proj.md

RPI-Link

Why this is needed

RPI's online communities (most notably: its subreddit, /r/rpi, but also including yikyak) suffer from high amounts of toxicity. This is a concern of those in charge of moderating the communities, and an effort has been made to help cut down on some of these problems (i.e. sockpuppet accounts, brigading, trolling, completely anonymous harassment).

How it works

There are a few core parts to the linking system. It allows for account creation using a sign-in through a supported service (at this time: discord, reddit, and RPI's CAS). Once this has been done, users can link remaining services to their account on the site.

Note: No password or site-provided sign-in is provided. All signing in is done through external services, and no passwords are stored or requested.

Once a student links/registers with RPI's CAS, some data lookup is needed. Ideally, the CAS could return this data in an "extra attributes" parameter (this is outlined in the CAS standard specifications, and supported by most/all CAS servers and clients). The data that is absolutely needed is as follows:

• Student/Faculty/Guest/etc (status in relation to the university)

Additional data, in order of a usefulness/privacy tradeoff, are as follows:

• Expected graduation date/enrollment date by cohort
• Major(s)
• Club data (this was never considered before, but if a club management API key is what's needed to be able to get the other stuff, may as well take into account what can be done).

Originally this data was going to be obtained by using LDAP to look up the information returned by signing in to the RPI CAS (i.e. RCIS ID) and then determine if the person attempting to sign in is, in fact, a student. The reason this is necessary is because it will need to be necessary to validate/verify who is a student, who is a faculty, who is an alumnus, etc. [ We cannot assume that anyone with a valid signin is a student, since apparently some alumni have been able to sign in through the CAS well past graduating from RPI ].

The data would be used as follows:

• Student/Faculty status:
  • Discord:
    • a verified +student role can be given to verified students. Additionally, the appliation requests the guilds.join permission for discord accounts, so that verified students will have their accounts auto-joined to the server if they so choose (this is done in order to prevent unverified accounts from joining - no sockpuppets/alts).
  • Reddit:
    • a verified student can have a special reddit flair applied to their account (i.e. .flair-verified-<major>). This can allow for reddit's automoderator to only allow verified students/faculty to post in certain threads.
  • General:
    • A big part of this is cutting down on sockpuppeting/ban evasion, which is something of a problem on /r/rpi. Most of the users on the subreddit will be sharing IP addresses so ban evasion can't really be dealt with, so an alternate method would be to restrict verification.
      • To preserve pseudonomymity, any admins shouldn't be able to ever directly see rcs IDs. They'll be stored, but should ideally be hashed/turned into a random pneumonic (i.e. "RedElongatedBattleHorse", a la gfycat URLs) for easy cross-identification, but still preserving users' rights to speak without being traced back to their real-life identity if they so choose.
      • If a user abuses their verified status to act toxicly, their verified status will be suspended for some time. If it's abused a 2nd time, it will be suspended permanently on that service.
• Expected graduation date/enrollment:
  • This is so that the users can choose where to show this data (i.e. apply a date suffix to their reddit flair, or get the +2019 role on the discord server).
• Major(s):
  • Similar to the graduation date, so that users can choose to apply their major(s) to their visible roles/flair.
• Club data:
  • Special flair text on /r/rpi (i.e. "Student Senate president")
  • Member roles on the discord subreddit (i.e. all Pokemon club members can choose to have the +pokemon role, which can be @mentioned to notify all the club members online.

All of this data (aside from the verifcation process) would be displayed on the users' profile for them to see, with toggles for what is visible, where.

The major parts of this project are to tie together RPI's different online communities and cut down on pure anonymimity. While pseudonymity does have its benefits, it enables toxicity and harassment when no repercussions can be faced. Obviously, the communities like /r/rpi cannot be closed to non-verified users (this would cut down on prospective students' abilities to ask questions), non-verifies users could be curbed so that nonstudents can still participate like they would before, and those that abused their position of anonymity would be unable to continue doing so.

With regards to tying together RPI's different communities: Facebook is one of the larger systems that RPI students use (housing groups, club groups, groups for majors, groups for different classes, different cohorts, etc). However, all of this is rather disjointed from other communities. One aim of this project would be to allow for club officers to, say, set a defined discord server for their club, which users can then click to join, or to set a defined facebook group for the club that could be joined. Announcements and stuff could also be centralized and pushed to several services at once.

There's currently a rather solid lack of any coherence to RPI's online communities, and this attempts to better them all. Colleges are meant to encourage mixing and positive discourse, but currently the various communities and clubs tend to not mix much online; the cloak of anonymity also enables abuse and needs to be curbed somewhat.

I'm a CS student so this writeup is probably terrible.