Tag: Spam

Block Comments by EricJ on mst3kinfo.com

If you're a longtime reader of Satellite News (mst3kinfo.com) like me, you know that it's got a pretty good comments section, except for two things:

  1. A particularly obnoxious and persistent troll by the name of EricJ who insists on pissing in everyone's cornflakes; and
  2. A bunch of other posters with poor self-control who insist on responding to him.

And so, in the tradition of my Hide Techdirt Comments script, I've written a userscript that will block EricJ and replies that quote him. Works with Greasemonkey, Tampermonkey, and presumably any other similar userscript plugins that may be out there.

If there's anybody else who bothers you, you can add other usernames to the blacklistedUsers array, too.

And ordinarily, I wouldn't even name the troll I was talking about, because the entire point here is that you shouldn't give trolls the attention they crave -- but I figure you know, this post might prove useful to other Satellite News commenters, so I should probably put his name in it so that maybe somebody will find it while searching for a way to block all comments from, and replies to, The Original EricJ on mst3kinfo.com.

Enjoy.

// ==UserScript==
// @name          Hide Satellite News Comments
// @namespace     http://corporate-sellout.com
// @description	  Hide comments on mst3kinfo.com, based on user
// @include       http://www.mst3kinfo.com/?p=*
// @require       http://www.mst3kinfo.com/wp-includes/js/jquery/jquery.js
// ==/UserScript==

// List of users whose comments you want to hide --
// you can add more names to this list, but let's be honest, you want to block EricJ.
const blacklistedUsers = [
  'The Original EricJ'
];

const $ = jQuery;

// Comment class
// Constructor
function Comment(node) {
  this.node = node;
  this.nameBlock = $('.comment-author > .fn > a', this.node);
  this.name = this.nameBlock.text();
  this.quotedUserBlock = $('a[href^="#comment"]', this.node);
  
  this.quotedUser = this.quotedUserBlock.length === 1
    ? this.quotedUserBlock.text()
    : '';
}

// Functions
Comment.prototype = {
  constructor: Comment,
  
  check: function() {
    if(
      blacklistedUsers.includes(this.name)
      || (this.quotedUser !== '' && blacklistedUsers.includes(this.quotedUser))
    ) {
      this.node.remove();
      return true;
    }
    return false;
  }
};

$('.comment').each(function() {
  const cmt = new Comment($(this));
  cmt.check();
});

License

I'm not a lawyer, but my opinion as a programmer is that this script is too short, simple, and obvious to be copyrightable. As such, I claim no copyright, and offer no license, because none is needed. Use it however you want, with the standard disclaimer that it comes with absolutely no warranty.

Hide Techdirt Comments

Updated 2022-02-28: Updated script for the new Techdirt comment engine.


Updated 2021-04-30: Fixed a bug that was preventing some replies from being hidden.


Updated 2019-09-11: Minor update because the site layout has changed slightly and the old version was no longer working.


Updated 2019-04-11: General cleanup; change to OOP.

Remove some techniques that are no longer needed since recent Techdirt update; add handling for some new types of predictable troll behavior.

Better blocking of flagged users who aren't logged in.


Updated 2018-08-19: Hide comments that have already been hidden by user flagging (this is mostly useful if the hideReplies boolean is set true).


Updated 2018-08-15: Added hideLoggedOut. If set true, then the script will hide any user who isn't logged in, unless their name is in the whitelist array.

Added hideReplies. If set true, then when the script hides a comment it will also hide all the replies to the comment.

If you set both hideLoggedOut and hideReplies to true, then the Techdirt comments section gets much quieter.


Updated 2018-08-09: Some doofus has been impersonating me. Script will now automatically flag and hide posts by fake Thad.

In addition to hiding posts if their subject line is too long, the script will now also hide posts if the username is too long. Additionally, the script can automatically flag posts if the subject or username exceeds a specified length.

