Trusted comments

Adrian Holovaty adds a new weblog feature to his homegrown weblog: reserved comment names:

Now, every time you see a comment by "Adrian," you can be assured that I wrote it. Why? Because, simply, I'm the only person who can post comments with that name. Likewise, you may not post a comment as "Adrian H." or "Adrian Holovaty," although I will never use those names. If you attempt to use one of those names, you will be notified, pleasantly, that you may not.

What Adrian has done protects his name on his own site. I would like to see such a tool that allows me to claim the comments I make on others' sites. How can we trust identities in an exceedingly digital world?

As much as I like the idea that I can comment on someone's post, I have always been uncomfortable with the possibility that a troll can impersonate someone in a prominent weblog. A somehow provocative example pops to mind: someone could easily pretend to be Dave Winer and say something on some pro-Atom site then something radically different on some pro-RSS site. Of course Dave could approach the sites authors and ask for the comments to be removed or amended, or at a minimum disclaim them through the very same comment system. But, in a weblog world that is tackling at accountability, what is likely to happen is that some of the audience would not trust Dave anyway!

It would be great to see trusted comment names as a common feature in weblogs. This should be as simple as possible to use for the commenter and not require anything from the reader. It should not rely on a central server (this is not Passport for weblogs!). PGP could be one answer, but it requires software and is not easy enough to use (unless it is embedded in the weblog system? I am not familiar enough with PGP). Digging in TrackBack is tempting -- TB is precisely a way to throw your two cents in a discussion with a hard link to your weblog but the point is to foster discussions on weblogs, something comments are better at doing than TBs.

Thinking out loud, here is a tentative pick for yet another use of TrackBack:

  1. when a comment is submitted with my weblog URL, the host weblog sends a TB to my weblog with the comment text and a permalink to the commented entry
  2. my weblog notifies me via email
  3. if I validate the ping, my weblog then pings the source weblog which can display a sign that the comment has been claimed by its author
  4. at my choosing (at the above validation step), and using the TB information, my weblog displays a list of recent comments I have made on others weblogs. That would be the easiest part and take out the burden of keeping track of all the comments one can make around the blogosphere (this is not on topic but an interesting by-product feature)

Of course, considering that TrackBacks are not implemented on every weblog, this is far from being a universal solution. But who said weblogs are mature?

What is your pick on this subject?

[Update] Simon Willison has a good solution. I would simplify it by not requiring the use of a bookmarklet (see my comment on his post) and perhaps use a one-time password that I would generate through my weblog just before commenting. For weblogs that support TB, I would still fancy to receive a TB with my comment information so I can list it on my site.

9 Comments

I might be easier to display the IP number for the user who made the comment (MTCommentIP), most people have dynamic IP's, some have fixed, either way it identifies you uniquely. Of course they can be spoofed, if someone is going to make that much effort to comment on a weblog they deserve to get away with it.

I thought about that when putting the Dave Winer example together. But as you note IP can be spoofed or, simply, is not relevant to my identity (I can blog wherever I get an Internet connection). Besides being reliable, I also want something that is simple and straightforward for non techies, IP addresses are not even close to any of those qualities.

I think I've figured out a way to "sign" comments which doesn't require user intervention, based upon your idea of using the user's home page URL as the basis for authentication rather than their name or email address. I've written it up here: http://simon.incutio.com/archive/2003/07/22/signingComments

if PGP becomes part of the systems of Weblogging tools... it will not be anymore a problem, juste a button to click or check.

The IP issue is true, people can comment from anywhere, by the same token the method of invoking a trusted comment should be an easy single click. No trusted rings or URL authentications (md5/pgp) etc. I can't see how this is easy for non-techies who'll scratch their heads in awe/shame.

On the flip side, techies could embrace the standard and it might improve over time. I do fancy the idea of a checksum, I can imagine a world of unsigned comments by the non-techs and trusted comments by the techs. A kind of comment apartheid.

"A kind of comment apartheid."

True in a sense, although a bit harsh in the phrasing. TrackBacks are already an apartheid then, as they are limited to those weblogs that implement them. Weblogs, even, are not as widespread as we (bloggers) would like to think. None are reasons to stop digging into innovation and offer an extra feature for those who want it. Ideally it should be designed properly (meaning it's transparent for users) and become a standard (most if not all blogs supporting it). We need to start somewhere, don't we?

"techies could embrace the standard and it might improve over time"

Hopefully the improvements will be inclusive, I should have clarified that comment. On the same wavelength I'm not arguing agaisnt innovation. I don't think progress is bad, like I said the "checksum idea" has some merit. But, at the end of the day, if the innovation is limited to those who know how to implement the function, then the exclusivity becomes a self-fulfilling prophecy.
The idea of transparency should be the driving force of the implementation, so even my semi-computer literate non-blog friends can participate -- on the off chance they want to go public.

I'm right on with you Gummi. Stepping back a second from thinking technology, here is what I'd like to see from a user experience standpoint:

- next to the "URL" field I'd like a checkbox that reads "Claim this URL"
- if I check it, I get a pop-up that requires me to provide a login/password. If that authentication is correct, I'm back to the comment form with the checkbox checked (otherwise it remains unchecked).
- proceed as usual with the comment.

Technically speaking, there is no reason why it should be more complex than logging in to my weblog interface. The interface and technology must make sure that I'm logging securely in to a trusted authentication server (in my case it would be my weblog). Now, back to finding a practical way ;-)

Interesting discussion. Some related ideas (and some Perl + Python code) linked from http://www.sixapart.com/log/2003/01/fun_with_foaf.shtml

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...