Checksum verification for quoted messages/posts

[OgNasty]

Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users.

This could be addressed by having a hash generated based on the content of a message, and then a checksum implemented to reject invalid quotes from being sent/reposted.

[mprep]

AFAIK theymos wanted to have quotes replaced with references to posts (something like what 4chan or similar image boards have) in the new forum software.

[Foxpup]

>>21856705
We can already do that. We don't, though, because just look how stupid it is. How is it even supposed to solve anything?

[OgNasty]

>>21856705
We can already do that. We don't, though, because just look how stupid it is. How is it even supposed to solve anything?

No, we can't.  You can take a PM quote from someone and change the quoted text, then forward it to someone else.  This is the type of scenario that would benefit from a method of validation.  

[mprep]

>>21856705
We can already do that. We don't, though, because just look how stupid it is. How is it even supposed to solve anything?

You can't preview the quote content without opening up the page the post is on though.

[Aventhe]

>>21856705
We can already do that. We don't, though, because just look how stupid it is. How is it even supposed to solve anything?

No, we can't.  You can take a PM quote from someone and change the quoted text, then forward it to someone else.  This is the type of scenario that would benefit from a method of validation.  

I would agree with you. I have had a friend who almost fell for a scam this way. This had happened some time ago and I can't recall the specific details.
I do remember however that the trade was meant to go down between 3 people, and the scammer created false quotes in the name of the second person as if they had written to them. Then these quotes were sent to my friend. Before he sent any funds, he contacted the first person just to verify things, only to then find out that he had been completely fooled by the details of the trade.

While it is a good idea, I do think that it would be too much of a hassle to introduce and maintain, and won't reduce the amount of scamming that is happening on this forum. However, I may be wrong.  

EDIT: An example of this

[celested]

Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users.

This could be addressed by having a hash generated based on the content of a message, and then a checksum implemented to reject invalid quotes from being sent/reposted.

I want to know how my posts are posted and monitored. Those articles are of interest to anyone. Readers will find it useful or not. Should there be clear rules for posting?

[alpha_wisdom]

Did you know that in qunatity like this direct string comparation with evaluation of character change like on github is more suitable implementation? It doesn't do more harm on processor to multiply one character of a string to compare on, literally checksuming is faster when you have to compare checksums of checksum of chceksum, otherwise it's pairwise more efficient if you can fit into L1

[Rizzrack]

Interesting feature !
I indeed see it working mainly with PMs because posts can be edited and if it's a longer post it would be modified (shortened) anyways.

Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users...

And when the checksum verifies show the title green like links:


I can see it's utility...

[OgNasty]

Interesting feature !
I indeed see it working mainly with PMs because posts can be edited and if it's a longer post it would be modified (shortened) anyways.

Users can currently send/post incorrectly quoted messages to assist in scams or discredit other users...

And when the checksum verifies show the title green like links:


I can see it's utility...

What a great and simple way to put my idea into use.  Thanks for posting this.  I like this implementation.  It's simple to see and if you weren't aware of it or cared, it isn't in any way disruptive.  When I think about how much money could have been saved from users falling victim to MITM scenarios with this feature, it makes me feel like this should be a fairly important feature that should be implemented either on this forum, or the new one.  It seems like so many of the recent forum changes have centered around turning users against each other as they compete for merit and trust, it would be nice if a feature was put in place to help protect those that need protecting instead of empowering users who advertise services to launder money for successful scammers.

[NeuroticFish]

And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)

I mean that it could be interesting as feature, but I don't think that it can be implemented correctly.
And maybe one easy way would be to just add a link/script that creates a popup so one can check for himself the original post and compare. (And yes, I said easy way, not perfect).

[Rizzrack]

To be fair mprep's mentioned option also sounds nice:

AFAIK theymos wanted to have quotes replaced with references to posts (something like what 4chan or similar image boards have) in the new forum software.

If you want to quote part of a post you can do it the same way you do it now, but it you want to show you did not edit the post you could use [>>21856705] or similar and the whole post will be quoted and title of the quote turns green. So it would NOT just show >>21856705

Also helpful for cases where the post is deleted afterwards and someone quoted it for reference. And if it's edited you can have 2 or more "green quotes", because it matched the post at the time of writing. Should not be too problematic I guess...
After a quick smoke I thought of tons of corner cases and sounds really troublesome to make this for posts. If it gets implemented I see it for PMs only...

