Jump to content
BPAL Madness!

Forum Updates and News

  • entries
    33
  • comments
    70
  • views
    37,663

Contributors to this blog

On duplicate accounts

Sign in to follow this  
ipb

513 views

A few of our long-existing code tweaks are here for duplicate account detection. For the most part, we haven't done much with them. We've got a great set of members here, and most of our members wouldn't purposely make duplicate accounts. A few have made new accounts in the past when they've forgotten their logins or passwords, or who weren't able to get their account to validate properly, and that's ok. I was actually surprised at the number of people who PM'd me after last Sunday's reminder about duplicate accounts telling me that they'd made accounts but never used them. Kudos to you for letting me know & straightening it out! I really do appreciate it.

 

But, we've had some people that, for whatever reason, create duplicate accounts. Some of them do it to get around account restrictions (like the swaplifters I mentioned in my previous post). Others do it to troll, others do it just so they've got a sock puppet ("just in case").

 

 

So, we've had a bunch of tools. Some use cookies, some use IP addresses. Cookies are tiny files stored on your computer by websites in order to uniquely identify the user. They're what lets you stay logged into the forum even after you close your browser, and how amazon.com magically knows who you are when you go there. IP addresses (ofen just called "IPs") are assigned by your service provider. They're like mailing addresses - just like how mailing addresses tell the post office how to send your mail from the Lab to your home, IPs tell the server how to send your web pages from the host server (such as bpal.org) to your computer.

 

And I'll say it again: most people do not realize what all is recorded whenever you use the internet. Not to sound all "big-brother" like, but every click you make, every hotlink you make, every time you view anything, every time you log in to check your webmail, or log out of your amazon account... it all gets logged, and by multiple people. Your ISP. The ISPs along the route. The server. If the site you're viewing is database driven, likely that database as well. Nobody may be paying attention, but it's all there. This is standard practice, and we're no different.

 

 

Anyway, back to the point of all of this, I won't get into specifics as to how our duplicate topic tools work, except this:

 

IP addresses can vary between times of logging onto (especially for people who use dial-up internet, where you'll get a different IP each time you log-in to your ISP), and people can legitimately have the same IP (for instance, people who use AOL will often have the same IP, or people who work at the same corporation site, or people who use wireless). Cookies, however, do not. They're unique to your computer.

 

As a result, if someone comes up as a duplicate account on our cookie analyzer, it's given much more weight than someone who comes up as a duplicate account on our IP analyzers, and they will be contacted with a short and painless survey to get a brief idea as to what is going on. 99% of these people are legitimate - people who are using a computer lab or sharing a computer or signing into approved specialty accounts (such as the "switch witch" account), or again - people whose accounts weren't validating properly.

 

 

To date, there's only been one person who flat out refused to answer my questions about this. And people, these questions aren't rocket science. It's things like "Do you share your computer?" or "How do you connect to the internet?"

 

Though, I should correct my statement: she answered them on her duplicate account I found the answers to be questionably at best (there were alot of inconsistencies with what she claimed and what she answered). For instance, she claimed to have found the Lab through NALF (the North America Lush Forum, for those that aren't familiar with it - who is members-only for their "Retail Therapy" equivalent). She also claimed to use the same username everywhere. Well, you know what? It doesn't take more than 5 minutes to go to NALF and scan through their member list to determine whether or not the account exists there.

 

And I looked, because I am nothing if not thorough. If I am going to tell my moderators and co-administrator that we have a duplicate account - ESPECIALLY when it's a person that we (as a whole) do not have the best relationship with - I want to be damn sure that I have as clear an idea of what is going on as possible.

 

 

Because cookies is not enough -- just ask the Lab: Beth, Brian, and Teddy are all known to share computers and log in and out to get into the forum.

 

 

There comes a point in time where coincidences are stretched too thinly, and when the story I'm told by one account isn't holding up to examination, I have to use Occam's Razor: that the simplest explanation that accounts for all of the evidence is the most likely explanation.

 

 

 

And I'm not stating this to "argue my position". You can take this, or you can leave this. But I prefer transparency to what goes on around here, especially in something that has become so drama-riffic.

 

So here are the facts, as I see them, on anxious1 and her duplicate account usage. This is not a comprehensive list, as that would be quite long. First, a timeline.

 

Timeline:

(Unrelated) Mid April, anxious1 basically gets kicked out of NALF for breaking their e-tailer policies. A note, for those that aren't a member of NALF, that their e-tailer policies are very similiar to ours - especially . If you search for her username (also anxious1) and show just the posts, you'll see she made 12 posts, of which 1 was a negative review about a LUSH product. The rest were pimping her business.

 

On 6/12, anxious1 originally gets reminded about the e-tailer rules, which state that she cannot be here for just pimping her goods, and that she needs to participate in the forum as a whole and cannot use the forum to support her business.

 

In early July, we posted an announcement in Retail Therapy reminding e-tailers about our rules. This is unrelated to anxious1 - we'd just been noticing a bunch of e-tailers coming in to pimp their business.

 

On 7/21, she gets moved to the "e-tailer" member group, as she is continuing to break our rules.

