User Tag List

Results 1 to 9 of 9

Thread: poll response

  1. #1
    Whitelisted Captain Total_Epicness's Avatar
    Join Date
    Jun 2019
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    poll response

    - The poll does not filter respondents nor offer any form of verification and protection against trolling it.



    Its something you have to deal with on polls. Even if we do ingame, people can multikey or convince newer players who don't know the game to vote another way. Which is another point, having it ingame can lead to people being peer pressured after a particularly salty round. Longer polls tend to have less potential trolling since the time investment needed to make a difference on the averages without making it painfully obvious that its a bad response is larger. That's why it is shared. More responses from actual people = bigger time investment for trolls. Though acceptably, google forms is more susceptible to this because of how shite it is.

    Every poll method has its upsides and downsides.

    Tying it ingame and making it run by staff is also bad as well since you potentially lose the anonimity which is a massive issue when you are trying to measure things like staff performance and relations. You mine as well not put those questions on there because the results are going to be skewed as shit. Even if it says its anonymous in code, there isn't a way to check whats actually running on the server. Its not like we can just leave index.html and have the apache file browser open so that you can even download whats running on the server. If its open-source and there is no way to verify that the section of the code running is the same as whats on the open source repo, it mine as well not be open source. If we are planning to make it ingame with the "anonymous" moniker. put a SHA256hash.txt next to it and an option to view the SHA ingame

    The only true solution to these issues would be to run it on an open source server, with code on github. Purposely leave a security flaw by having the Apache/Ngix file browser enabled. Allow users to download the code both on the github and whats running on the server. And to have some sort of cookie and/or valid byond account checker. Then have extensive testing so some retard cant do le funny "OR 1=1" it and SQL inject it to BTFO all the results.

    Even then it is still susceptible to trolling, and like I said before, its something you deal with. Share it with as many people as possible so they have to put more effort to throw off the averages, and cross your fingers. Nothing is impervious to trolling, hacking, breaking or sinking - the guys who made the titanic after it sank (probably)



    - The poll dangerously misidentifies a fraction of the Discord population as representative. Combined with the above, it fails basic validity checks.

    Point? This is meant to be shared. Its not like I put this in the amogus metacord only or had it in the MP cord only for their opinions. This is why we share polls to as wide of an audience as possible so we get diverse opinions instead of putting it in the middle of an argument in #community-feedback to prove a point by polling everyone who is viewing the channel (staff loses since they are outnumbered by default 99% of the time when this happens). Look above for the validity checks one.

    - The poll is designed with multiple disqualifying methodological flaws. The questions and especially answers are leading or memes. Instead of using simple Likert scales, it labels the answers. It has an ill-informed gender identity question.

    Yeah some of them are well unprofessional to say the least. Memes help with engagement a lot and so does some of the unprofessionalism. A 4 page+ poll is boring as shit to do with little engagement. The gender identify one has been fixed not long after concerns were raised. in my defense, i as a straight person don't deal with gender issues much, so I don't really understand it wholly as a result. My bad

    - The poll uses Google docs/forms which is an insecure way that potentially exposes the identity of people taking it to a third party.

    Unless you live under a rock or are a gigachad who only uses talios/ duckduckgo combo, google knows more about you than CM can ever store on their server. Furthermore, some of the more privacy-sensitive poll answers are really broad on purpose to protect against this, like using geolocations instead of countries, and ranges instead of specific ages. Sure google forms is worse in terms of actually making your own polling site that is open-sourced, but its arguably better than other third parties since their privacy policies can vary in walls of cryptic legalese.

    - Some of the qualitative (open-ended) answers have been posted verbatim without informing the users they will be done as such. These can contain identifiable information that can lead to grudging and harassment.

    *It was implied that the results would be public. Though it should have been explicit. My fault*. Hiding the results would make the poll more closed and less intresting, to say the least. In retrospect, I should have EXPLICITLY said that it will be public and put a disclaimer before the open ended ones. My bad (x3)

    A bad poll can ruin the point you may be trying to make. This is an extremely bad poll.

