WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

480
(+2/-0)
Closed Bug in rate limit logic

When I post to Poal.co, about 20%-30% of the time I get an error message of 'dayum, calm down...' When I get this error I always immediately just hit the submit button again because I know that this error is a false positive. When the submit button is clicked a second time it typically goes through.

No @AOU, I am not using a TOR connection or a VPN connection. No there is no other Poal.co traffic coming from my IP address.

https://poal.co/s/AskPoal/503525/829cbfb0-622d-4669-a7a5-78c28b9132cc#cmnts

When I post to Poal.co, about 20%-30% of the time I get an error message of 'dayum, calm down...' When I get this error I always immediately just hit the submit button again because I know that this error is a false positive. When the submit button is clicked a second time it typically goes through. No @AOU, I am not using a TOR connection or a VPN connection. No there is no other Poal.co traffic coming from my IP address. https://poal.co/s/AskPoal/503525/829cbfb0-622d-4669-a7a5-78c28b9132cc#cmnts

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (19).
[–] 0 pt

The rate-limit has been working perfectly fine for everyone else.

..and I literally never brought this up until some other user complained and you dismissed it out of hand.

[–] 0 pt

A couple users.

you dismissed it out of hand.

See, you're doubling down. I didn't dismiss, but explained them the reason why they might encounter this issue.

[–] 0 pt

So some serious questions for you to ponder... I am not trying to shit post. Really think about this:

  1. How do you know it is only a couple users? Right now our working theory is that there is some level of ISP level NAT going on... if thats the case then literally millions of users could be hiding behind a single IP. We are talking about the specific logic used to uniquely identify users... if that logic is imperfect then this problem might be far more widespread than you realize. Now if the only consequence to these false duplicates is a transient error message then its no big deal... BUT:

  2. The fact that I am not using TOR or VPN but yet still frequently see this error indicates to me that the server side logic used for unique identification will sometimes throw false duplicates. Is this the same code logic you use in 'The Algorithm' ? We have seen many people come here and be flagged for suspicious behavior. In many of these cases the abuse was very obvious to all of us even without admin access. But we also have people who staunchly defend their own actions and claim to be falsely accused. So if the logic used to identify unique visitors is sometimes flawed... is it possible that the algorithm sometimes flags users improperly?

[–] 1 pt

How do you know it is only a couple users?

lol Because of the logs, genius.

I'm done with you. Try to waste someone else's time.