[Feature]: Advance anonymous account management and shadow banning

[BeiyanYunyi]

功能概述 | Describe the feature

This is an RFC.

Today, Waline has two identity systems. One is to identify users by using accounts, and the other is almost fully anonymous. The first one has the risk of data leaking, while the second one could cause spam, abuse and stalking.

Since my blog has politically sensitive content, I can't afford to hold users' information, which might be at risk. However, since the start of 2024, a stalker has targeted me. Every day, he sends me lots of harassing comments under my blog. Even reading and deleting them will cause me distress, and I have to close my comment system to prevent it. This makes the harasser more excited because it makes him think he's getting his way. Also, closing the comments section creates problems for other users who want to have a normal discussion. Shadow-banning is the best way to deal with the stalker, but first I need to identify them.

Now I'm considering a new way to identify users without forcing them to register so that I can shadow ban a specific user.Firstly, we generate a unique ID of the user (maybe of their device using techniques like Am I Unique?) and store it in cookies or LocalStorage. Secondly, when a user comments, the ID will be sent with it and stored in the database.Thirdly, the administrator can manage the comment and add the ID to the blocklist.Finally, when the user fetches comments, the client should send a request with the user's ID, so that the server can perform a shadow ban.

To achieve this, we will need to modify the database structure. I can make a pull request once we have a result.

[lizheming]

Cookie or LocalStorage will be cleaned very easy. Also browser private mode can make it break. I don't think it's a good idea.

If you have some concern about user data store risk, you can use social login. What information we get from third part service is public that user post, so we haven't care about the leaking risk.