Hand Says No

  • February 3, 2023 12:22 PM CST
    "Hand says No !". Idea: As we are social sites we want to protect our members an sites from the naughty people and groups / businesses. Legally their is no law saying that media site have to share details of banned members to other media sites. Bad people travel to and from other sites being naughty and that is a problem. This in itself is a problem for sites. Solution: What if We ourselves create and share a banned register. This way we can create an international MUA (mutual Understanding agreement) between ourselves. We each agree to share members details and info of reason for being banned (upon request). So if a bad members is banned from my site and wants to join your site, you can can check members name with my list and if they are on it you can quickly ban them from your site before any issues arise. "sorry "Hand Says No !" These people / groups / busineses could be scammers, criminals, abusers or other bad ??? This MUA isnt just for Banned people, but could also be a way of verifying members ID. If a person has one id on my site but a different id on another then that is a red flag. We have to ask WHY ? Benefit: as we are required to secure and protect, this MUA would increase our security and protection standing with Law enforcement, and show that we have in place a system to keep our sites secure not just from local bad people but international bad people. Bonus points i would think. The MUA Register would not be a big list that we log into but we each keep a list and we then ask each other if a particular person / group or business is on it. Thoughts anyone ?
  • February 3, 2023 12:56 PM CST
    So, in principle we can improve our site and member security by sharing data.

    What Data could we share:
    Names, location (if possible), IP address, contact details (if possible) Image / photo of banned member. Reason for ban.
    1, Bad members.
    2, Bad companies / businesses
    3, scam / fraud / crime activity

    Most times, scams and crime start in one place and spread to other sites and global locations. This way we can warn each other of scams (or similar scams / activity) and fraud so your admins or "marshalls" can be on the lookout and put a stop to it before it spreads



    If we each create a secret "marshalls" group on our sites then marshalls can be faster informed and aslo share to each other marshalls group.
    This in turn will strengthen and tighten our securtiy.

    How ?
    Each site has a way of either closing a members account or not allowing a member to log in to the account without deleting the account.

    So instead of creating an actual list / register, The member account will still be on site but not visible to other members.

    Also we can look-up members by either email, ip address, name, so retrieving the account will not be a problem.

    How do i as site 1 admin check site 2 for data.
    Answer, i dont access site 2. I simply contact site 2 admin and ask for a member check.
    This way we do not compromise other site security and integrity by accidently uploading virus or going into systems we have no business being in and damaging the site.



    The purpose of this MUA. (mutual understanding agreement)
    To create a "global catch net" to catch bad elements before they do harm on our sites, however small or large the site.

    For a site to have trust, not just in the public eye but in law enforcement also. It is this (if we think long term) that will create the respect and apreciation of all people and companies to the point that people (indviduals and families) and businesses will in time seek to join our sites, not just because we are popular, but because we are a safe place.



    Mikel.
  • Leader
    February 3, 2023 2:12 PM CST
    @MikelCoreclark, thank you for creating this thread! I'm looking forward to reading your ideas!
  • Leader
    February 4, 2023 9:28 AM CST
    In principle, your "Hands Say No" premise has sound reasoning and great potential. My first thought is climbing the hurdle of Terms of Service. When I created my TOS through Website Policies, there were a gazillion questions you have to answer about your website and one of the question sets included third party access and analytics.

    I did answer "no" to third party, but the analytics was referring to Google Analytics and similar programs that may be linked to your website. The analytics part was very specific and the third party questions popped up in random places between the TOS and Privacy Statement.

    I believe this can be implemented as long as we are compliant with our TOS and Privacy rules up front at the time of registration, compliant with any country laws and that any time we change or adapt these rules we reflect the change with proper notification.


    Link to Website Policies website:
    https://www.websitepolicies.com/
  • February 4, 2023 10:05 AM CST
    Hei.



    In this example for "hand says no" in regards to TOCs and third party analytics, links to or from sites. There will be no physical links between sites.



    The process is this.
    Site 1: would like to know if a particular person or business has been banned from site 2.

    process 1: Site 1 admin would send a request (onsite message, email or phone call) to admin of Site 2.
    Site 2 admin would check their site for this person (via ip, email, name, location) then will reply to request (onsite message, via email, phone call) and give the result (banned or good to allow).
    If banned then give reason why.
    The information doesnt need to be in any great detail, just a simple member "Banned" for the reason of ???
    Or Member "good to allow" No issues found.

    This way, personal information is not being passed around.



    Process 2: (Optional)
    If we (each site) creates a "marshalls" group, then each site can have a dedicated admin who can join each site "marshalls" group so that a sharing of (scam, fraud or other unlawful activities) can be shared. Again, no physical connection between sites.



    So in reality, we are a group of sites sharing requested information about banned members that could cause possible harm to other members on other sites also preventing online crime.



    This is allowed under US law and GDPR (as it is in UK law and GDPR).
    GDPR (in simple terms) states that a sharing of member information is allowed under GDPR under the principles of member safety and civil and criminal law and the protection of the nations security.



    mikel.
  • Leader
    February 4, 2023 11:11 AM CST
    I like both Site 1 and Site 2 functions.

