Hey Mods, I was speaking with Tony earlier today and I’m sure that the past 24 hours or so have been pretty trying for those of you dealing with the pifts.exe meltdown in the Norton forums.  I don’t want to step on anyone’s toes here, so apologies in advance if it comes across as such, but I thought I might offer some insights based on past experiences I’ve had with these same types of issues.  At a previous company I worked for, one of my responsibilities was the online community management of a website that had roughly 5,000+ forum posts a day and an average of over 200 active users logged in at any given time.  Matters were further complicated by the fact that the website was for people trying to quit smoking, so you can imagine the general edginess of thousands of recovering nicotine addicts having free reign on an “anonymous” support site.  Moderating a large user base like that wasn’t in my background, but I eventually started to pick up the tricks of the trade.  Back then (early 2000’s), the concept of Online Community Management was largely unheard of and completely undocumented.  You either had a free-for-all anything goes IRC channel-esque atmosphere or something akin to a virtual Draconian Empire where the forum usage was extremely low as a result of heavy-handed moderation.  The only other forums that seemed to thrive were the closed invite-only “gated” communities like Sons of Sam Horn that were largely self-policing due to their exclusivity.  Since the Norton Community is open to anyone and we are trying to encourage active participation in the forums (which is mutually beneficial for us and the users), the rules of engagement obviously get a bit trickier. 

• You pretty much live and die by the AUP(Acceptable Use Policy)/ToS.  It’s hard to argue with and the vast majority of people accepts and abides by it most of the time.  The trick is to enforce it equally and universally and explain clearly to everyone why you are enforcing it.  They’ll hate you for it at first, but I’ve had people email me years after the fact that I had to smack for AUP violations and then later commended me for being “fair and impartial” over some long-gone issue…
• The “Evangelicals” (not in the religious sense, but the product sense) are your absolute best ally is squashing minor conflicts and member uprisings.  More often than not, they go to bat for the product, the company and the moderators.  PM them when they stick up for Symantec to thank them and offer more reasons why we have the right solution.  Often times, that kind of messaging trickles back into the community through their buzz and it is absolutely priceless for keeping the peace and promoting what we do.
• Nuking threads and users should always be an option of absolute last resort.  For whatever reason, especially the latter, often provokes a deep, personal response from the user that got DA’d (deactivated) and the typical reaction is more fervent lashing out and inciting others to do the same.  Unless someone uses completely unacceptable or abusive language that would clearly and explicitly violate the AUP/ToS, it’s typically better to leave the threads and user accounts alone and instead post a brief response (even if it’s a “stay tuned, we’re working on it”) and remind them of the ToS.  The vast majority of people recognize that there are human beings on the other end of the line working on whatever issue that has been brought to the fore and will grant some kind of patience to get the issue resolved.  In this case, especially if folks are getting testy and irrational, constant communication is key.  It shows everyone that we’re engaging in bi-directional communication and more importantly, that we aren’t hiding anything.  Nuking threads/users at will and delayed responses are the primary fuel for the tinfoil hat black helicopter conspiracy theorists that thrive on this stuff.  If someone posts a wild, outlandish theory about what we’re supposedly doing (i.e. Secretly sending Google Desktop search data to a server in Africa as part of a wide-spread government conspiracy to ascertain our user’s intentions…), a quick and brief response is usually all it takes to quell any further discord.  At that point, the poster’s concerns or intentions (whatever they may be) have been allayed or minimized.  More often than not, an issue will quietly get buried within a few hours to a day as long as the person or persons raising a stink have been pacified.  This is the most golden way to get past issues without drawing a lot of external negative attention.
• There are a TON of trolls on the internet.  If you stacked every internet troll end-to-end, you could reach the moon and back 5 times.  They are a fact of life unless you want to have a closed “Members Only” type forum with zero usage.  However, not all trolls are created equal and there seems to be two main types.  The movie “The Dark Knight” offers an allegorical sense of the two most common trolls:

1)    The Jokers (aka 4chan): These guys are hell-bent on causing problems and don’t really have a vested stake in our products or our company.  They just want to cause trouble and draw negative attention to whatever path they cross. On the plus side, these folks are usually fleeting and unless they have a really deep-rooted thorn in their side against Symantec, they will typically go away once the next shiny new object of their disdain whizzes past their face.  The best way to deal with them is to delete them if they are obviously violating the AUP/ToS and/or then post a reply in the forums to refute whatever claims they made with a brief, but clear answer and then thank all of the loyal members for their help and support.  2)    The Harvey Dents/Two Faces: These are users that were either advocates of our products or at the very least passive users looking for answers and information, but didn’t get a response that they understood or was satisfactory to them so they outwardly turn against us.  Of the two types of troll, the Harvey Dents are more volatile and prone to hitting the blogosphere, emailing top execs, contacting the media, etc.  These ones require more of a personal touch since they usually feel like they have more of a personal stake in the matter.  More often than not, a direct PM to these users explaining that we’re working on the issue while reminding them of the ToS is usually sufficient to subdue any future public outbursts.  On the other hand, some folks will still determine that they were “wronged” by us and continue to lash out publicly.  At long as we have the AUP/ToS on our side, the user should be removed and the same explanation that we gave them should be given to the forum as a whole – even if it’s a “We’re working on it.  Stay tuned.”  If nothing else, it’s a hell of a lot harder for outside bloggers and journalists to accuse us of duplicity when we at least acknowledge that we’re working on an issue rather try to bury it overtly.

Finally and most important, don’t take it personally when forum users or outside bloggers lash out at you as moderators, the Norton products or Symantec as a company.   I’m sure you’ve heard that advice before and it’s clearly easier said than done.  I myself took affront to some of the outlandish accusations about what we were supposedly doing with PIF.  However, at the end of the day we know that we work with 17,000 of the best and the brightest that this industry has to offer, we have the top security products available worldwide and that as individuals and as a company, we can sleep well knowing that we always strive to do the right thing.  You can’t ask for more and you can’t expect anything less.