I wonder how can shadowban work at all to begin with. It only takes 10 seconds to open a public thread in an incognito window and confirm if voting, commenting, etc indeed happened as the commenter intended or was it only happening in a private echo chamber.
One way I fixed this in a small gamedev forum I help maintain was by letting users view shadowbanned comments created by the same IP. There's still the chance of the user using Tor/VPNs, but it's rarer.
Shadowban is not perfect by all means, but it's still a good deterrent in my experience.
IP-based recognition is annoying for people leaving in third world countries[1] though, because there little IPV4, they are many behind the same NAT.
Also, with tethering it's really easy to circumvent, without needing a VPN.
[1]: IIRC, the whole Laos only has a /32 subnet… yes you read it right: a single IPV4 address for end entire country. And many country only have a few /16.
I was intrigued enough to look it up. According to[1], Laos has 54,784 addresses. The smallest is Santa Lucia, with a /24. North Korea and Dominica have a /22.
(Apologies if I'm getting that number wrong. I don't do much with subnetting.)
Please read my message again. I'm not restricting anything and there's nothing to be circumvented, it's about letting unlogged/anonymous users view more stuff to deter detection of shadowbanning.
Maybe “circumvent” isn't adequate here (not a native English speaker), what I meant is that's easy to bypass your countermeasures: post from my computer, and check from my phone if my comment is visible, if not I shadowbanned.
And regarding third world country, your idea doesn't prevent them to access the website, but they will access a site where the shadowbanning feature is pretty much disabled, which could lead to the proliferation of trolls or spam targeted at this specific country.
If this ever happens I can just change my approach. It helped me a lot so far. I'd rather have an approach that is currently working on >99% of the cases I need than chase some hypothetical 100% solution that is virtually impossible to achieve.
This doesn't make any sense. Most IPv4 addresses change every day if not multiple times during the day. I guess you can only filter the dumbest of the dumbest this way. And if someone has the wit to open an incognito window it doesn't take a genius to notice that he can only see the same day's comments.
There's a lot more involved in my case than that, but suffice to say it worked well in the forum I maintain, so your intuition disagrees with my practical experience. And yes, my trolls/spammers are dumb.
There are two different classes of user. One class checks those things and knows that their post didn't go through. (That doesn't apply to voting, though—that's important.) A second class of user doesn't check and doesn't know. That second class tends to be more naive spammers or promoters, and shadowbanning works well in those cases.
It's useful with the more sophisticated class too, though. If they have to start fresh with new accounts, it slows them down and makes what they're doing more obvious to the community.
I guess it works well against non-malicious jerks. They come, they don't get the social reward they are expecting, and leave. And maybe later they will retry but with a better behavior.
And maybe the malicious/non-malicious ratio is low enough to make this method efficient.
