Decide about E-Mail visibility in Bugzilla (spam)

Message

Post by **idl0r** » Fri Jan 08, 2010 7:23 pm

Dear Community,

you've surely noticed more spam, in case you have a bugzilla account.
Now you have the chance to vote for your favourite solution, see also
[bug=249123]spammers can read the email addresses of the users[/bug].

Jim6 · Post by **Jim6** » Fri Jan 08, 2010 7:44 pm

Voted: ALL addresses hidden to non-signed in

It's important that there's a strong CAPTCHA for registering as well though.

Perhaps set a time limit on accepting votes?

Post by **idl0r** » Fri Jan 08, 2010 7:45 pm

Jim6 wrote:Perhaps set a time limit on accepting votes?

Its set to 15 days.

Post by **robbat2** » Fri Jan 08, 2010 7:56 pm

Jim6 wrote:It's important that there's a strong CAPTCHA for registering as well though.

What's your definition of strong CAPTCHA?
The last public state-of-the-art in defeating reCAPTCHA is 5% success rate:
http://bitland.net/captcha.pdf

The last time we proposed CAPTCHA (for mailing list subscription confirmations), we actively got complaints from our visually impaired users.
http://thread.gmane.org/gmane.linux.gentoo.project/714

V-Li · Post by **V-Li** » Fri Jan 08, 2010 8:10 pm

Developer addresses should always be visible in my eyes. So I voted for obfuscation for non-logged in with exception of @gentoo.org addresses.

timeBandit · Post by **timeBandit** » Fri Jan 08, 2010 8:16 pm

Could addresses be HTML-entity encoded when displayed, as well? That would thwart most bots, I would think.

Post by **robbat2** » Fri Jan 08, 2010 8:22 pm

timeBandit wrote:Could addresses be HTML-entity encoded when displayed, as well? That would thwart most bots, I would think.

Nope, analysis of spambots have shown that they can pick up most forms of email obfuscation. Really, it's just regex.

jmbsvicetto · Post by **jmbsvicetto** » Fri Jan 08, 2010 8:33 pm

V-Li wrote:Developer addresses should always be visible in my eyes. So I voted for obfuscation for non-logged in with exception of @gentoo.org addresses.

I agree with Fauli.

Etal · Post by **Etal** » Fri Jan 08, 2010 9:03 pm

I voted for "ALL addresses hidden to non-signed in" because that seems to work.

When I first signed up for the gentoo bugzilla years ago, I soon noticed a large influx of spam in my spam folder (having 'a' as the first letter didn't help)

About a year ago, I needed to sign up for some KDE mailinglists, so I opened a new account and also set my KDE bugzilla account to point there. In that year, I haven't received a single spam message. I have significantly more activity in the KDE bugzilla than on Gentoo's.

The way they do it is that for all the non-logged-in users, only the name is shown. When the user is logged in, the name becomes a "mailto:" link.

As for the @gentoo.org addresses, although I'm not a developer, I think it would be better to hide them as well because unless it is required by policy to use the gentoo email on bugzilla, it might discourage people from using them and that would make things confusing. And if you're already checking for them, you could just as well add "(dev123)" after the name or something to distinguish them and give hint at how to contact.

Well, just my 2¢

yngwin · Post by **yngwin** » Tue Jan 12, 2010 12:45 am

idl0r wrote:you've surely noticed more spam, in case you have a bugzilla account.

Hardly. A good spam filter takes care of that.

Old School · Post by **Old School** » Thu Jan 14, 2010 4:33 pm

ALL addresses hidden to non-signed in

aidanjt · Post by **aidanjt** » Thu Jan 14, 2010 8:14 pm

I have another suggestion to add to the poll, hide non-@gentoo.org addresses except from those on the CC list (which should be hidden to non-authenticated users).

eccerr0r · Post by **eccerr0r** » Thu Jan 28, 2010 11:35 pm

I have a feeling if the spammer knows a bugzilla site has a lot of people going there, they will spend the effort for one person to sit there and solve the captcha puzzle and then automate the rest. So unless there's a captcha puzzle for *every* email query and/or post this won't work.

At least that's how I think my phpbb2 got captcha cracked despite not really getting much traffic. I knew my "custom" captcha would fail most bots but recently it too got hacked. Since every post is somewhat like an email, I'm sure it would turn off people from posting if I made every post require a captcha puzzle solve.

sigh... $*#@ these people who respond to spam, making spam lucrative!

Rhywek · Post by **Rhywek** » Sun Aug 29, 2010 6:13 pm

Looks like 98% of people want the change to happen, and hide the emails. So anybody knows if some solution will be implemented?

As a non-gentoo-dev, I would like my email to be invisible in bugzilla. There should be at least some option to hide it in account preferences, but there is none... :-(

Post by **idl0r** » Sun Aug 29, 2010 6:39 pm

Rhywek wrote:Looks like 98% of people want the change to happen, and hide the emails. So anybody knows if some solution will be implemented?

As a non-gentoo-dev, I would like my email to be invisible in bugzilla. There should be at least some option to hide it in account preferences, but there is none... :-(

Addresses will be hidden for not logged in users in bugzilla-3. There is currently no ETA, sorry.

Decide about E-Mail visibility in Bugzilla (spam)

E-Mail visibility in Bugzilla

Decide about E-Mail visibility in Bugzilla (spam)

Re: Decide about E-Mail visibility in Bugzilla (spam)