For example:

User A makes a post
User B quotes him and checksum OK
User A edits his posts
User B edits his post and checksum is now NOT OK ?!

[malevolent]

After a quick smoke I thought of tons of corner cases and sounds really troublesome to make this for posts. If it gets implemented I see it for PMs only...

Ideally it would be optional for both forum posts and private messages, but with unverified private messages being accompanied with some sort of warning.

[Quickseller]

And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)

This would be possible to implement, even if someone wanted to quote part(s) of a post.

A person who wants to quote part of a post (or PM) could tell a tool which parts of the post (or PM) that he wants to quote, the tool could produce the exact text that should be copied (including its own implementation of "~snip~"), calculate the hash of the quoted message, and the source/reference of the message, and store this information in a forum database table (that is indexed by message ID). As long as the hash of the quote and message source match, the quote could be shown as verified.

So the original message would not need to be checked every time the new post is displayed. This would account for any possible issues regarding someone editing their post, breaking the quote verification. Although there could be a message displayed if a quoted message has changed since the verification request was generated.

[NeuroticFish]

And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)

This would be possible to implement, even if someone wanted to quote part(s) of a post.

A person who wants to quote part of a post (or PM) could tell a tool which parts of the post (or PM) that he wants to quote, the tool could produce the exact text that should be copied (including its own implementation of "~snip~"), calculate the hash of the quoted message, and the source/reference of the message, and store this information in a forum database table (that is indexed by message ID). As long as the hash of the quote and message source match, the quote could be shown as verified.

So the original message would not need to be checked every time the new post is displayed. This would account for any possible issues regarding someone editing their post, breaking the quote verification. Although there could be a message displayed if a quoted message has changed since the verification request was generated.

This would basically mean implementing an (over)complicated editor that can handle the quotes like this. I hope that you don't realistically expect that users will use other (external?) tools for this purpose.
I don't have hopes for a such editor get implemented. I think that getting the new forum running/live even without such a feature is more important. That's why I've proposed only something simple.

Of course, if somebody has the time and willingness, sky is the limit, and then we can probably have an editor that handles the quotes, have notification if the quoted post was edited, have versions of the quoted post (for various uses, including the use for correctly showing/handling older quotes)... but, again, I don't realistically expect this come to live.

[Quickseller]

And what happens when one quotes only a part of the post?
Or, even worse, what happens when one quotes an noncontinuous part of the post? (uses ~snip~ or similar)

This would be possible to implement, even if someone wanted to quote part(s) of a post.

A person who wants to quote part of a post (or PM) could tell a tool which parts of the post (or PM) that he wants to quote, the tool could produce the exact text that should be copied (including its own implementation of "~snip~"), calculate the hash of the quoted message, and the source/reference of the message, and store this information in a forum database table (that is indexed by message ID). As long as the hash of the quote and message source match, the quote could be shown as verified.

So the original message would not need to be checked every time the new post is displayed. This would account for any possible issues regarding someone editing their post, breaking the quote verification. Although there could be a message displayed if a quoted message has changed since the verification request was generated.

This would basically mean implementing an (over)complicated editor that can handle the quotes like this. I hope that you don't realistically expect that users will use other (external?) tools for this purpose.
I don't have hopes for a such editor get implemented. I think that getting the new forum running/live even without such a feature is more important. That's why I've proposed only something simple.

Of course, if somebody has the time and willingness, sky is the limit, and then we can probably have an editor that handles the quotes, have notification if the quoted post was edited, have versions of the quoted post (for various uses, including the use for correctly showing/handling older quotes)... but, again, I don't realistically expect this come to live.

The forum already implements something very similar via the quote button -- the button just quotes the entire message, and doesn't save the quote to the database (unless you post the quote, but if so, it would be saved as part of your post). To implement what I proposed, the current editor would need to be upgraded to take which parts of a message should be copied as an additional input.

[ibminer]

Odd. You all don't see any potential resource/performance issues here? Considering client-side would be a bad idea, this would be happening server-side to all posts/PMs.. using PHP or JS tools?

I believe I've seen theymos decide against things that would consume less resources than this idea would, while citing resources/performance as a reason.

