Moderation options for group chats
tracked
JuniperDawn Resident
It would be great if you could implement a keyword blocker for groups to help combat the spam of groups by bots. Like the phishing sites or the Lygon accounts begging for money. If we can block certain words from being used in chat, Maybe it shows a message instead when trying to use blocked words like "This group has limited the use of certain words" It would save a lot of less tech savvy people from losing their accounts when clicking fake marketplace links or supplying the 100L beggars with more free groups to continue spamming.
Log In
Bavid Dailey
I am not happy that my request 'Please implement option to neuter URLS in group chats' was merged into this request.
My proposal was intended to be a small effort, high value way to address an urgent issue, with minimal UI changes.
It was intended to make URLs harmless, not deter annoying idiots asking to borrow 100l$. A quite different scope
This proposal, of blocking by keywords, is not something I would support, I have both implemented and been a user of systems that do this and it has always been a high maintenance irritation.
And that, even with the power of reguler expressions to limit the unintended consequences - as in flagging 'brestfeeding' because the word 'breast' is blocked. Regular expression block lists are not practical for a general UI in a Second life viewer.
Spidey Linden
Merged in a post:
Please implement option to neuter URLS in group chats
Bavid Dailey
There's been a rash of spam malware postinsg in many groups that I am a member of, followed usually by a torrent of SCAM warning and the like, which of course ruins the conversations in the group chat. Yet nothing deters the spammers, they just keep coming. I am proposing that a group option should be made to 'neuter' urls in group chats , that is make them unclickable. In the case the u rls is legitimate it can be copied and pasted in a browser, so nothing much is lost, except for the spammers
Zanya Resident
Limiting URL posting to certain roles in a group as determined by the group owner is such a basic security feature it's a wonder why it hasn't been there from the start.
Beatrice Voxel
Other viewers (such as Alchemy) are prefacing links to SL domains with the SL "hand" logo. It's a start, at least - users of these viewers at least see when a link goes someplace legit.
I do think that (if it could be coded) restricting link-posting to group roles would be another useful option. Perhaps a domain filter also, such as for primfeed, flickr, youtube, or other popular services (allowing others to post links to these domains in addition to LL domains, but nowhere else.)
Zanya Resident
Beatrice Voxel Agreed on limiting it to certain roles. That alone would eliminate 90% of the spam outright while causing minimal disruption to the regular users.
Moo Boo
This has been an issue in SL for longer than I can remember and the majority of other social media platforms have long ago implemented counter-actions to combat malicious links shared on their services, why haven't Second Life?
Guys, implement a restraint for URLs in group chats already.
Possibly tie it to role permissions so CSR and PR can still post links while filtering out the unnecessary spam of those unauthorized.
misstoriblack Resident
Why would you click and URL someone you do not know sends you ?
More importantly why would making it "non-clickable" be somehow better ?
Caelan Whimsy
misstoriblack Resident Some people don't stop to think or read before they click, especially when the spam looks like a link to a great freebie. Yes, people should know better. But not everyone does.
Kathrine Jansma
misstoriblack Resident It is a common issue in shared systems that external links might be dangerous. And various solutions to it, outright banning them is one solution, making them unclickable another solution, feeding them through a proxy page with a warning like "Warning, this link leads to an external page, not part of ...." is a third one. Or automatically send them through some security filter to filter out the trash.
LL could even add some shortcut option for links to the LL run marketplace, or SLURLs, that stay clickable, e.g. stuff on a known-good list only.
misstoriblack Resident
Kathrine Jansma LL is already introducing an popup that would warn you about a hidden link. A plain explicit URL should be clickable. It's literally a usability issue if it isn't.
If people are stupid enough to follow a link and enter their credentials, it's a tough way to learn about trusting a stranger but a necessary step for them to learn.
Zanya Resident
misstoriblack Resident And what happens if that one person's account gets hacked and now the hacked account sends the same link to everyone on their friend list?
The problem with victim-blaming is that you don't seem to realize these kinds of issues usually have fallout.
misstoriblack Resident
Zanya Resident So basically, punish everyone for one's stupidity... great solution !
Kathrine Jansma
misstoriblack Resident That is a valid argument, but the security community tried it and found that your argument doesn't work, not even in regulated environments with trained professionals.
e.g.
"Stop trying to fix the user"
"The User is not the Enemy"
and so on.
How could it work in a casual environment like SL?
Btw. the next step up for this kind of attacks is the QR-Code-Injection, which sends a phishing link disguised as a QR code, just in case anyone wants to allow images in chat.
Kathrine Jansma
misstoriblack Resident One could also argue differently. Why does SL not implement FIDO2/WebAuthn/Passkeys instead of passwords and TOTP? That would instantly kill all those phishing links trying to look like the SL login page or the marketplace. Why burden the user with technically inferior solutions?
misstoriblack Resident
Kathrine Jansma I'm all for FIDO2/Passkeys/ etc. TOTP are a good start but I'm pretty sure nobody use them since they are a pain in the ass...
However FIDO2/Passkeys are kinda obscure to people. For example I use KeypassXC for passkeys cause I can have control over my data. I do not trust windows or mac or whatever OS level or browser level system. It's a recipe to loose your passkey in my opinion.
Kathrine Jansma
misstoriblack Resident TOTP is basically the current SL two factor authentication system. But that doesn't help against phishing.
The passkey argument is kind of valid, but it is a trade off between loosing passkey access vs. loosing accounts to phishing, which might be positive for passkeys for many.
Cuddles Supply
I'd rather have a permission under group roles that only allows users in a role to post messages containing URLs and let group owners make a permissions change.
If the only change is to make links in lick able, spammers can still spam and victims would have to copy and paste a link. Not much of an improvement.
Caelan Whimsy
Cuddles Supply True, the spam would still be there. But having to copy and paste the link makes people actually look at it and maybe realize it isn't real.
AnnieLamourVrai Corvinus
This issue has been ongoing for years. It should never be a thing.
Lucia Nightfire
Proposed back in the day: https://github.com/secondlife/jira-archive/issues/2593
JuniperDawn Resident
Lucia Nightfire Hopefully now 9 years later they might reconsider.
hinaichigo Xaris
This is a great idea!
Not just for preventing phishing, but also for blocking other types of spam and inappropriate language.
Load More
→