This thing's gotten complicated enough that I think it's probably subject to copyright now. I've added a license. I chose a 3-Clause BSD License.


Updated 2018-06-20: Ignore mixed-case and non-alpha characters.


Updated 2018-03-06: Fixed case where usernames inside links were not being blocked.


Updated 2018-03-04: Added function to hide long subject lines, because some trolls like to write manifesto-length gibberish in the Subject: line.

There is now a maxSubjectLength variable (default value: 50). Any subject line exceeding that length will be hidden. If you reply to a post with a subject line exceeding that length, your reply's subject line will default to "Re: tl;dr".


Updated 2017-07-12: Added @include.


In my previous post, I mentioned that I spend too much of my life responding to trolls on Techdirt.

With that realization, I whipped up a quick Greasemonkey/Tampermonkey script to block all posts from specified usernames.

// ==UserScript==
// @name          Hide Techdirt Comments
// @namespace     https://corporate-sellout.com
// @description	  Hide comments on Techdirt, based on user and other criteria.
// @include       https://www.techdirt.com/*
// @require       https://c0.wp.com/c/5.9.1/wp-includes/js/jquery/jquery.min.js
// ==/UserScript==

const $ = jQuery;

// Boolean settings:
// if true, hide all posts from users who aren't logged in
const hideLoggedOut = true,

// if true, hide all replies to hidden posts
  hideReplies = true;

// List of users whose comments you want to hide -- collect 'em all!
const blacklistedUsers = [
  'btr1701',
  'Koby',
  'Richard Bennett'
],

// If an anonymous post begins with one of these strings, hide it
blacklistedStrings = [
  'out_of_the_blue',
  'Nothing to hide, nothing to fear'
],

// List of users whose comments you don't want to hide
whitelistedUsers = [
  'Chip',
  'Thad'
];

// global variable for storing gravatars of non-logged-in posters who have been blocked
let blockedGravatars = [],

// global variable for storing comments that aren't hidden
comments = [];

// check all non-hidden comments for a blocked gravatar
// (check each time a gravatar is blocked)
function checkCommentsForBlockedGravatar(blockedGravatar) {
  for(let i=0; i<comments.length; i++) {
    if(comments[i].gravatar === blockedGravatar) {
      comments[i].gravatarBlocked = true;
      comments[i].removeComment();
    }
  }
}


// Comment class
// Constructor
function Comment(node) {
  this.container = node;
  this.body = $('> .comment-body', this.container);
  this.nameBlock = $('.comment-author', this.body);
  this.name = $('> .fn', this.nameBlock).text();
  this.linkNode = $('> .url', this.nameBlock);
  this.loggedIn = this.linkNode.length > 0
    && this.linkNode.attr('href').startsWith('https://www.techdirt.com/user/');
  this.gravatar = $('> img', this.nameBlock).attr('src');
  this.gravatarBlocked = false;
  this.flagBtn = $('.report-button', this.body);
  this.alreadyHidden = this.container.hasClass('flagged');
  this.alreadyFlagged = this.flagBtn.hasClass('has-rating');
  this.postContent = $('.comment-content', this.body).text().trim();
  
  // If I click on the "Flag" button, remove the comment
  var that = this;
  that.flagBtn.one('click', function() {
    that.removeComment();
  });
}

// Functions
Comment.prototype = {
  constructor: Comment,
  
  checkForBlockedGravatar: function() {
    if(this.loggedIn) {
      return false;
    } else if(this.gravatarBlocked !== true) {
      // only need to find gravatar in blockedGravatars array once;
      // once this.gravatarBlocked is set true, then it will always be true.
      this.gravatarBlocked = blockedGravatars.includes(this.gravatar);
    }
    return this.gravatarBlocked;
  },
  
  blockGravatar: function() {
    this.gravatarBlocked = true;
    blockedGravatars.push(this.gravatar);
    checkCommentsForBlockedGravatar(this.gravatar);
  },
  
