Hello, I’m observing the discussion and I had some thoughts on that
topic even before the proposal. I’m going to sum that up. For the
background: I was a lead admin/mod of a big forum between early 2000s
and 2017, including users’ ability to upload files, and enforcement of
files being uploaded to the forum. We had policy of permitting anonymous
posting, which we managed to retain with only a sole major exception.⁽¹⁾
ptpb.pw, a public paste service formerly popular in Arch Linux
community, got abused to literal death. 0x0.st, currently very popular,
must rely on abuse limiting and moderation features, including
smortnet-based detectors and preemptive IP address blocking. It’s
balancing between tedious work and discrimination. I don’t think Arch
has human resources for the former, and I’d not speak for the latter.
ptpb.pw was brought to its knees by targeted misuse,⁽²⁾ not random
spam bots. So features like “prove you use Arch” or unexpected form
fields are useless.
The only purpose I can see is for the Arch forum only. There is no
reason for it to be used for text, as the forum already has
[code][/code] tags. What the forum misses is the ability to upload
screenshots. Coupling with the forum resolves multiple issues:
• Abusive uploads mitigation is weaved into already existing
moderation with close to no additional effort. Works well enough for
EEVblog forum, worked well for the one I administered.
• Since pictures are only expected to be displayed in web context,
during high abuse periods additional mitigations are available through
cookies and further enforced with frame-ancestors CSP.
Not bulletproof, if somebody is truly determined, but that kind of
services fall victim of convenience, not imperfect security.
I believe it was Polarian, who extensively discussed trustworthiness.
Referring to those responses: this isn’t the kind of trust we’re talking
about. The problem with external paste services is twofold:
1) Fora aren’t only exchange media, but primarily collaborative effort
to produce knowledge base. That content is meant to last. If a thread
becomes split across multiple services, it rots, its parts disappear and
it becomes useless garbage.
2) There exist honest services donated to the community. But the
majority has different intentions and I see no reason to expose users
to them. Post authors can’t be trusted to make the right judgment: they
use whatever big brand they recognize. It also creates trouble for the
forum itself. If the goal isn’t service itself, the moment owners can’t
squeeze enough pennies from it, the images are replaced with ads.
Usually it’s mild, but in my life I also had to answer “what this naked
lady does with a horse” regarding a hotlinked photo.
The trustworthiness in this case means avoiding those two issues.
Cheers, mpan
____
⁽¹⁾ During a 2-day long CSAM uploads attack.
⁽²⁾ It was abused as storage area and exchange point for third-party
application specifically designed to interact with this pastebin.
