Anonymous followups to anonymous questions April 16, 2011 2:36 PM   Subscribe

Would you ride this anonymous AskMe pony?

Hey everyone!

I was curious what the mods' and the community's thoughts would be on allowing anonymous AskMe questioners to post anonymously in their question thread?

Anonymous posts often concern rather sensitive matters and sometimes call for some clarifying information from the OP. I've recently seen a couple askers out themselves in anonymous threads to post additional info that answerers were asking for, defeating the whole purpose of posting anonymously. (Normally, I would post examples, but in this case I'll refrain in the interests of not further spreading what may or may not have been an accidental breach of anonymity.) The mods, of course, are able to post followups which they are emailed into the threads, but that sounds like kind of a pain in the ass for them (maybe not; I don't know) and is rather slower for the asker and the answerers than the ability to post straight into the thread.

I can see how the incentive of only being able to post followups only publicly would be a check against the rising number of anonymous questions. Could we correct for this and retain the utility of anonymous followups by limiting the number allowed per question? Would that also correct for the other potential blowback, the possibility of flamewars w/ one user in anonymous stealth mode when a question goes sour?

What do you think? Is this a pony we should ride round the pasture, or does she buck and bite in ways I ain't thought of?
posted by EatTheWeek to Feature Requests at 2:36 PM (33 comments total) 3 users marked this as a favorite

Matt likes the idea, but apparently the implementation is a little harder.
posted by Phire at 2:49 PM on April 16, 2011

Oh dang, I thought I dug deep enough into the past questions. Didn't look hard enough - my bad.
posted by EatTheWeek at 2:53 PM on April 16, 2011

The current way for anonymous askers to update their question (with relevant info, an update, or to answer specific questions-in-reply) is to use the Contact form to email the mods, who will then relay the response into the thread.

I imagine the only reason it doesn't happen more is that anonymous askers don't know that's how to do it. Maybe if that avenue were utilized more frequently there'd be a bigger impetus to implement a dedicated solution.
posted by carsonb at 3:16 PM on April 16, 2011

Basically when we've looked at this in the past, finding a way to allow people to do this while still having the questions be truly anonymous in the database seemed like a lot more work than us doing the updating. I sort of feel that people who are "outing" themselves are not reading either the Ask a Question page or the FAQ very clearly; it may be that this is a feature that other sites have and ours doesn't?

Could we correct for this and retain the utility of anonymous followups by limiting the number allowed per question?

I think your heart is in the right place here, but this is removing one obstacle while adding another. Any limit we set will be its own new problem.

So, speaking as the mod that does a lot of the updating, this isn't too onerous for me. Maybe pb [who is traveling today] or mathowie can speak to the hassle of coding an alternative.
posted by jessamyn (staff) at 3:32 PM on April 16, 2011

Thanks, jessamyn. That cortex comment Phire linked makes it sound like pretty much a nonstarter.
posted by EatTheWeek at 4:15 PM on April 16, 2011

I have asked one (possibly two, I can't remember exactly) anonymous question(s) in the past. I wouldn't do it again. If I needed to do an anonymous question in the future, I'd use a sock puppet. I really think this is what we should be encouraging people to do.

While I do read anonymous questions, it drives me crazy that it's so difficult to get followup info from the op's.
posted by marsha56 at 4:23 PM on April 16, 2011 [1 favorite]

I kinda like the idea of a username being attached to a question. Otherwise, I sometimes think that maybe...just maybe its a fake question.

It's impossible to know for sure that a question isn't fake. That doesn't even require anonymity; with a few exceptions where it's someone who I know well personally, I couldn't tell you for sure that any given question from any given user isn't a fabrication.

What we do is give people the benefit of the doubt, trust them to be decent and to respect the guidelines here, and deal with any conspicuous weirdness when and if it actually comes up.
posted by cortex (staff) at 4:25 PM on April 16, 2011 [2 favorites]

Personally I think that this would add enough utility that it would be worth a bit of effort to implement. Easy for me to say, not being pb, but it just seems like a whole lot of anonymous questions end up forever in the Unanswerable bin due to a lack of followup by the asker and I feel like that's kind of a shame. I know that it's possible to give followup by contacting the mods, but I've always strongly suspected that this is enough of a hurdle (whether due to ignorance, complexity, or just not wanting to filter one's personal problems through an intermediary) that in practice most people never do it.

