Everyone’s entitled to a point of view. I’m starting to wonder, though, if everyone’s entitled to an anonymous point of view. You don’t need to look much further than Kathy Sierra’s current struggle to see that bad things can come from public vs anonymous conversations. For those of you who haven’t heard, Kathy has become the recent target of all manner of threats and nastiness from identity-ambiguous commenters.
I touched on the issue of anonymous abuse last week and wrote of the need for a simple mechanism to prevent it. Greg is asking for thoughts on creating / distributing that mechanism.
I have thoughts. It might be the sleep deprivation talking here (I’ve been stuck in an airport a little too long,) but I haven’t felt this sure that an easy fix for a sophisticated problem existed since writing about the issue of rss overload last year.
The mechanism
A third-party service would allow users to set up a verified account to manage basic information (name, email, url) organized under any number of personae. Comments could be submitted along with full name, partial name, incognito name, or various emails or urls as long as the account is verified.
Verification could work at increasing levels of trust. Level 1 might not require anything but an ip / datetime scrape. Level 2 could be a simple email verification. Level 3 might require a $1 credit card transaction or land mailed password to verify billing address. Each blog could require whatever level they require.
The distribution
Plug-ins for popular blogging platforms could allow blogs to easily tie into the system. Rather than submitting standard info (name, email, url) directly to the blogging app, the comment form would let you select a verification service provider to submit a “persona id” to. The commenter’s ip address, originating domain / form url, and required level of verification would travel as well via hidden fields.
If the service verifies the account / persona, the appropriate data (name, email, url) and a verification string is sent back to the comment form as json or as a direct form submission.
The goal
Without requiring any additional public disclosure from a commenter / participant, the service demands a greater accountability for online action by creating a trace path back to the person. Blogs could block users. Individuals would have a line of complaint against identity leaches. And in the case of extreme abuse, authorities would have additional information on alleged offenders.
As I’m sitting here thinking about it, the only piece that doesn’t seem clear is who would build it. Ideally, it would come from a trusted / transparent organization. Ideally, they’d be large. One thought would be for a small / agile group to build it, distribute it, and ultimately sell it to a large, trusted organization. Hmm.
4 Responses to “Verified perspective”
It is a good idea. I think this will be a natural progression for OpenID. Once they have sorted out authentication, I think they will move onto authorization. Just my guess, but like you said it has to be trusted and OpenID has been getting a pretty good rep. around their distributed single sign on.
Yeah, I’d love to see OpenID fill the space, but in addition to all the work they’d need to do to fill this specific need, they’d need to rethink their rationale behind letting anyone host their identity. The service needs to be hosted by a trusted, independent party to be of value for identity verification.
I really, really thought about what you said, hence the time lapse.
I think that OpenID is perfect in every way. I don’t think they need to rethink their rationale in anyway. Distributed authentication/authorization is the future.
Blog comment spam is a pain in the ass, no question. When you consider any irrelevant information to be spam it changes things. In Kathy’s case, the spam was life threatening, that is the worst case scenario.
I might be wrong here, but I don’t see how blog span is drastically different from email spam. As we start to standardize on OpenID, we will see businesses form around verifying those OpenID servers. White lists and Black lists a like. I don’t know if they will “take” as viable businesses, but I guarantee, as OpenID takes off so will, for profit, services surrounding it.
Now, admittedly, there are problems with the email black and white list services, I don’t want to recreate that racket. But one person’s trusted source is another person’s ENRON. I mean, if we wanted to let one company control single signon we would all have microsoft Passport accounts.
Nicholas
P.S. I love this blog, I rarely disagree with it, thanks for all the hard work.
Hey Nicholas. Speaking of spam, my SpamKarma ate your comment. I found it though, and I have a thought or two…
The OpenID app could work – I just discovered that myOpenID allows multiple account specifications (something I was calling ‘personae.’) That’s one of the issues I saw as an easy fix.
I like OpenID, particularly their rate of adoption.
Here’s where I think they’re lacking: anyone can host an OpenID account. I could host my own fake/psycho/whatever ID on a closed server and still gain access and leave threatening comments without leaving a trace back to me. In other words, we lose the verification aspect.
But that’s fixable. Allowing openid accounts from only those servers that are verified could probably get past the issue.