If you follow either the Perl Dancer community or the Sinatra one, you may be aware of what happened yesterday: some unknown individual posed as different members of the Sinatra core team on CPAN ratings in order to trash Dancer. The comments posted were rude and clearly intented to harm the project or the people involved with it.
It’s not the first time Dancer is the target of an unknown individual (who always sends his attacks anonymously), we already experienced that whenever a news was posted to HackerNews about Dancer. But this time, the attack was more aggresive, 5 different accounts were created in a row on Bitcard to downgrade the CPAN ratings average of Dancer. Furthermore they used the names of known people in the Sinatra community, in order to make it look even more harmful.
But what was the result of that? Well, it turned out to be one of our most productive and positive marketing action since we launched our advent calendar. Yes. Because our first reaction when this came to our attention was to contact the Sinatra community, in order to check out with them if they were related to that or not.
Tunred out they had clearly nothing to do with this childish attacks, and were even as offended as we were that Sinatra could be associated to such low behaviour. In the end, the result of all this is an official statement from Sinatra saying that “Sinatra loves Dancer“. It has triggered a lot of very positive noise on Twitter for both Sinatra (who clearly appears to be a very classy community) and Dancer who benefits from the huge spotlight Sinatra gave. For this, I thank very gracefully the Sinatra community and more precisely Konstantin Haase.
Back from a CPAN author point of view, I wonder if we couldn’t make the CPAN-ratings system a bit more troll-safe. It is clearly very easy to create a bunch of accounts for poisoning on purpose a distribution. On the other hand, negative ratings should remain possible, otherwise the rating system would be useless (If as a CPAN author I delete all the negative reviews of my distributions, I alter the reality). I understand it’s a tricky design issue to solve, but I think we should spend energy on it.
In our case, we had the chance to be part of a very noisy event, and that helped us to have some of the fake ratings removed, but what would have happened if your distribution had less spotlights? If you don’t have an active community to defend it? If you don’t know who to contact to have some abusing ratings moderated? Then you’re vulnerable to trolls.
Maybe the following points could enhance the ratings system (feel free to comment on them):
- add a “Report abuse” link on the rating items, in order to be able to ask easily for moderation
- downgrade/hide/moderate any ratings that have a very high proportion of negative votes (like 1 of 20).
- prevent multiple accounts creation in a row: if the same IP address creates more than X accounts in the same time window, something suspicious may be happening, maybe we could block that IP for a while, like a day, …
- Another idea is to allow CPAN authors either not to appear on the CPAN-ratings page, or to reset their ratings (all of them)
I’m sure there are lots of other options. Feel free to comment on that. Maybe we could use also some sort of “reputation score” like StackOverflow does in order to enlight the ratings by revelance.