Regardless of resources, verifying cherry-picked quotes is not something the forum should ever support because of some of the .. *uhm* snakes *uhm*.. around here, who like to pull things out of context and lie about others to smear their reputation. If you really think a feature like this is needed, which I don't, it should *at least* be done with only the entire contents of a message, or nothing at all... even then, full messages can be taken out of context over the course of a discussion as well.

While I'm sure having the forum "verify" cherry-picked quotes is something that would give a few people in this thread a boner, it also gives the false impression that the forum is supporting/verifying whatever that user may be falsely claiming about a cherry-picked quote, which could be completely pulled out of context.

On top of this, what happens when a PM is deleted by both users?... do we now have to keep the hashes of deleted PMs to verify, forever?... if not, 6 months after the verification has happened when someone goes back and edits the post that had quoted a "verified" [now deleted] message, modifies it, and hits 'save'.. what then?

I don't think it is a good idea and will not be implemented anytime soon, and I really don't see an overwhelming need for it at this point.. more harm than good seems to come from it.

[Quickseller]

Odd. You all don't see any potential resource/performance issues here? Considering client-side would be a bad idea, this would be happening server-side to all posts/PMs.. using PHP or JS tools?

Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

While I'm sure having the forum "verify" cherry-picked quotes is something that would give a few people in this thread a boner, it also gives the false impression that the forum is supporting/verifying whatever that user may be falsely claiming about a cherry-picked quote, which could be completely pulled out of context.

That is ridiculous. People post PMs and quotes of posts all the time. There are frequently questions regarding the authenticity of quotes when the original is not available. PM verification would remove that uncertainty.

The status quo is that someone can claim something was said via PM, and the person being accused can stay silent to pretty much guarantee they will come out unscathed. Mods rarely get involved in scam accusations, unless there are large amounts, or a lot of victims involved. If you can prove a PM was sent or received, you can trivially prove you have been scammed via PM.

On top of this, what happens when a PM is deleted by both users?... do we now have to keep the hashes of deleted PMs to verify, forever?... if not, 6 months after the verification has happened when someone goes back and edits the post that had quoted a "verified" [now deleted] message, modifies it, and hits 'save'.. what then?

If you are posting a verified PM, you are either the person who sent the PM or the person who received the PM. The PM would be public, so there would really be no reason to delete the PM. If a PM has been "verified", it would probably be a good idea to disallow the deleting of that PM.

[Rizzrack]

Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

Cookies can store a lot of stuff but BBCode is not one of them (as far as I know). So even if I did not take into account if this would be resource hungry and how much, it would most likely be done server side.

Coding an app is pretty easy, if you know what you are doing. Adding all the restrictions so it only functions as expected is the hard part most of the times.

We have several community projects like loycev.club and ninjastic.space to check quotes. And for all intents and purposes they can be trusted 99% of the time.

For PMs though a verification is doable IMO. Less corner cases, a bit more straightforward and significantly more manageable for the servers.

[Quickseller]

Verified quotes could be drafted on the client side, and the client could tell the server the portions of the message that are being quoted so it can verify its authenticity.

Cookies can store a lot of stuff but BBCode is not one of them (as far as I know). So even if I did not take into account if this would be resource hungry and how much, it would most likely be done server side.

It could be implemented as follows:
*Server sends the entire post to the client
*The end user edits the quote, removing the unwanted text. The client editor will automatically add in required disclosures
*The client sends to the server the index's that are to remain in the verified quote
*The server calculates the hash of the message based on the portion of the message that is to remain, plus any rules regarding disclosures that need to be inserted when a portion of a text is removed.

As an example, the following post could be quoted:

This is an important line.
This is an unimportant line.
This is an important line.
This is an important sentence. This is an unimportant sentence. This is important.
This line is important.

The above post could be edited to:

This is an important line.
<forum disclosure: a single line was removed from the quote>
This is an important line.
This is an important sentence.<[1]> This is important.
This line is important.
[1]- Forum disclosure - a portion of this line was removed

The original post could be seen as a 2D matrix.
When the client sends the post back to the server, it could send the following information:

post[0] - removed
post[3][30:64] - removed

The server could take the original post being quoted, and the response from the client to create what the client should have created. If someone were to modify something on the client side, the post will not verify.