We’re thinking of adding a new limitation on our free Write.as plan, mostly to reduce the amount of spam / abuse we get on the platform. Ideally, it won’t affect most people. But I’d love to get your feedback here!
Read more:
As a free user; I object fully to the rate-limit as stated in the announcement.
I feel there are other, less invasive ways to control spam that don’t require treating our non-paying users like second-class citizens. The limitation proposed, is significant; particularly since you show a willingness to drag that number down even further due to spammers beyond the control of an everyday user.
While 8 is a significant limit, that is generous; I actually propose that you do not rate limit by some hard-coded value; but rather use something more adaptive and flexible; such as the age and some moderation value that only site moderation can manage to determine if a user has a rate-limit.
Perhaps newly registered accounts might need to deal with the 8 post limit for an unspecified amount of time. Maybe limit or delay the publication of new entries of posts containing suspicious links or such…paying users would need not deal with that limit.
It might be useful also to simply require a minimum account age to publish hyperlinks anonymously; or to publish them on a user’s blog in general.
In essence I would advise the creation/improvement and implementation of moderation and report tools before setting a hard limit.
If you’re experiencing abuse of features; I’d say prevent new signups from abusing it first to see how well that curtails bad actors; who often won’t put in significant effort.
Thanks for your input! You’re right, there might be smarter ways to do this. Maybe we can have it only apply to non-registered users, or only to new users created after the date we introduce the limitation.
We have many guards in place today to curtail abuse – some that are similar to the things you’ve mentioned. But I’d like to only make changes that avoid making the product worse; spammers shouldn’t be able to ruin the platform for everyone else. So we need to find a change that lets people continue using the platform as they were before, while reducing the amount of time our small team has to waste on moderating abusers.
I’m not sure if adding moderation tools will solve everything:
- They’re easy to get around. Since it’s possible to publish without an account, and we don’t track people who do, we can’t prevent these individuals from posting by adding moderation tools.
Otherwise, spammers have no problem creating several accounts that they can switch between and post from. They can hold on to accounts for days or months and then later come back to them (indeed this is a normal tactic). - They require that we spend a significant amount of time responding to abusers’ changing tactics. Every few weeks, we already have to take an entire day to update lists of abusive posts and block any new tricks people are using. Very little customer service or development gets done that day; our resources are drained even more.
- They need to ultimately deter abusers and make it so we’re no longer a worthwhile platform for them to spend time on.
So we need a solution that also solves these issues. But I’d like to know from you:
- Do you think you’d hit the 8 post-per-day limit?
- Either way, what kinds of things do you normally post? (I’ve been assuming most people publish maybe once or twice a day at most, so it’d help to know this.)
I don’t personally post so often as to hit said limit often; but I’m certain that an average and more prolific social media user might, and thus decide write.as isn’t as useful as they thought.
Mostly I’m using the service to extend my Mastodon account; when it makes less sense to post across multiple 500 character posts; when I’m posting something that’s much longer and needs a larger character limit.
Thus I blog infrequently; but could foresee instances where the 8 post limit would be a severe limitation when I need to discuss many things in much more detail than current character limits would allow directly on Mastodon.
Someone who is a lot more active than I; which is a large percentage, my activity is much below average; would likely bump into this limitation a lot more and be quite a bit confused and upset that suddenly their entries aren’t federating to Mastodon or posting. I don’t believe most users would understand why suddenly federation or posting stops on/after their 8th post; and spammers would just adapt to that limitation by creating more accounts and making them harder to catch in the act.
So any measures taken to halt abuse or spam should be done in ways a spammer probably wouldnt work around.
Perhaps there could be tools in place that would slow down or stop posts. Expanding the small team of mods may also be necessary.
Possibly introducing compounding delays could be useful; the first few may federate immediately or nearly immediately…while posts that are beyond that maybe take about an hour or two before they’re picked up and federated; giving mods time to notice new spam or for other systems in place that may be able to scan and detect spam.
