me for example releasing and giving gratis one of the aliases in my example above to a "competitor" if I wanted to), but it could also be something more sinister afoot, including Bruce's concern, in which case some setup like this should help alert and eventually catch the perpetrator(s).

Cheers,
Christos

Join main@beta.groups.io to automatically receive all group messages.