  removeComment: function() {
    if(hideReplies === true) {
      this.container.remove();
    } else {
      // replace comment with 'removed'
      // -- because replies will still be visible, this is necessary
      // so you can tell there's a missing post that they're replying to.
      this.body.text('removed');
    }
    if(!this.loggedIn && !this.gravatarBlocked) {
      this.blockGravatar();
    }
  },
  
  badStart: function() {
    for(let i=0; i<blacklistedStrings.length; i++) {
      if(this.postContent.startsWith(blacklistedStrings[i])) {
        return true;
      }
    }
    return false;
  },
  
  check: function() {
    if(
      this.alreadyHidden
      || this.alreadyFlagged
      || this.checkForBlockedGravatar() === true
      || blacklistedUsers.includes(this.name)
      || (this.loggedIn === false && hideLoggedOut === true && !whitelistedUsers.includes(this.name))
      || (this.name === 'Anonymous Coward' && this.badStart())
    ) {
      this.removeComment();
      return true;
    }
    return false;
  }
};

$('div.comment').each(function() {
  // skip comment if it's already been removed
  if(document.contains($(this)[0])) {
    const cmt = new Comment($(this));
    if(cmt.check() === false) {
      comments.push(cmt);
    }
  }
});

License

Copyright 2017-2021 Thaddeus R R Boyd

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Further Thoughts

(Note: The script was much smaller when I originally wrote this part of the post.)

This is a blunt instrument; it took about five minutes to write. It lacks subtlety and nuance.

Blocking all anonymous posters on Techdirt is not an ideal solution; most anons aren't trolls. (Most trolls, however, are anons.) I apologize to all the innocent anons blocked by this script.

I could make the script more precise. Techdirt's trolls are creatures of habit with certain noticeable verbal tics (more on that below); if I had a good parser, I think I could whip up a scoring system that could recognize troll posts with a high degree of accuracy.

The question is, how much time do I want to spend on that?

On the one hand, "five minutes in a text editor" is the appropriate amount of time for dealing with forum trolls. Anything else seems like more effort and attention than they deserve.

On the other hand, it's a potentially interesting project, I've always wanted to spend some time studying natural language processing, and any programming project is time well-spent if it teaches you a new skill.

So I haven't decided yet. Here's the script as it stands, in its initial, blunt-instrument-that-took-five-minutes form. If I update the script, I'll update this post.

Chip Tips

Lastly, as I can no longer see anonymous posts, this means I will likely have to give up my beloved sockpuppet, Chip, the man who hates all government regulations and loves to eat leaded paint chips. To anyone and everyone else who wants to keep the spirit of Chip alive, you have my blessing to post under his name.

A few tips on how to write as Chip:

  • Never use the backspace key.
  • Remember to add random Capital Letters and "quotation marks" to your posts, in Places where they "don't" make Sense!
  • Most sentences should end with Exclamation Points!
  • I told you So!
  • I have "lots" of Solutions! So many I can't Name a single "one"!
  • Sycophantic Idiots!
  • Every Nation eats the Paint chips it Deserves!

Boy, my regular readers are going to have no fucking idea what I'm talking about in this post.

Come back tomorrow; I plan on having a post about online privacy that should be a little less niche.

Calandra Vargas Won't Stop Spamming Me

In 2006, I made a mistake.

I was working for a small company in north Phoenix. (That was not the mistake. ...Well, actually, it was, but not the one I'm here to talk about today.) And I represented that company in a networking group of local small businesses.

One of the people in the group was Sam Crump. I'm not used to using people's real names when I tell stories like this, but Sam's a public figure, so I'm going to go ahead and make an exception in this case.

Sam owns a law firm. I can't tell you anything about it from personal experience, but I hear good things.

And in 2006, Sam decided to run for the state legislature.

Sam's politics are not my politics; he would later describe himself as a "Tea Party Republican," though people weren't calling themselves that yet. I wouldn't have voted for him. But I liked him; he was a nice guy, and so when he asked us all to join his mailing list, I went ahead and wrote my E-Mail down.

