stephen.mason.jones

Thank you for the quick reply -- I'll implement that now :) Based on your experience, would you say anything above 1:10 flags:votes would be suspicious, or should I target something lower/higher? A...

1. Communauté
2. Computing Platform Community Discussions
3. Are collaboration bots allowed on Khan Academy?

One additional question, in regards to other people creating inappropriate programs through the bot, what would be a reasonable enforcement strategy? For example, if a project was shadowbanned by t...

1. Communauté
2. Computing Platform Community Discussions
3. Are collaboration bots allowed on Khan Academy?

This is very true. I just want to avoid accusing someone who may be completely unrelated. Until we know for sure if he even is the perpetrator I think we should assume innocence :) After all, it ...

1. Communauté
2. Computing Platform Community Discussions
3. Lost programs

They do, it's just that bookmarklets have complete control since they exist outside of KA's control. All KA can do is prevent people from putting new ones in their websites.

1. Communauté
2. Computing Platform Community Discussions
3. Bookmarklets on KA

That post message is just to trigger a editor save, it's how twitch.ka operates. Anything inside the program is incredibly safe, it's bookmarklets that have more permissions. Evan Lewis is aware o...

1. Communauté
2. Computing Platform Community Discussions
3. Lost programs

Oh! And I guess the most obvious: make sure that the bookmarklet was made by a trustworthy person (an anonymous person posting a bookmarklet is very suspicious).

1. Communauté
2. Computing Platform Community Discussions
3. Bookmarklets on KA

A few thoughts: 1. Unminify the code with something like js prettifier 2. If there's a string of random characters it's instantly suspicious (probably storing base 64 encoded code) 3. Anything gra...

1. Communauté
2. Computing Platform Community Discussions
3. Bookmarklets on KA

There isn't really any reliable way though to detect javascript adding links. There's so many ways to do it, and it can be obfuscated using changing variables and eval.

1. Communauté
2. Computing Platform Community Discussions
3. Bookmarklets on KA

I was also just thinking, see if you can snag the program ID from your browsing history. Otherwise it might be impossible for the devs to find the program...

1. Communauté
2. Computing Platform Community Discussions
3. Lost programs

But do any of you still have the bookmarklet bookmarked? That's what most likely contains the malicious code, the program was probably more of the method of delivery.

1. Communauté
2. Computing Platform Community Discussions
3. Lost programs