Obviously there'd need to be some behind-the-scenes way to connect an anonymous question to its asking account, presumably by tagging the question and the account with some kind of serial number. I'm under the impression (correctly?) that this sort of information already exists, but that it's not in an obviously-visible place (even to the mods) and that they don't tend to dig into it without a specific reason to do so. I see no reason why that part of the equation would need to change.

I guess there would still need to be a fair bit of coding done both on the backend and in the UI to implement this kind of functionality, and I realize that there are a limited number of modhours available for adding new features, but to me it would be worth it as currently it seems like there really are a lot of anonymous AskMes that fall through the cracks and which could be recovered by this new system.

tl;dr: I like this pony, and I would feed it every day, and ride it, and comb its coat every day also. I vote we name it Delphi.
posted by Scientist at 4:40 PM on April 16, 2011

I'm under the impression (correctly?) that this sort of information already exists, but that it's not in an obviously-visible place (even to the mods) and that they don't tend to dig into it without a specific reason to do so.

Actually, that's not the case. There is no link between asker and anonymous question in the database, period; we can put together who asked what through some digging about with circumstantial evidence based on the timing of anonymous submission emails that Matt and Jess get, but it's an entirely manual process.

So, the workflow would have to change fundamentally.
posted by cortex (staff) at 4:50 PM on April 16, 2011

Yeah, there is no link in the database that is machine-readable between anon question and asker.

A secondary concern is that we don't have much of an interest in making the anon feature much easier to use I mean, we don't want it to be difficult, but we want people to use the feature rarely, maybe once or twice a year. We've been seeing some serial anon askers where people will say "This is my previous question, let me tell you how things are going and you can give me more advice" linking to a previous anon question a few weeks earlier. Except in sort of serious cases, that's not how the feature is internded to be used.

As we see it, this means that you ask when it's really important and both the asker and the answerers have a vested interest in making the transaction useful. So this is how I see it. I'm not saying this is correct, but it's my gut feeling.

- If the site is glutted with anon "Help me deal with the latest wrinkle in my ongoing complicated relationship" questions, people will get less interested in answering them and in AskMe generally.
- If asking a question and adding updates is simple and completely removed from the mod-circuit, people who overuse the feature will be more inclined to overuse it and ask more questions, not fewer
- If the anon-asker option is removed from mod scrutiny, it's much more difficult for us to tell who is overusing the feature

As of now, it's an open question whether increasing anon usage would be a net negative to AskMe, but I sort of feel that it would be and this is not just because there is mod effort involved. Part of the appeal of AskMe is that it's a community helping each other, people who may not have known identities but they have consistent identities which makes both questions and answers more useful than random one-offs. And the level of anon questions is in about the 10% range give or take. Anon questions have the additional "is this a real question?" problem. If people had anon-answering identities, how long would they be good for? Could they be used in MeTa if the question got called out? How careful would we-as-mods have to be protecting anon users' identities if they sort of half-out themselves? How important is people's ability to ask an anon question?

Ultimately, I personally feel that having the anon question process be somewhat labor intensive isn't a bad thing most of the time. I agree it sucks when people don't follow-up, but we say in the guidelines they should do that [as well as people saying so in the thread], and they don't. I'm not sure this feature would solve that problem.
posted by jessamyn (staff) at 5:05 PM on April 16, 2011 [1 favorite]

You could use a browser cookie to enable anonymous replies. If you log out, move to a different computer, or delete the cookie, you're out of luck. But it would work fine most of the time, and without creating an explicit link in the database.
posted by ryanrs at 5:34 PM on April 16, 2011

This function seems more than adequately served by an expectation that, should an OP desire it, they should give Matt the $5 needed for it.
posted by Blasdelb at 5:46 PM on April 16, 2011 [2 favorites]

Thank you for setting me straight about the situation re: user accounts not being attached to their anonymous questions. I can see that having to implement some kind of connecting data between the asker and the question would require additional work, but I still think the feature would be worth it (again, in the abstract – I am not pb's sockpuppet). There ought to be no technical reason why the linkage couldn't be a blind one, so that humans on the backend would be unable to connect a user to their question except by the means that currently exist.

Also I should probably mention that what I envision (can't speak for anyone else) is not a temporary personal account for replying to a particular question, but rather a system whereby one can reply to a question from one's main account and have the reply get shuttled through a linkage system and given anonymous's byline, much like when the question was initially asked. Again, in principle I see no reason why this connection couldn't be just between the user, the server, and God, optionally with moderator review of the anonymized reply. (Personally I'd vote for allowing unvetted replies, and simply have the mods moderate them after-the-fact as needed.)