Never put your E-Mail address on a political mailing list. Not for a politician you agree with, and certainly not for one whose views you find appalling. No matter how much you like him as a person.

Now, I don't know for sure that Sam or his people sold or gave away my E-Mail address to some group that collects E-Mail addresses for various fringe Republican candidates. It could be just a coincidence. But it's an E-Mail address I don't give out to a lot of people, it's the only E-Mail where I regularly get right-wing spam, and it just so happens that I started getting right-wing spam at that address after giving it to a local right-wing politician. Maybe whatever godforsaken list that address got put on got it from someplace else. But if I had to guess, I'd say they got it from Sam.

In the past, I've gotten spam for Arizona political candidates including Pamela Gorman and Joe Arpaio. But the latest politician who won't leave me the fuck alone is a woman named Calandra Vargas, who is running for Congress in Colorado Springs.

I have never set foot in the state of Colorado.

In fact, I've explained that to Ms. Vargas, or whoever's reading her inbox (if anybody), multiple times, in between clicking the Unsubscribe link at the bottom of her E-Mails.

The campaign's response to my first unsubscribe request, a few weeks ago, was to send me three more fucking E-Mails. When I got them, I clicked the Unsubscribe link again, and sent a reply letting Ms. Vargas, or whoever's reading her inbox (if anybody), know that if I received any more E-Mails from her campaign I would report her to the FCC for violating the CAN-SPAM Act.

I got another E-Mail from the Vargas campaign today.

Calandra Vargas is a politician, so she's probably not used to dealing with people who keep their promises. But I'm a man of my word, and I filed that complaint. And if I hear from her again, I'll file another one.

Here's the FCC's guide to reporting spam. If you're getting unsolicited E-Mails from politicians who won't let you unsubscribe from their lists, they're breaking the law.

AOMEI is a Spammer

From: Doris
Subject: AOMEI Freeware Review Invitation (corporate-sellout.com contact form)
06/11/2016 11:15 PM

Dear admin,

This is Doris from AOMEI Technology Ltd. I am writing for inviting you to evaluate our free backup and restore software - AOMEI Backupper Standard, the simplest free backup software. It has been upgraded to version 3.2 now, supporting Windows 10, Windows 8.1, Windows 8, Windows 7, Vista, and XP.

As a freeware, our Backupper has many advantages which most of other free backup software lack, such as incremental backup, differential backup, schedule automatic backup, create bootable media, PXE boot tool, dissimilar hardware restore and file synchronization etc.
Download Link: [direct link to an executable file]
Learn more: [some generically-named website]

Could you please spare your precious time to test and review our freeware? Or could you please take a look at that and pass on your comments to me, any of your suggestion will be much appreciated.

I am eagerly looking forward to your reply.

From: Thad Boyd
Subject: Re: AOMEI Freeware Review Invitation (corporate-sellout.com contact form)
06/13/2016 10:01 PM

What's that, Doris? You want to know if I'd be interested in writing up a nice blog post about how AOMEI Technology Ltd. is a dodgy company that advertises its products by spamming people's contact forms? Why, I would LOVE to!

E-Mails and Passwords

So the other day I decided it was past time to reset all my passwords.

I'm pretty good about password hygiene. I've been using a password locker for years, with a unique, randomly-generated* password for every account I use. But I'll admit that, like most of us, I don't do as good a job of password rotation as I might. That's probably because I've managed to amass over 150 different accounts across different sites, and resetting 150 different passwords is a giant pain in the ass.

(I'm thinking that, from here on in, I should pick a subset of passwords to reset every month, so I never wind up having to reset all 150 at once again. It would also help me to clear out the cruft and not keep logins for sites that no longer exist, or which I'm never going to use again, or where I can't even find the damn login page anymore.)

