Comment Authentication (3)

Continuing on the thread, I'd like first to bring back an older proposal: PGP-signed comments from pb/ (demo) and a follow-up by Ben Trott on a possible implementation of PGP signature verification within MT (hat tip: Anil Dash). Ben notes the trouble with the key distribution and I'd like to mention that PGP is far from being a killer application that has a strong chance to survive, unless it's easy enough for Mom. I also caught this proposal building on Foaf: FoafIdentityAssurance (CamelCase warning: you are about to enter a Wiki!). This last one fails to compute at the moment, or even what we should always be conscious in our thinking: the more extra steps it requires compared to good-old-way commenting, the more chance it has to fail.

Back to the two main proposals of the week.

Simon has setup a prototype for comment authentication. His method consists of placing a link reference in your home page header, register against an authentication server (which you can run on your own) and get a bookmarklet that you can click to fill in all the necessary information on a page that supports authenticated comments. I haven't succeeded to sign a comment on his weblog though, as the bookmarklet doesn't work (yet) on either Firebird or Safari on Mac OS X. Actually, as much as I like Simon's method, I have a real gripe on the bookmarklet thing. It does make you dependent on both a physical computer (the one that has the bookmarklet) and a browser that can run it (what if my browser of choice doesn't? Will I switch browsers just for the pleasure of signing comments? No.)

We must factor another constraint: do not require more than what's needed for blogging and commenting today: an Internet access and a standards compliant browser. Keep it simple.

I wish I had the knowledge to hack Movable Type and prototype my own method, which is a slightly modified TrackBack, works with any computer and browser, does not require a third party such as an authentication server nor the registration of any more information than needed for the initial setup of your own site. It also brings the added benefit of keeping track, on your own weblog, of the comments you make on sites that support this extension of TrackBacks. An extension of TB, that is exactly how I see it. The beauty of TrackBacks is their transparency, you don't really have to think about them to use them. TB driven comments would be as easy to do as posting something on your weblog, really.

To progress further, I have tried to summarize the main critics that touch both methods.

They merely authenticate one's site URL, not one's name or email.
That is fine with me, because on the Internet, nobody knows you're a dog. Where is the proof that this site is operated by François Nonnenmacher anyway? OK, there are a few readers of this weblog who know me in person, but for the vast majority here, the only piece of information that has some permanence is this site URL, (ahem, besides its content, or so I'd like to believe).

They do not prevent me to sign in your name.
True, but you wouldn't be able to fake my site URL. It brings the importance of design in making clear that only the URL is certified (look at Simon's example, it reads: [signed:]). There are other design implications (*). It obviously keeps out people who do not have a website (another critique seen around) but none of these techniques are exclusive of existing comments systems, it would simply add another gradation on a scale that currently goes from anonymous comments to something no better than with a URL -- note that usually the URL is correct as the purpose is to attract visitors on it, like with the two spammers who left their greedy traces on this very site in the past 24 hours (a first since this site inception by the way).

If at this point you are not yet convinced that the URL is the name of the game, then you should check Robb's law.

(*) It's getting late and I've managed to lock a vertebrae in my backbone, painkiller and sleep is what my brains need right now. But if you look around, you should find a change in this weblog, i.e. the fusion of comments and TrackBacks (much stealing from the impressive Mark's templates). Hint: TrackBacks are comments. See the loop? OK, bed time.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...