[j_s]

https://news.ycombinator.com/item?id=11176894

> A version of HN's source code is included with the public release of Arc, but HN's algorithm has many extensions that aren't public.

https://news.ycombinator.com/item?id=13456306

> We're unlikely to publish all that because doing so would increase two bad things: attempts to game the site, and meta nitpicking.

Including at least at one time a Chrome extension for moderation:

https://news.ycombinator.com/item?id=11670071#11670562

[dTal]

It's a shame that in closing the door to the pernicious "meta nitpicking", whatever that is, the possibility for constructive analysis of how HN's algorithms shape and mould the behaviour of its dedicated community has also been removed.

[obstinate]

Sufficient amounts of "constructive" analysis by uninvolved and under-informed third parties can be a net negative.

[rimliu]

So how about informing said parties?

[obstinate]

Everything is tradeoffs. Time spent educating outsiders who may or may not be useful can be spent doing other things, like work that moves the ball forward.

[sebastianconcpt]

That would work for good willing people but not for people that is in a political war state of mind

[newsat13]

> We're unlikely to publish all that because doing so would increase two bad things: attempts to game the site, and meta nitpicking.

So security by obscurity helps at times.

[Houshalter]

Someone once did an analysis on HN posts and their ranking relative to the time they were posted and votes. And they found posts with certain keywords were heavily penalized and sort of soft banned from the site. IIRC it included stuff like "NSA" and "HN" and posts from certain sites like reddit and youtube (but I could be remembering.)

Having the full list of banned keywords, or even acknowledging there is a list, could cause drama. And it's easily evaded if people know about it, like when reddit banned "Tesla" posts got through by misspelling it "Telsa".

There's also other stuff like a controversy filter, that detects articles with more comments than votes and penalizes them. I try to avoid commenting in articles that are getting close to the limit to avoid triggering it.

[notatoad]

of course it helps, i don't think anybody's ever denied that. It just shouldn't be relied on.

[flukus]

It's not about security, just content curation.

[thejones]

Reddit has a similar approach if I'm not mistaken.

[CydeWeys]

Passwords are security through obscurity too. Things would be a lot less secure if all passwords were publicly available.

[pdpi]

Security by obscurity is precisely defined as security that relies on the algorithm/implementation itself being private to be able to function. Key material being private does not qualify for this. The alternative is that security through obscurity becomes such an all-encompassing term as to become meaningless

[tlrobinson]

In that case, 256 bit encryption keys are security-through-obscurity too, they're just realllllly obscure.

[kefka]

Indeed. The difference between "Security by obscurity" versus login/passwords is really scale.

Usually, some numbnut "programmer" sets a no-login and a simple password as a secret service account. It invariably is found, and badness ensues.

Whereas login/password is a 1/password_space chance of getting it. It's the combination of a default hidden account and no way to know/change it.

[nailer]

It would be easier if they had a injectable function to handle moderation / anti gaming etc. Release the code publicly with a stub function, then run the real one in prod.