    I'm not really making a point here., I simply put a bunch of general community opinions into one. The only one I was really interested in was the features vs balance one since I am a big features guy (real contributor hours). A bad poll would be one that is put in the heat of an argument like I said earlier or shared only to specific people, not specific nor long enough. In my opinion it does justice for this issue and is pretty decent in terms of proper polls. I intended to combine memey unprofessionalism with serious questions. There is a reason why the last section is the most memey (though I had put some questions there that I forgot). But hey thats my opinion of my own poll and how I intended it to be. Take it as you like it.


    edit: Yeah, I know its flawed in some ways, but I accept them. No one's perfect and its impossible to run "the perfect" poll without rolling up to everyone's addresses and giving them a form to fill out

    edit2: Another thing I forgot to mention is that I put some opinions being shared around as some of the answers for the linear/scale questions. Like putting "oppressive powerhungry morons" for admin questions since I though that was an "extreme" view of staff or "the non free approach to moderation" for the metacords one since I thought it was interesting enough to put. In hindsight, those are really bad and should be reserverd for the intentionally memey ones only. ( my bad)
    /end
    Last edited by Total_Epicness; 11-07-2021 at 07:56 PM. Reason: additional note
    Benson 'Bengus' Gusman, Frankie 'LTB' Sulyard (old TC name)



  2. #2
    Member
    Join Date
    Jan 2021
    Posts
    91
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    thread is going to be shut down and bengus will disappear from cm watch

  3. #3
    Senior Member
    Join Date
    May 2021
    Posts
    170
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Hey, thanks for taking the time to make this bengus. I'll look at it, maybe give some thoughts tomorrow. Always good to have civil discussion. <3

  4. #4
    Whitelisted Captain Total_Epicness's Avatar
    Join Date
    Jun 2019
    Posts
    81
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The idea of hashing ckeys that was thrown in #community-feedback seemed good to preserve anonymity. Though id suggest salting them or atleast putting a prefix like "CM_TotalEpicness5" to prevent people from just running the who verb and generating the same hashes by using the same algorithm.

    https://auth0.com/blog/adding-salt-t...ore-passwords/

    Not even rainbow tables can help decode a properly salted hash
    Benson 'Bengus' Gusman, Frankie 'LTB' Sulyard (old TC name)



  5. #5
    Senior Member
    Join Date
    Feb 2020
    Posts
    262
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Based poll

  6. #6
    Ancient Member
    Join Date
    Apr 2020
    Posts
    814
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what even was the poll?

  7. #7
    Senior Admin
    Join Date
    Nov 2020
    Posts
    277
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Total_Epicness View Post
    - The poll does not filter respondents nor offer any form of verification and protection against trolling it.



    Its something you have to deal with on polls. Even if we do ingame, people can multikey or convince newer players who don't know the game to vote another way. Which is another point, having it ingame can lead to people being peer pressured after a particularly salty round. Longer polls tend to have less potential trolling since the time investment needed to make a difference on the averages without making it painfully obvious that its a bad response is larger. That's why it is shared. More responses from actual people = bigger time investment for trolls. Though acceptably, google forms is more susceptible to this because of how shite it is.



    Multikeying is a bannable offense. We have countermeasures to that. We can exclude people with an account age of 0 to a few hours. Answering a poll in-game should be secret, only possible at the beginning of a round/before joining and an answer can be changed through the duration of the poll exactly to avoid impulsive answers.

    Meanwhile you can write a script to troll google polls.

    Google polls are easier to mess with by multiple orders of magnitude, which makes them less reliable by multiple orders of magnitude.


    Quote Originally Posted by Total_Epicness View Post
    - The poll does not filter respondents nor offer any form of verification and protection against trolling it.

    Every poll method has its upsides and downsides.

