Comment Authentication (4)

While thinking about the relevance of anonymous comments on my weblogs, I had an idea on a way to authenticate comments, much simpler than the previous discussions on the subject.

People who would like to claim their comments would simply receive an email sent by my weblog to the email address they provided. All they would have to do is click on the confirmation link in that email. Once my server has received the confirmation, it would mark the comment as authenticated. Various scenarios are possible, from simply marking the comment when the confirmation is received to not displaying it at all until it is validated, from letting people choose wether they want to confirm their address to mandating them to do so.

To be honest, as I'm thinking about digging into some more thought-provoking subjects than the web, I am concerned about the arrival of a certain type of people, who are attracted where they smell potential polemic like flies on shit. So, for certain posts, I am tempted to reserve the comments only to people who give me a valid email address. After all, I am not an anonymous blogger, why should I accept the "wisdom" of people who do not dare to sign their comments? Note that I would not publish commenters' email address, only the URL if they provide one.

And something tells me that would also slow the comments spamming down, as spammers are usually very tacky about their own email address (I wonder why).


I, of course, would love for something like this to be available. I had written something about my own dislike of comment anonymity only a couple of hours earlier. And I've already deleted one troll testing my resolve since I posted it.

Don't know if that would be foolproof in the long run, but it definitely sounds lile an interesting experiment. Try it on!

It's a good idea (Keep It Simple Stupid applies here) but there's one big problem: for it to be any use, you need to display the email address that the comment is "signed" for on the page. Instant spam magnet, and I'm not at all convinced by the various email encoding techniques out there (they strike me as only being effective until they are wide spread enough for spammers to automatically decode them).

Simon > for it to be any use, you need to display the email address that the comment is "signed" for on the page.

No, I don't intend to. I share the same worry about spam techniques and I do not think it is vital to display the address to achieve my goal. The aim of this technique is to prevent anonymous comments, and the email confirmation is enough to achieve that. The commenter can always leave a URL to her/his site, in order to provide another contact mean for readers of this site.

You could display an SHA1 or MD5 hash of the email address. Then if it appears that anything fishy is going on, you could compare the hashes between various messages claiming to be from a particular person.

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...