    In the states, at least in some states, when an employer calls another employer to verify employment, the employer verifying employment history is only allowed to say, "yes, this person worked here". Beyond that you can get in potential lawsuit territory. So I do like the simple "yes and no", part of a member's history, if sharing between admins.

    Good to know about the UK's laws and I'll send in inquiry to Website Policies as they are lawyers for any compliance that needs to be considered for the US.
  • February 4, 2023 5:15 PM CST
    I will pass on this. I also will pass on sites doing this as I don't want my info shared due to where I work and how many times I am accosted to come to this site or that site or help here or there, etc. I also have concerns as my life has been threatened more than once. I don't want my location shared, my email shared, etc. Site Marshall? No thanks. I like both of you, don't get me wrong, but I don't know who your "marshals" will be nor do I trust many people to keep my data safe. What if your marshal decides they don't like "Betty" and so they go to every connected site and blacklist her, give out her info, etc. Poor Betty did nothing wrong but she's banned everyplace now and her info is out there for all these places to see. Sorry, I don't want to rain on any parade or idea.



    FYI, we did this before to pirates. I was sorta well known in the anti-piracy arena at a social script. I had over 2gb of data on pirates (software pirates). A friend and I did take-downs of their sites, posted details on each pirate since they were doing illegal stuff and it was easy enough to find if you know how, etc. We had a site set up under different names, private registration. Then I got my life threatened, they threatened my daughter (they had found her address), they posted sites I was on and those sites were hacked.



    If you do this, be prepared for those sort of consequences. I learned the hard way.
  • Leader
    February 5, 2023 9:40 AM CST
    @Techi Jedi, you outline very serious ramifications of creating site to site communications, and the consequences that could go wrong in so many areas. Thank you for taking the time to share your concerns and I'm sorry if in writing your post you had to relive a bit of the stress you went through during the pirate stalking.

    I do agree with your example of Betty, there's a long history of poor social behavior and lack of integrity of moderators and even admin's that have practiced the unethical behavior of making life hell for a member that didn't do anything wrong, except for maybe disagreed on a point. I've seen it a lot over the years and I don't like it, which is why I strongly believe in unbiased moderation. It's a tragedy for members to suffer harm or be bullied because they stuck up for what they believe in, and because it's not of the general belief of the core members, that member experiences the repercussions as you described. Almost like a virtual social stoning.

    My initial concern with a Marshall program all goes back to privacy which I clearly outlined in my above post. As webmasters, it's ingrained in us to protect the members privacy, and even my TOS clearly outlines privacy requirements along with what the member can expect here at FR or any of my other websites in terms of privacy rights. The fact that this type of program is presumed to be in existence, in development or a program similar to this is in practice at many websites, now requires me, as admin to clearly state my position. In short, I follow the guidelines of my TOS, state and any countries guidelines on privacy. My TOS clearly states what information I collect of any member and their rights. My websites are created for social engagement and the only three items I need at registration are: user name, birthday date (COPPA check) and email address. Any other information beyond that is private to the member, unless they chose to share where they live or how many horses they own. All of their posts and data belong to them and they chose what is seen and not seen. As I mentioned in my above post, the example of employment verification in my state of Texas, is pretty cut and dry, and the law prohibits questions beyond verifying if the person was employed at said business. To me, the Marshall program puts a third party element to it, which in my TOS, I clearly state there are no third party affiliations in ANY of my websites.

    One of the reasons that I believe niche websites have challenges in taking off is because of the trust level as you described in your concerns. I think a lot of people envision a creepy website owner and tend to not join and remain at the bigger websites because they know who owns them, or they think they know who owns them. I do get that to some extent, but the flip side of that is the bigger websites are highly commercialized and member information is shared in ways they can't imagine. Smaller websites, in many ways, that are owned and operated by conscientious and caring people are where I'd rather be posting. These websites are more personable, and the webmasters/Admins have more interest in their members overall experience and most often are totally willing to continue to improve the experience if at any point a member expresses a suggestion for a change in some way to make the website better.

    To maintain any sort of privacy on a mega website, you would have to keep up with their TOS often and make sure to opt out anytime something new is added to keep yourself from being vulnerable from third-parties or unexpected changes. Which also brings up the point that, as Techi Jedi mentioned concerns of sharing member information with other websites, that to me is considered a "third party violation" of a TOS unless that is a clearly stated practice in a websites terms of service. I know I'm being repetitive on this one issue of third-party, but I want to be clear, as I believe this is a core issue with this type of program.
  • February 5, 2023 2:28 PM CST
    I'm afraid I don't have anything to say about this at this point, purely and simply because it's a lot for me to take in and digest, but I will keep reading and try and make it clearer in my head.

    Thanks,

    Mark
  • February 5, 2023 4:51 PM CST
    By the way, I got my Website Policies from the same website!

    Mark