There was one more reason I decided now was a good time to do a mass update: I've got two E-Mail addresses that have turned into spam holes. As I've mentioned previously, I'm currently looking for work and getting inundated with job spam; unfortunately I went and put my primary E-Mail address at the top of my resume, which in hindsight was a mistake. Never post your personal E-Mail in any public place; always use a throwaway.

Which I do, most of the time -- and that's created a second problem: I've been signing up for websites with the same E-Mail address for 15 years, and also used to use it in my whois information. (I've since switched to dedicated E-Mail addresses that I use only for domain registration.) So now, that E-Mail has turned into a huge spam hole; it's currently got over 500 messages in its Junk folder, and that's with a filter that deletes anything that's been in there longer than a week. My spam filters are well-trained, but unfortunately they only run on the client side, not the server side, so any time Thunderbird isn't running on my desktop, my spam doesn't get filtered. (If I'm out of the house, I can tell if the network's gone down, because I start getting a bunch of spam in my inbox on my phone.)

So now I've gone and created two new E-Mail addresses: one that's just for E-Mails about jobs, and another as my new all-purpose signing-up-for-things address.

My hope is that the companies hammering my primary E-Mail address with job notifications will eventually switch to the new, jobs-only E-Mail address, and I'll get my personal E-Mail address back to normal. And that I can quit using the Spam Hole address entirely and switch all my accounts over to the new address. Which hopefully shouldn't get as spam-filled as the old one since I haven't published it in a publicly-accessible place like whois.

Anyway, some things to take into account with E-Mail and passwords:

  • Don't use your personal E-Mail address for anything but personal communication. Don't give it to anyone you don't know.
  • Keep at least one secondary E-Mail address that you can abandon if it gets compromised or filled up with spam. It's not necessarily a bad idea to have several -- in my case, I've got one for accounts at various sites, several that I use as contacts for web domains, and one that's just for communication about jobs.
  • Use a password locker. 1Password, Keepass, and Lastpass are all pretty highly-regarded, but they're just three of the many available options.
  • Remember all the different devices you'll be using these passwords on.
    • I'm using a Linux desktop, an OSX desktop, a Windows desktop, and an Android phone; that means I need to pick a password locker that will run on all those different OS's.
    • And have some way of keeping the data synced across them.
    • And don't forget that, even with a password locker, chances are that at some point you'll end up having to type some of these passwords manually, on a screen keyboard. Adding brackets and carets and other symbols to your password will make it more secure, but you're going to want to weigh that against the hassle of having to dive three levels deep into your screen keyboard just to type those symbols. It may be worth it if it's the password for, say, your bank account, but it's definitely not worth it for your Gmail login.
  • Of course, you need a master password to access all those other passwords, and you should choose a good one. There's no point in picking a bunch of unique, strong passwords if you protect them with a shitty unsecure password. There are ways to come up with a password that's secure but easy to remember:
    • The "correct horse battery staple" method of creating a passphrase of four random words is a good one, but there are caveats:
      • You have to make sure they're actually random words, words that don't have anything to do with each other. Edward Snowden's example, "MargaretThatcheris110%SEXY.", is not actually very secure; it follows correct English sentence structure, "MargaretThatcher" and "110%" are each effectively one word since they're commonly-used phrases, the word "SEXY" is common as fuck in passwords, and mixed case and punctuation don't really make your password significantly more secure if, for example, you capitalize the beginnings of words or entire words and end sentences with periods, question marks, or exclamation points. Basically, if you pick the words in your passphrase yourself, they're not random enough; use a computer to pick the words for you.
      • And this method unfortunately doesn't work very well on a screen keyboard. Unless you know of a screen keyboard that autocompletes words inside a password prompt but won't remember those words or their sequence. I think this would be a very good idea for screen keyboards to implement, but I don't know of any that do it.
    • There are programs and sites that generate pronounceable passwords -- something like "ahx2Boh8" or "ireeQuaico". Sequences of letters (and possibly numbers) that are gibberish but can be pronounced, which makes them easy to remember -- a little less secure than a password that doesn't follow such a rule, but a lot more secure than a dictionary word. But read reviews before you use one of these services -- you want to make sure that the passwords it generates are sufficiently random to be secure, and that it's reputable and can be trusted not to snoop on you and send that master password off to some third party. It's best to pick one that generates multiple passwords at once; if you pick one from a list it's harder for a third party to know which one you chose.
  • Of course, any password is memorable if you type it enough times.
  • And no password is going to protect you from a targeted attack by a sufficiently dedicated and resourceful attacker -- if somebody's after something you've got, he can probably find somebody in tech support for your ISP, or your registrar, or your hosting provider, or your phone company, or some company you've bought something from, somewhere, who can be tricked into giving him access to your account. Or maybe he'll exploit a zero-day vulnerability. Or maybe one of the sites you've got an account with will be compromised and they'll get everybody's account information. Password security isn't about protecting yourself against a targeted attack. It's about making yourself a bigger hassle to go after than the guy sitting next to you, like the old joke about "I don't have to outrun the tiger, I just have to outrun you." And it's about minimizing the amount of damage somebody can do if he does compromise one of your accounts.
  • And speaking of social engineering, security questions are deliberate vulnerabilities, and they are bullshit. Never answer a security question truthfully. If security questions are optional, do not fill them out. If they are not optional and a site forces you to add a security question, your best bet is to generate a pseudorandom answer (remember you may have to read it over the phone, so a pronounceable password or "correct horse battery staple"-style phrase would be a good idea here, though you could always just use letters and numbers too -- knowing the phonetic alphabet helps) and store it in your password locker alongside your username and password.
  • You know what else is stupid? Password strength indicators. I once used one (it was Plesk's) that rejected K"Nb\:uO`) as weak but accepted P@55w0rd as strong. You can generally ignore password strength indicators, unless they reject your password outright and make you come up with a new one.