I agree that anonymous questions should be the exception rather than the rule, and I don't think that the proposed feature addition would necessarily involve negating the vetting process – anonymous questions could still be vetted (and followup replies as well, though that would obviously add to moderator workload) to make sure that they are appropriate and that the system isn't being abused.

I also understand that there are some desirable effects (at least in theory) that result from making the anonymous asking process a little bit more inconvenient than the normal process, but I question whether these effects really play out the way they are supposed to. I currently count ten anonymous questions on the front page of the green, so they aren't particularly uncommon. Nor do they seem to push away respondents; three of the aforementioned questions have over twenty replies.

At least one of them, however, is currently crippled by a lack of information from the asker, and it lacks any followup replies. This question will probably never be answered satisfactorily (though honestly the asker probably really needs to talk to a lawyer). Making it easier for the asker to reply in this case might increase the utility of AskMe, relieve the frustration of those who have been attempting to answer it, and possibly bring in more answerers who otherwise would have remained on the sidelines.

I guess what I'm trying to say is that while I understand there are trade-offs here, I'm not sure that the situation currently works exactly as designed and I disagree about what the likely effects of implementing this change would be. I'm also not entirely sure that the design is totally in-line with the way that users want to use the site, though I'm aware that that's a matter of literally infinite potential debate.

I recognize that I am coming at this from a perspective of relative ignorance compared to the extensive and intimate experience that the mods have with the workings of this site and its community, and that there are doubtless many aspects of this situation that I either do not see or that I value differently from those who would have to actually deal with them. I still feel like the proposed feature would be a valuable addition to the site and would substantially improve the utility of AskMe for the types of uses that members actually want it for.
posted by Scientist at 6:12 PM on April 16, 2011

There is a distinct difference between "between the user, the server, and God (and maybe, with effort, the mods)" which you're proposing and "between the user and God (and maybe, with effort, the mods.)" The current system is not vulnerable to a database hack - what you're proposing is.

(Not saying that's the #1 reason not to change - I need to make a "This is only my personal observation!" macro - but it would be definitely non-anonymous in a totally different way than the status quo.)
posted by restless_nomad (staff) at 6:25 PM on April 16, 2011

This problem could be substantially mitigated by causing the record to be automatically deleted once the question is closed for new replies.
posted by Scientist at 6:29 PM on April 16, 2011

hal_c_on: "I kinda like the idea of a username being attached to a question. Otherwise, I sometimes think that maybe...just maybe its a fake question. I'm not saying they all are, or most of them are. I'm just saying having a username attached to an odd question may get a higher quality of responses, and people will be less inclined to have the same knee-jerk reaction that I sometimes do. Thats all."

I've posted anonymous questions that I would never, ever have asked under my own username. It's truly nice to have that option available when you need it.

If you think a question is fake, there's an easy solution: skip it. In eight years, I've seen far weirder questions posted by people under their own usernames than anonymously.
posted by zarq at 6:37 PM on April 16, 2011

Technical implementation is certainly an interesting problem to solve. My natural inclination is to think about it and come up with proposed solutions, and I'm sure I'm not the only one who reacts in this way. Trouble is, though, that having devoted time and energy to the problem I'd get emotionally attached to the best of my solutions, and then mistake that attachment for a desire to see this pony supplied.

Jessamyn has laid out some perfectly reasonable policy grounds why it's not a good idea, there's a workaround for the lack of it (the contact form), and I think we should just let it go.
posted by flabdablet at 6:41 PM on April 16, 2011

hal_c_on, just because you don't know who the username zarq maps to in real life doesn't mean that people don't exist who do. I don't know zarq's reasons, but I've asked 2 anonymous questions, both at least in some way about work. They were anonymous because I've talked about metafilter, and askme specifically, at work. I never would have asked those questions under my username. I didn't think "wow, hal_c_on can't know this is me", but rather "wow, work can't know this is me".
posted by donnagirl at 7:02 PM on April 16, 2011

Jessamyn has laid out some perfectly reasonable policy grounds why it's not a good idea, there's a workaround for the lack of it (the contact form), and I think we should just let it go.

