July 22, 2003

Trusted comments

Adrian Holovaty adds a new weblog feature to his homegrown weblog: reserved comment names:

Now, every time you see a comment by “Adrian,” you can be assured that I wrote it. Why? Because, simply, I’m the only person who can post comments with that name. Likewise, you may not post a comment as “Adrian H.” or “Adrian Holovaty,” although I will never use those names. If you attempt to use one of those names, you will be notified, pleasantly, that you may not.

What Adrian has done protects his name on his own site. I would like to see such a tool that allows me to claim the comments I make on others’ sites. How can we trust identities in an exceedingly digital world?

As much as I like the idea that I can comment on someone’s post, I have always been uncomfortable with the possibility that a troll can impersonate someone in a prominent weblog. A somehow provocative example pops to mind: someone could easily pretend to be Dave Winer and say something on some pro-Atom site then something radically different on some pro-RSS site. Of course Dave could approach the sites authors and ask for the comments to be removed or amended, or at a minimum disclaim them through the very same comment system. But, in a weblog world that is tackling at accountability, what is likely to happen is that some of the audience would not trust Dave anyway!

It would be great to see trusted comment names as a common feature in weblogs. This should be as simple as possible to use for the commenter and not require anything from the reader. It should not rely on a central server (this is not Passport for weblogs!). PGP could be one answer, but it requires software and is not easy enough to use (unless it is embedded in the weblog system? I am not familiar enough with PGP). Digging in TrackBack is tempting — TB is precisely a way to throw your two cents in a discussion with a hard link to your weblog but the point is to foster discussions on weblogs, something comments are better at doing than TBs.

Thinking out loud, here is a tentative pick for yet another use of TrackBack:

  1. when a comment is submitted with my weblog URL, the host weblog sends a TB to my weblog with the comment text and a permalink to the commented entry
  2. my weblog notifies me via email
  3. if I validate the ping, my weblog then pings the source weblog which can display a sign that the comment has been claimed by its author
  4. at my choosing (at the above validation step), and using the TB information, my weblog displays a list of recent comments I have made on others weblogs. That would be the easiest part and take out the burden of keeping track of all the comments one can make around the blogosphere (this is not on topic but an interesting by-product feature)

Of course, considering that TrackBacks are not implemented on every weblog, this is far from being a universal solution. But who said weblogs are mature?

What is your pick on this subject?

[Update] Simon Willison has a good solution. I would simplify it by not requiring the use of a bookmarklet (see my comment on his post) and perhaps use a one-time password that I would generate through my weblog just before commenting. For weblogs that support TB, I would still fancy to receive a TB with my comment information so I can list it on my site.

Posted by padawan at July 22, 2003 11:30 AM | TrackBack

I might be easier to display the IP number for the user who made the comment (MTCommentIP), most people have dynamic IP's, some have fixed, either way it identifies you uniquely. Of course they can be spoofed, if someone is going to make that much effort to comment on a weblog they deserve to get away with it.

Posted by: Gummi at July 22, 2003 01:44 PM

I thought about that when putting the Dave Winer example together. But as you note IP can be spoofed or, simply, is not relevant to my identity (I can blog wherever I get an Internet connection). Besides being reliable, I also want something that is simple and straightforward for non techies, IP addresses are not even close to any of those qualities.

Posted by: François at July 22, 2003 02:04 PM

I think I've figured out a way to "sign" comments which doesn't require user intervention, based upon your idea of using the user's home page URL as the basis for authentication rather than their name or email address. I've written it up here: http://simon.incutio.com/archive/2003/07/22/signingComments

Posted by: Simon Willison at July 22, 2003 10:16 PM
Post a comment

Remember personal info?