 

On 7/26, after much discussion, this group (of which anxious1 is NOT the only member) has its ability to see most BPAL-related forums (including: Suggestions, Recommendations, Swaps, BPAL Chatter, TAL Chatter) taken away. This is unrelated to anxious1 and had been under discussion, off and on, for a few months. For clarification: here, I refer to restricting what the member group can view, not the member group itself. We've been using the e-tailer member group for over a year.

 

On 7/27, anxious1 creates the account "Testing123" from her home computer.

 

On 7/28, she PMs several of the e-tailers that follow our rules (and thus aren't even part of the "e-tailer" member group). I wouldn't be surprised if she also PM'd the individuals in the e-tailer group, but most of them left after we asked them to stop only posting about their products. Incidentally, I know this because these individuals contacted us.

 

On 10/17, we notice that there was a rather suspicious-sounding account ("Testing123") that was accessing some weird topic that one of the mods was looking at. The moderator who noticed the Testing123 does a quick IP-post search and finds out that the only person who has posted from that IP is anxious1.

 

On 10/17, I start working with our analyzing tools to see what's going on with those accounts, and to go ahead and do a sweep for duplicate accounts. (As you know, duplicate accounts are not allowed. So, the analysis on IPs and what not started happening then. It's a slow and painful process, because there's quite a bit of information to go through.) I also given both accounts vastly restricted forum permissions (the same permissions everyone who hasn't certified the original set of guidelines is in, incidentally).

 

Around 10/18, anxious1 obtains a third account. One of her customers had created a second account in July 05 (jasperzwrath) when she was having issues accessing our forum, and gives her the login because anxious1 "wants to check in the H&E thread". Incidentally, this individual came to me to tell me what happened with her duplicate account shortly after the duplicate account announcement was put up. It's important to note here that I can tell, by timestamps & IPs & cookies, which user (anxious1 or the original owner) accessed which topics. So when I say that anxious1 accessed, on this account, a topic, I really do know that it was her and not the original owner. And these duplicate accounts accessed more than the H&E topic - including some Recommendations, Suggestions (mostly for foody oils, incidentally, the very kind of oils she tends to sell), Swaps, BPAL Chatter, as well as the other perfume shops. The first four of those, to reiterate, anxious1 cannot access under that account.

 

By 10/18, the anxious1 analysis is more-or-less complete. The cookie analysis was incomplete, but the IP analysis showed that the vast majority of her posts (108 out of 112) were made at three IPs - two I identify as "Work" (being her Fortune 500, day job employer, which had 72 posts), one I identify as "Home" (being a typical broadband provider for the area). The other four posts were made from other places. Of these seven IPs, there are exactly THREE accounts with any traffic: anxious1, Testing123, and jasperzwrath.

 

By 10/19, the cookie analysis is complete. The cookies show that at the Work IP and the Home IP, anxious1 switched back and forth between jasperzwrath, Testing123, and anxious1 during the previous week. We'd also found three other accounts that used multiple accounts. All accounts get a PM & restricted access.

 

By 10/21, all outstanding accounts have answered the survey EXCEPT for anxious1 (who stated that "Are you saying that I have dual accounts? I do not and am not going to be subjected to questions" when we originally asked, and never did answer my questions). Despite not having a firm answer from anxious1, feel there's enough evidence between the IPs, the cookies, the statement from the jasperzwrath original owner, and inconsistencies with what Testing123 was saying and anxious1 was saying to call it a duplicate account. Incidentally, one of the inconsistencies that Testing123 had said is that she didn't know who anxious1 was, but that "she frequently visited the H&E topic".

 

 

 

If it was just an IP similarity, it could be a coincidence that someone works near anxious1 and happens to also live near her. It becomes less so when you take into consideration that the cookies are showing the accounts regularly share a computer, and nobody claims to share a computer. It's even less so when you have someone tell you that anxious1 was using their duplicate account. And less so when one of the accounts is flat-out lying in their responses (such as when Testing123 claimed to use Testing123 everywhere, hear about us via the NA Lush Forum, and when checking, there's no member with the ID "Testing123" there).

 

 

Note that here, I have not said a WORD about how anxious1 runs her business, though there are two blogs that I've seen that sort of talk about it. I am ONLY commenting on our duplicate account policy and a little bit about how we uncovered one specific duplicate account.

 

 

And, if you're still reading this, I applaud your ability to listen to me ramble.

 

I'm sharing all of this for several reasons:

  • First and foremost, I do think people need to know that we can, and do, identify duplicate accounts, and that in most cases (thus far), it's nothing major. Nobody that has been honest and up-front with us have been warned for making this mistake.
  • Secondly, I want people to realize that when we bust someone for having a duplicate account, it's not just a matter of two IPs matching. It involves a pattern of traffic (both in IPs and in cookies), personal discussion with the accounts, and some fact-checking.
  • Finally, with the to-do with anxious1 being suspended, I thought people should know what happened. And that at the end of the day: she was suspended not for the e-tailer violations (though it was a consideration in the duration of the suspension), not for the creation of the duplicate accounts... but for lying about using other accounts, about misleading us via one account, and for trying to claim that it was all one giant coincidence.

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×