I think flabdablet has it. As much as we might want to hear followups from anon askers in some cases, the potential downside is greater, I think. Especially if anons are being used for relationship stuff -- think about the judginess of some answers to relationship anons, and imagine the asker (who's often already in a dramatic situation/frame of mind) being able to snipe back anonymously. Blech.

Extra drama does nobody any good and makes the site less attractive to the kind of user we want to keep. A great thing about this place is how the site-design decisions and the mods' low-key interventions both work to keep drama low; there are a lot of features they could have implemented but haven't because of the potential for abuse or other baloney they'd create.

Shorter: This pony is sweet but rides to Dramatown.
posted by LobsterMitten at 7:30 PM on April 16, 2011

You guys have probably considered it already, but here's a system that doesn't seem like it would require radically rewiring the site. When a user asks an anon question, ask them to re-enter their password. Then you simply save a checksum of this string:
<user ID><password><post ID>
In the anon reply form, you just ask for their password again, do the same checksum, and behold! Identity confirmed. No need to save information about the user anywhere.
posted by abcde at 7:46 PM on April 16, 2011

Getting a sockpuppet for anonymous questions is the right solution to this problem. The only concern I have about the solution is that some members of the community may not be able to afford a sockpuppet on top of their regular account. Maybe there could be an anonyfund or Matt could cut people who really need it a break on the sock or something.
posted by immlass at 8:19 PM on April 16, 2011 [1 favorite]

hal_c_on: "Zarq,

But why? I have no idea who you are. You are some dude on the internet named zarq. Your profile tells me you are a male dude, but thats about it. I theorized, but never understood that, so would you mind explaining?

I've used this name or some variation of it online since 1994. I kept a blog on livejournal. I was subscribed to a few listserv mailing lists. If someone wanted to build a picture of who I am from this name, they could do so quite thoroughly. My profile here used to have a lot more information about me, including my picture. If someone knows some of my old email addresses, they'd be able to pick out even more information about me from things I've written over the years.

This name gives me some anonymity. But I don't care to share everything online. I've asked anonymous questions that were personal, including one or two that were health related. This is not information that I want connected to me, or to my screen name, especially when I go looking for a job in the future. Plus, I'm an active member here and am friends offline with a small number of mefites. If say, I had a question about an embarrassing personal problem, do you think I'd want to share that with people who know me in person?

Also, because she works for a (nonpolitical!) Jewish organization and her name and photo are on their website, my wife's been a target of threatening faxes at her job for several years now from the assholes at Westboro Baptist. They named her by name. Said things about her and my children that I don't care to repeat here. It's enough to make you want to build a fucking safe room in the basement. Plus there was this.

I live a fairly uninteresting life. But still, I'm leery about dropping the veil of anonymity too far.
posted by zarq at 8:28 PM on April 16, 2011 [1 favorite]

Couldn't this be handled another way without major changes? Just allow anonymous askers to specify a password of their choosing (or the site could generate a random token for them) when they submit a question. That token (or a hash of it) gets stored in the database along with the anonymous question. If they later want to add a follow-up comment, they use a special comment form where they supply their secret token for that question. If the token matches the original one, the comment is posted as an anonymous follow-up and no identifying information is stored in the database. If the token doesn't match, the comment is from an imposter and isn't posted. It would be the asker's responsibility to hold on to their token while the question is open; if they lose it than they're in the same situation they would be in now.

This way, the link between user and anonymous question only exists in the form of knowledge held by the user, not a direct mapping in the database. It doesn't seem like this would require such major site changes to implement, but I can certainly see it being low enough on the priority list to not be happening anytime soon.
posted by zachlipton at 10:28 PM on April 16, 2011 [1 favorite]

When a user asks an anon question, ask them to re-enter their password.

Or to create a one-thread-only password for the purpose of replying, perhaps. Or one-time socks, with posting rights limited to that, but that's going to be a job to implement, and potentially open to abuse.

Ultimately, I don't think it's a pony of great price: the followup procedure is pretty explicit on the anon posting form, and the alternatives ($5 sock, disposable email, contact form) create a friction that I think is necessary for anons in Ask.
posted by holgate at 10:29 PM on April 16, 2011

holgate: I thought of the one-thread-only password approach, but that runs the risk of the user forgetting the thread password. The user's brain is a very unreliable data store, so it's safer to use the piece of private information we already know is well-memorized.
posted by abcde at 11:21 PM on April 16, 2011

But why? I have no idea who you are. You are some dude on the internet named zarq. Your profile tells me you are a male dude, but thats about it. I theorized, but never understood that, so would you mind explaining?