* For the purposes of this discussion, I will be using the words "random" and "pseudorandom" interchangeably, because the difference between the two things is beyond the scope of this post.

Spam

I just deleted 2.8 fuckloads of spam referrals from my stats and banned the sites responsible.

In the off chance that I accidentally deleted a site I shouldn't have, let me know.

If you don't want your site to be banned, then never, ever directly link my stats page.

Not a Bubble-Gum Gang Leader Like Rest of Slovakia

The rain never quite hit us yesterday. But it sure smelled divine for about twenty minutes.

But none hit Sky Harbor Airport, which, as that's Phoenix's weather center, means we're technically still in our dry spell. This is day 142.

On another note, what's the deal with ICQ?

You remember ICQ. It's the redheaded stepchild of IM networks. It was big in the late '90's when it was the only game in town besides AIM, but has long since been displaced by MSN and Yahoo. Of course, the fact that AOL bought it out probably hasn't done it any favors either.

The weird thing about ICQ, as compared to the other networks, is the amount of random contact I've received.

A few years back, my ICQ account was inundated with porn spam. That's died down, but just the last couple weeks I've started getting weird random contacts from China and eastern Europe.

A sample:

(08:45:10) 264737669: hi
(08:46:46) 264737669: hey homie
(08:46:50) 264737669: write to me
(08:47:13) 264737669: i´m not a bubble gum gang leader like rest of slovakia

Now, my ICQ number's been relatively easy to find for the past...Jesus, has it been seven years already? Probably seven years. (Just for perspective, my ICQ number is seven digits, compared to the nine on my Slovakian friend's.) So my question is...why the hell have I just now started getting these messages? Where has my account number been recently posted to attract the attention of bubble-gum gang-leading Slovakians?

And on another topic, what genius decided Gaim should display ICQ numbers by default instead of nicknames? In the rare event that somebody I know drops me a message, I generally don't know who the hell it is, even if he's on my list under a nickname.

The world may never know. But at least somebody's asking the right questions.