    Tying it ingame and making it run by staff is also bad as well since you potentially lose the anonimity which is a massive issue when you are trying to measure things like staff performance and relations. You mine as well not put those questions on there because the results are going to be skewed as shit. Even if it says its anonymous in code, there isn't a way to check whats actually running on the server. Its not like we can just leave index.html and have the apache file browser open so that you can even download whats running on the server. If its open-source and there is no way to verify that the section of the code running is the same as whats on the open source repo, it mine as well not be open source. If we are planning to make it ingame with the "anonymous" moniker. put a SHA256hash.txt next to it and an option to view the SHA ingame


    - The poll does not filter respondents nor offer any form of verification and protection against trolling it.

    The only true solution to these issues would be to run it on an open source server, with code on github. Purposely leave a security flaw by having the Apache/Ngix file browser enabled. Allow users to download the code both on the github and whats running on the server. And to have some sort of cookie and/or valid byond account checker. Then have extensive testing so some retard cant do le funny "OR 1=1" it and SQL inject it to BTFO all the results.
    It may be just me, but if CM Staff was not interested in listening to public feedback, we would have said as much instead of forming an intricate plan of invigilating the community and falsifying polls. The biggest issue to me is, why would we do that if we always have the option of saying "No, not interested." which takes minimal effort.

    Everything you say, occ, looc DM etc on the server is already logged. That is way more information than a simple poll would provide. If staff was really interested in retaliatory action (and they really, really aren't because we're not... I'm not even sure what to call this) we have way more powerful tools to invigilate the community than a simple opinion poll.

    I'm not sure what to tell you if you actually believe that anyone on staff would do such a thing.

    Regardless. My issue is not that data is collected. My issue is that we don't know who the data is going to and how it is handled.

    For reference, what I would like to see here is how the end result of a poll looks on the receiving end and who exactly is getting those/privy to see those (at the very least provide your nickname/s so it is immediately clear who and how is handling the data)

    Clearly state in the poll who is getting the responses. If someone else will be looking at them, mention that as well. Provide an example piece of data for reference.

    Quote Originally Posted by Total_Epicness View Post
    Even then it is still susceptible to trolling, and like I said before, its something you deal with. Share it with as many people as possible so they have to put more effort to throw off the averages, and cross your fingers. Nothing is impervious to trolling, hacking, breaking or sinking - the guys who made the titanic after it sank (probably)
    There are obvious ways you can use, seen above, to reduce your margin of error. Crossing your finger and sending your poll to as many people as possible is how election polling companies get their predictions wrong.

    Also, I may be wrong, but the makers of the titanic knew there were issues, they just ignored them ;P

    Quote Originally Posted by Total_Epicness View Post
    Quote Originally Posted by Total_Epicness View Post
    - The poll dangerously misidentifies a fraction of the Discord population as representative. Combined with the above, it fails basic validity checks.

    Point? This is meant to be shared. Its not like I put this in the amogus metacord only or had it in the MP cord only for their opinions. This is why we share polls to as wide of an audience as possible so we get diverse opinions instead of putting it in the middle of an argument in #community-feedback to prove a point by polling everyone who is viewing the channel (staff loses since they are outnumbered by default 99% of the time when this happens). Look above for the validity checks one.
    The total population of the Discord, even if we assume everyone answers the poll there, is not representative of the total population in game. The Discord has people who haven't played the game. Again, in-game verification lets us filter out people who have not played for a month or two.

    I actually do not have a suggestion here. This is just a fundamental error that cannot be corrected, so I'll leave this.

    Quote Originally Posted by Total_Epicness View Post
    - The poll is designed with multiple disqualifying methodological flaws. The questions and especially answers are leading or memes. Instead of using simple Likert scales, it labels the answers. It has an ill-informed gender identity question.

    Yeah some of them are well unprofessional to say the least. Memes help with engagement a lot and so does some of the unprofessionalism. A 4 page+ poll is boring as shit to do with little engagement. The gender identify one has been fixed not long after concerns were raised. in my defense, i as a straight person don't deal with gender issues much, so I don't really understand it wholly as a result. My bad
    But by doing so, you're damaging the accuracy of what you are polling.

    Your scales need to be either unlabeled, or labeled in a balanced, consistent, free of dark pattern like language way. Otherwise you are affecting and distorting the answers. Ask clear questions and demand precise answers. Here is an example.