As an example that comes to mind is that the first 8 posts go out immediately. the 9th delays for 5 minutes, the 10th for 10 mins, 11th for 20 mins, the 12th for 40 mins, the 13th for 80 minutes and so on…
By doubling the delay before a post goes fully open, you cost the spammers time; and an actual person will still be able to post out more without actually being able to flood timelines or post listings somewhere. Plus it’s less invasive.
Additionally imposing increasing delays between submitting new posts might be useful. For example a timing curve might make it so that no free account can make more than X posts in a day before experiencing a delay in excess of a day.
I don’t think that anonymous posts going through some sort of trainable spamfilter and/or Moderation Queue would be a bad idea. Mods need only see a post if a filter either didnt catch it and it was reported or if the filter sees something but isn’t 100% confident.
Perhaps the ability to make an anonymous (and public or unlisted) post could require a certain number of posts (maybe 2 or 3) made under their username. Posts made under some username/handle could simply be truly unlimited; as is stated in the free user plan.
Only anonymous posts need be subject to rate limits or delays in general; but only if a particular user has gone well enough beyond a reasonable amount of posts.
I can give some input on how much I publish everyday and it’s probably less than 2, considering a full week. I am not a heavy user but I imagine that someone blogging would post once per day per blog that he or she owns.
Disclaimer: I am not a free user.
And I don’t think it would be absurd to limit the amount of posts for the free accounts. If this limitation will make it easier to block abusers of the platform, I think it’s not the end of the world.
I believe in contributing for a good service and I know that there are real people behind Write.as working to keep it great.
In reality, I didn’t know real people from the Write.as team were having to manually filter spammers!
I think the limitation is reasonable.
2 Likes
Well, it might sound crazy but add mandatory step-two verification through authenticator apps like Authy or Google Authenticator. That way we might see less spammers around. You can use the APIs of Authy to plug in to their system as I have seen many other websites doing it. Though this won’t be sufficient but it will be effective to some extent.
1 Like
Thanks for the input, everyone. To address some things:
This is definitely a good use case for Write.as, and I know others use it in a similar way. But even then, the assumption is that there’s an upper-limit to how many 500+ character posts most people are creating in a day. And even if someone ends up getting close to the imposed limit, there’s always an out: subscribing to our cheapest plan. Write.as is (assumedly) pretty useful to them at that point, so hopefully they don’t mind paying just $12 per year to have the limit lifted completely (and helping fund our efforts to keep the service online).
We would ensure that the limitation is clear in the Features list on the site and whenever someone hits the limit, so there wouldn’t be any confusion. It’d also let people know how they can get around it.
And account creation is much easier for us to moderate / slow spammers down on. Plus we have plenty of abuse filtering in place there that we just can’t apply on anonymous posts.
That is our goal, to quietly take care of these things so you don’t have to worry about them 
and indeed it’s what part of your subscription goes toward (thank you!)
This is an interesting idea – I wouldn’t want to add it as a mandatory step because of how technical it is (my parents probably couldn’t figure it out), but it could eventually be a good option for people who don’t want to upgrade.
Thanks again for your feedback. Right now we’re still looking at all the options and trying some other tactics to reduce abuse on the platform. So for now, we aren’t implementing any new changes to the free plan. I’ll let everyone know if that changes, and in the meantime, anyone else should feel free to weigh in here.
2 Likes
While I’m fine with monetization as a means to keep the server paid for and such; I believe that crippling your free tier in such a way is excessive. Just because you don’t foresee free users bumping a limit doesn’t mean that they wont. A fixed posts-per-day limit should be extremely generous even given the low amount that is likely to be used. The limit prescribed was generous but much too low. I hope that if you ever do feel the need to seriously reconsider the options laid out in the original blog post; that you do not place your limitations so low so as to force a subscription from a user just because their usage patterns may be above average.
A usage pattern far above average is very fair game for investigation for abuse; especially on a free tier of service. I do want to underscore how important it is that you combat abuse at the front; which is, as you said, at account signup where you register a user. CAPTCHAs are simply a Necessary Evil.
Existing humans should need not fear anti-spam measures taken, unless they are abusing the service and causing issues for other users or the service in general.