And not everyone's MeFi username is as divorced from the real world as Zarq's (which is barely divorced at all). Or, as I've been known to introduce myself at meetups:

"Hi, I'm Jacquilynne. On Metafilter, you'd know me as Jacquilynne. It's just easier for me to remember that way."

When I post anonymous questions, I'm generally concerned about Metafilter members finding things out about me. I'm worried about Google finding things out about me.
posted by jacquilynne at 7:39 AM on April 17, 2011

Sigh. "Generally not".
posted by jacquilynne at 7:39 AM on April 17, 2011

Could a randomly generated, stupidly long string (30 characters or so?) be displayed for the OP of each anon submission after they hit the submit button and then used as a key to gain access to normal askme functions like marking resolved, posting follow-up information, and whatever, if the question gets approved?

In that case there would still be no link to a user if the db is compromised, it would be reasonably secure from tampering and abuse, and it (maybe?) wouldn't require a great restructuring of the system.
posted by jsturgill at 4:16 PM on April 17, 2011

Or what zachlipton said.
posted by jsturgill at 4:17 PM on April 17, 2011

I think it's fun to come up with potential technical solutions for anonymous replies, and of these I think saving a hash of user_id, password, and some third piece of info that you can check against is pretty close. There's no way to trace it back to the original user, and it only requires a password to verify.

It gets tricky if people change their site password after asking the question. There's no link to the user, so there's no way to update the hash. And asking people to store/remember a one-time use password that we can't reset/retrieve will end with headaches. But ultimately I'm not sure designing the perfect system will be more than an exercise because we probably don't want a new system for the reasons Jessamyn pointed out.
posted by pb (staff) at 11:48 AM on April 18, 2011

Without speaking too much to the difficulty of implementing this idea, how about this: anonymous replies are linked to a user internally, but require the approval of two or more administrators or the like for that information to be revealed (a MeFi version of the two-man rule used for nuclear command and control). If this information can already be gleaned with enough manual detective work on the part of the staff here suggests that it has been needed on occasion, presumably to investigate potential abuse of the feature, or to respond quickly to a time-sensitive situation like a suicide attempt. I don't mean to come across as Jack Bauer or anything, but the potential for such scenarios exists and any preparation for it is likely to be of use in permitting anonymous replies.

Anonymous comments for non-question starters would also be highly desirable, I think. There have been a few questions in the past where I've wanted to contribute advice or the like, but have held back from doing so instinctively because the issue is either extremely personal or the topic at hand is, for whatever reason, unwise to associate with publicly. Perhaps a time limit, similar to the seven-day wait for new owners wanting to ask questions, could be set on such a feature, or some sort of threshold of comments and/or questions asked before the feature appears. You could keep the criteria private to avoid people attempting to circumvent or manipulate it in any way.
posted by jaffacakerhubarb at 1:06 PM on April 20, 2011

That's actually a really cool idea, jaffacake. May not be worth it if the current way only takes a few minutes, but I like the spy movie feel.

The tech would be easy enough. Each admin gets a PGP-type desktop app and makes a public/private key pair for themselves. Then it goes like this. Someone makes an anon post. For each possible pair of admins, save a separate encrypted copy of the user ID with a random key. For each of the two admins, save half of the key—encrypted with that admin's public key.

To do the unlocking, you could have a simple ColdFusion page that takes an anon post and spits out a list of the key info for each pair ("jessamyn/cortex: half 1/half 2"). Then have a textarea at the bottom of the page where you can paste in the complete key and hit the "unlock" button.

When it comes time to unlock a user's identity, both admins look up their half of the key and paste it into their PGP app to decrypt it. Then they put their halves together, paste the full key into the box and hit "unlock." One minute tops if they're in touch by IM or phone.
posted by abcde at 3:30 AM on April 21, 2011

I like the spy movie conceit as well for it's own sake as a fun brainstorm, but oh good lord are we not implementing double-turnkey systems. Right now what keeps us from randomly wading through people's question-to-submitter information is basic professional ethics; in the mean time, that information is not in the db at all, so a db security breach doesn't compromise people's anonymity in that respect.
posted by cortex (staff) at 6:52 AM on April 21, 2011

« Older Tweet out!   |   Greasemonkey deleted posts scipt Newer »

You are not logged in, either login or create an account to post comments