    Quote Originally Posted by Total_Epicness View Post
    - The poll uses Google docs/forms which is an insecure way that potentially exposes the identity of people taking it to a third party.

    Unless you live under a rock or are a gigachad who only uses talios/ duckduckgo combo, google knows more about you than CM can ever store on their server. Furthermore, some of the more privacy-sensitive poll answers are really broad on purpose to protect against this, like using geolocations instead of countries, and ranges instead of specific ages. Sure google forms is worse in terms of actually making your own polling site that is open-sourced, but its arguably better than other third parties since their privacy policies can vary in walls of cryptic legalese.
    See above. My issue is someone may be inadvertently exposing their identity to someone that is not clearly defined. You owe it to your responder to clearly identify yourself (again, nickname or whatnot is fine. I don't want anyone to have to use their real name unless they want to for whatever reason)

    Quote Originally Posted by Total_Epicness View Post
    - Some of the qualitative (open-ended) answers have been posted verbatim without informing the users they will be done as such. These can contain identifiable information that can lead to grudging and harassment.

    *It was implied that the results would be public. Though it should have been explicit. My fault*. Hiding the results would make the poll more closed and less intresting, to say the least. In retrospect, I should have EXPLICITLY said that it will be public and put a disclaimer before the open ended ones. My bad (x3)
    Correct. Which is why you collate your answers and qualify them.

    You create tags for the answers and qualify them by tags.

    For example x users complained about metacords, y users complained about not enough AP ammo, z users complained about admins but not developers and q users complained about developers, but not admins.

    Posting just answers is meaningless to the poll itself and does not provide actual data. Properly quantifying the information does. And again, posting answers verbatim lets users identify responders and that leads us... Places.

    Here is one of multiple sources that suggests how to deal with this in depth.

    Quote Originally Posted by Total_Epicness View Post
    A bad poll can ruin the point you may be trying to make. This is an extremely bad poll.

    I'm not really making a point here., I simply put a bunch of general community opinions into one. The only one I was really interested in was the features vs balance one since I am a big features guy (real contributor hours). A bad poll would be one that is put in the heat of an argument like I said earlier or shared only to specific people, not specific nor long enough. In my opinion it does justice for this issue and is pretty decent in terms of proper polls. I intended to combine memey unprofessionalism with serious questions. There is a reason why the last section is the most memey (though I had put some questions there that I forgot). But hey thats my opinion of my own poll and how I intended it to be. Take it as you like it.

    edit: Yeah, I know its flawed in some ways, but I accept them. No one's perfect and its impossible to run "the perfect" poll without rolling up to everyone's addresses and giving them a form to fill out

    edit2: Another thing I forgot to mention is that I put some opinions being shared around as some of the answers for the linear/scale questions. Like putting "oppressive powerhungry morons" for admin questions since I though that was an "extreme" view of staff or "the non free approach to moderation" for the metacords one since I thought it was interesting enough to put. In hindsight, those are really bad and should be reserverd for the intentionally memey ones only. ( my bad)
    /end
    You may not be making a point here. But this flawed data will be used by others to try and make one which is something that has already happened.

    Anyway, TLDR:

    - Clearly identify yourself in the poll as its author. (nickname will do, please don't use your real name)

    - Hashing/Salting Ckeys is fine again, as long as there is no unexpected access to those before the process.

    - Remove leading questions and standardize your scales.

    - Properly collate your open ended responses. Read through them and assign tags to specie issues mentioned and count those tags. Do not expose verbatim answers.


    Feel free to DM me on the discord or ask any further questions, or you can write here.
    Senior Administrator


  8. #8
    Senior Member
    Join Date
    Aug 2020
    Posts
    247
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lunarflu View Post
    Hey, thanks for taking the time to make this bengus. I'll look at it, maybe give some thoughts tomorrow. Always good to have civil discussion. <3
    who are you again? and also wtf was on the poll lmao

  9. #9
    Ancient Member
    Join Date
    Aug 2019
    Posts
    575
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Total_Epicness did not ban himself

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •