Rendered at 16:24:31 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
mentalgear 1 days ago [-]
It's a nice idea, but I have mostly stopped using/installing any software that is not open-source a long time ago. So, please open-source it, especially if you want users to truly trust it.
Even then, I would recommend anyone to install (small to mid) browser extensions by cloning and inspecting the source and just then loading it yourself - if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true).
smusamashah 1 days ago [-]
This could become/converted to a userscript making it easy to inspect and more cross compatible. It's very easy these days.
imiric 1 days ago [-]
To be fair, the .xpi is just a .zip file, and the JS isn't minimized.
I vibe-converted it to a userscript[1], but it doesn't work for me in qutebrowser because it depends on profile data fetched from `https://hn-trustspark.com/alltrust.json`, which seems to be periodically updated by the author, and qutebrowser has limited userscript support. :(
It could probably be worked around by fetching the data externally, but I don't want to depend on hn-trustspark.com. It would be great if the profile updating tool could be published as well.
Anyway, hope it helps someone else :)
FWIW, after a quick review of the script, it looks safe to me. As long as you trust that the served profile data is correct, and don't mind leaking your IP to it.
Great idea and kudos to the author! We need more tools like this to help us deal with spam, and not just on HN, but everywhere.
Thanks! Nice, you found the alltrust.json file ha. Yes, a bg job running on an rpi leverages HN APIs and builds the alltrust file by the minute, for all "active" accounts. Technically fetching that data is all you'd need to make your own script/plugin.
It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.
defrost 1 days ago [-]
It's a good idea, provided nothing sketchy goes on either now or in a future update ... I'm playing about with it but will likely unload it soon enough.
One issue: New accounts with Zero submissions get a full green stack for "Submission Trust" (0 submissions in 0 days).
That comes across as three flat red lines and a singl tall green stack - not sure if that's the right message.
Submissions is an odd one ... those people that submit a story seen on the tech blogs once a day get bucketed together with habitual spammers of poor quality posts.
1 days ago [-]
solaire_oa 1 days ago [-]
Author here. This is a good callout, there are a few reasons why it's a plugin and not open source (yet).
First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.
Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).
Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).
But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.
mentalgear 8 hours ago [-]
Appreciate the long reply and insights into your thoughts. I feel your resistance of slinging LLM slop, but hiding it doesn't make it better. I'd far more appreciate it being open source and mentioning it has been generated with LLM assistance, over not mentioning it at all. If the code has been reviewed and is simple enough to understand, it's appreciated and not perceived as vibe coded slop.
I can figure out how to shasum/sig the extension for heightened trust.
imiric 21 hours ago [-]
Hey, that's a perfectly reasonable stance, and I can relate to it.
Apologies for working around it and putting the code out there against your wishes. If you check my post history, you can see how opposed I am to these new tools, and "vibe coding" specifically. In my defense, I really didn't want to spend a lot of time on this, and LLMs do a decent job at this type of mechanical conversion. And I really don't judge anyone for using them mindfully, as you've clearly done in this case. The code didn't read like slop to me, if it's any consolation. :)
Besides, this "closed source" criticism is really a non-issue in this case considering it's a browser extension with clear JS, which anyone can inspect if they were really interested.
Cheers!
EDIT: I've deleted the gist. :)
solaire_oa 20 hours ago [-]
No problem at all! I didn't mean to be accusatory. And I wouldn't say inspecting the plugin code is against my wishes at all, no, definitely keep that hacker spirit alive! And feel free to reload the gist.
I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.
qubidt 17 hours ago [-]
I've found many developers having switched to non-github forges (e.g. forgejo/gitlab/sourcehut or what have you), but particularly self-hosted instances, to sort of opt-out of the culture around mpdern-day open source. My sense is the barrier of entry is a social signal that they'd like to opt out of being assigned community manager+tech support+moderator for anonymous users. typically there isn't a functional issue here, but I guess avoiding the town square is a good way to avoid having to interact with the town drunk/crank/large language model
password4321 1 days ago [-]
Wow "trust as in trust me bro", thanks for the heads-up. Only Y Combinator is allowed that level of access to HN karma metadata right now; what a gold mine.
bryanhogan 1 days ago [-]
Interesting idea, wondering if the 4 bars are a good way to evaluate accounts.
Some more thoughts:
1. The website needs a description of what this project even is.
2. Open-source the code, especially since it's just for the community, I'd be vary of installing "some random" extension from the store.
3. The modal element in the iFrame on the website is cutoff on mobile widths using Firefox.
cpa 1 days ago [-]
Interesting, but how is the trust signal measured? I couldn’t find this information
annie511266728 1 days ago [-]
If it’s not transparent, it kind of defeats the whole idea of a “trust” signal — at that point it’s just a number you either believe or ignore.
xnx 1 days ago [-]
"trust me bro" signal
cobertos 1 days ago [-]
I'm pretty sure it's based off of the configuration in the green gear in the top right of the iframe. You can inspect the ways it's calculated from karma, comments, etc etc
CalRobert 1 days ago [-]
If you look at the config it's based on karma, comments, submission rate, comment rate (optional), and account age (that is, if you trust it actually uses the config how it says)
angry_octet 1 days ago [-]
There are some high karma accounts which make a great contribution, and others which ... don't. I'm doubtful whether karma or account age has a significant signal beyond anti-spam.
But it would be useful to know if I had up/down voted them significantly in the past.
angry_octet 8 hours ago [-]
As if to demonstrate my point, two high karma accounts have down voted my suggestion that karma is meaningful. Naturally they are too craven to enter the field.
krapp 1 days ago [-]
The only thing karma reliably indicates is participation over time, the signal is too noisy for anything else. If anything high karma should be a red flag. The very best contributors here rarely comment because they have better things to do. It shows an 8/8 score for me and I doubt anyone would consider me a top tier high quality contributor.
A plugin like HN Comments Owl would be more useful IMHO.
adrianwaj 1 days ago [-]
Great idea.
I think friend/foe and trust signals should come from a user's voting. So I think it should operate transparently to the user and there should be a default shade-out option of bad actors, but with the option to view. So it's set-and-forget. On the backend - could you make it so if you've never visited HN before, and you install the plugin, the experience changes accordingly?
I had the idea to setup a forum somewhere else - this sort of functionality would come in handy as part of normal operation.
mooreds 1 days ago [-]
Site breaks for my account? Maybe I'm not trusted? But I see no sparklines next to my username when I visit https://hn-trustspark.com/ and have posts on the newest page.
mooreds 1 days ago [-]
Actually, it did just blur out one of my submissions so maybe it does work and my other submissions are, as the kids say, mid.
solaire_oa 1 days ago [-]
Oh wow, You're a human with a high submission rate! I assumed accounts like these were bots. I've seen a large number of accounts like yours in `/newest`, indeed, it's the reason I made the default demo penalize high submission rates. If you don't mind me asking, what are you submission habits? Do you just submit links you find interesting often? And does the karma rewards factor into your routine submissions?
(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).
mooreds 23 hours ago [-]
haha, no worries.
> what are you submission habits? Do you just submit links you find interesting often?
Pretty much. I will often email myself links I think might be interesting, then batch up submissions. I also like to highlight friends' posts.
> And does the karma rewards factor into your routine submissions?
It's always fun to get karma, but I like the fact I can call attention to someone or something that deserves it more.
I also wrote and talked about my thoughts on HN and how to be a good community member a bit more:
Darn, I really thought submission rates were the lowest hanging fruit for bot detection, and it doesn't appear this is the case.
Thanks for commenting so I could see this.
For what it's worth, penalizing submission rates is not the default in the plugin itself, that's just for the demo. And also, in my testing, HN at large has "high trust" practically everywhere. My own account is consistently one of the lowest scoring that I come across, ironically. So perhaps this plugin isn't as useful as I had hoped.
mooreds 4 hours ago [-]
Hmmm. No data here, just heuristics from my time on HN, but if I were looking for bot accounts, I'd look for:
* a large percentage of posts from the same domain
* a large number of flagged posts
There are also some domains that show up when you are logged in and submit them and don't show up if you view the page anonymously (the entire domain has been added to the killfile). dev.to is one of these.
Submissions of those domains might be automated.
Good luck!
onli 1 days ago [-]
Suggestion: instead of just popping in the computed graphic add a placeholder immediately - four low grey bars should work well, in the same width as the final sparkline graphics. That way the text on the page will not jump later when the final sparklines are ready.
vivid242 1 days ago [-]
After attention, are we now in the trust economy… a brilliant idea for a plugin - thank you!
amelius 1 days ago [-]
The problem is that I don't trust plugins.
Is there a way to do this from a bookmarklet?
solaire_oa 1 days ago [-]
Author here. I tried a bookmarklet, that was my preference, but the security headers in HN were too strict. As far as I could tell anyway.
neom 1 days ago [-]
Great idea! I've been running my own chrome plugin I made that is similar, but recently discovered this: https://oj-hn.com/ and intend to start to contribute to it as it's very good and hope it grows. Something like Sparklines would be great in oj also for us chrome users, I really like the Sparklines implementation.
croemer 1 days ago [-]
Does anyone have an archive.is? Page hasn't been loading the 4 times I tried over the course of an hour.
This should have at least a basic description of how the trust signal works and is calculated
alex7o 1 days ago [-]
Where can I see mine?
CalRobert 1 days ago [-]
Install the plugin and then load up your profile page, or any page with ac omment from you (like this one)
You have an overall 7 out of 8.
no_shadowban_3 1 days ago [-]
[dead]
arjie 1 days ago [-]
I considered something like this but I find the UX of information too noisy. In practice, I much prefer simply performing a ternary block/leave alone/highlight functionality. And it's comments that bother me more than links.
Lapra 1 days ago [-]
The problem with having a public trust score is that it'll be gamed by bad actors A/B testing their bots surely.
layer8 1 days ago [-]
I wouldn’t call four bars a sparkline.
Izmaki 1 days ago [-]
Great way to gatekeep new contributors trying to be helpful with news. Run the link through URL Scan if you’re paranoid…
hluska 1 days ago [-]
I wish I wouldn’t have read this comment from you, so you may be onto a feature.
Even then, I would recommend anyone to install (small to mid) browser extensions by cloning and inspecting the source and just then loading it yourself - if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true).
I vibe-converted it to a userscript[1], but it doesn't work for me in qutebrowser because it depends on profile data fetched from `https://hn-trustspark.com/alltrust.json`, which seems to be periodically updated by the author, and qutebrowser has limited userscript support. :(
It could probably be worked around by fetching the data externally, but I don't want to depend on hn-trustspark.com. It would be great if the profile updating tool could be published as well.
Anyway, hope it helps someone else :)
FWIW, after a quick review of the script, it looks safe to me. As long as you trust that the served profile data is correct, and don't mind leaking your IP to it.
Great idea and kudos to the author! We need more tools like this to help us deal with spam, and not just on HN, but everywhere.
[1]: https://gist.github.com/imiric/a5d1cd187e91eb0b725c4661250e5...
It's centralized for a few reasons though, first being that client-side API requests would be discourteous to the APIs (flood/ddos), and a whole new level of error handling would be required. Shared IPs, like those in a tech company building, would easily and quickly reach the API limits. So that's the reasoning, if you're curious.
One issue: New accounts with Zero submissions get a full green stack for "Submission Trust" (0 submissions in 0 days).
That comes across as three flat red lines and a singl tall green stack - not sure if that's the right message.
Submissions is an odd one ... those people that submit a story seen on the tech blogs once a day get bucketed together with habitual spammers of poor quality posts.
First is that I didn't want to make a plugin in the first place, I wanted to make a bookmarklet, but HN's CSP policy was too strict. So that was a bummer.
Second is that I have very mixed feelings about open source these days, and so open-sourcing feels less and less like the sensible default state. One of the sibling comments here discovered the alltrust.json and vibecoded around it, which is really a case in point about why open sourcing feels like I'd be leaving myself "open" to be domineered (not just by users, but by bots and companies as well).
Third is that the system/plugin is partly LLM-assisted itself (even though the code is minuscule), and I'm self conscious of being a slop-slinger. Or at least, pushing up repos with LLM code just feels, idk... lazy and asymmetrical (despite this plugin having clear utility, which I think it does).
But it's completely fair to say "oh look, a plugin about trust that's closed source, how hypocritical." I get that. If there's enough interest I'll open source it, sure.
I can figure out how to shasum/sig the extension for heightened trust.
Apologies for working around it and putting the code out there against your wishes. If you check my post history, you can see how opposed I am to these new tools, and "vibe coding" specifically. In my defense, I really didn't want to spend a lot of time on this, and LLMs do a decent job at this type of mechanical conversion. And I really don't judge anyone for using them mindfully, as you've clearly done in this case. The code didn't read like slop to me, if it's any consolation. :)
Besides, this "closed source" criticism is really a non-issue in this case considering it's a browser extension with clear JS, which anyone can inspect if they were really interested.
Cheers!
EDIT: I've deleted the gist. :)
I suppose that my point is more that creating a GitHub repo has some strings attached to it nowadays, is all.
Some more thoughts:
1. The website needs a description of what this project even is.
2. Open-source the code, especially since it's just for the community, I'd be vary of installing "some random" extension from the store.
3. The modal element in the iFrame on the website is cutoff on mobile widths using Firefox.
But it would be useful to know if I had up/down voted them significantly in the past.
A plugin like HN Comments Owl would be more useful IMHO.
I think friend/foe and trust signals should come from a user's voting. So I think it should operate transparently to the user and there should be a default shade-out option of bad actors, but with the option to view. So it's set-and-forget. On the backend - could you make it so if you've never visited HN before, and you install the plugin, the experience changes accordingly?
I had the idea to setup a forum somewhere else - this sort of functionality would come in handy as part of normal operation.
(I'm not being facetious or accusatory, I'm genuinely interested learning how some of these high submission rates operate, since a lot look automated).
> what are you submission habits? Do you just submit links you find interesting often?
Pretty much. I will often email myself links I think might be interesting, then batch up submissions. I also like to highlight friends' posts.
> And does the karma rewards factor into your routine submissions?
It's always fun to get karma, but I like the fact I can call attention to someone or something that deserves it more.
I also wrote and talked about my thoughts on HN and how to be a good community member a bit more:
- in this blog post: https://www.mooreds.com/wordpress/archives/3530
- in this podcast: https://www.youtube.com/watch?v=VrObxK-J_3I
Thanks for commenting so I could see this.
For what it's worth, penalizing submission rates is not the default in the plugin itself, that's just for the demo. And also, in my testing, HN at large has "high trust" practically everywhere. My own account is consistently one of the lowest scoring that I come across, ironically. So perhaps this plugin isn't as useful as I had hoped.
* a large percentage of posts from the same domain
* a large number of flagged posts
There are also some domains that show up when you are logged in and submit them and don't show up if you view the page anonymously (the entire domain has been added to the killfile). dev.to is one of these.
Submissions of those domains might be automated.
Good luck!
Is there a way to do this from a bookmarklet?
Found one: https://web.archive.org/web/20260328080015/https://hn-trusts...
You have an overall 7 out of 8.
https://en.wikipedia.org/wiki/Trust_signals
https://en.wikipedia.org/wiki/Sparkline