Who can you trust and how?

Nico —  24.03.2004

Blogs are a great tool for lively online discussions and I value comments a lot. One of the biggest problems are not only comment spam, but also the validity of the online identity of the commentor. For a good online discussion I need to be sure that the online identity of the other people involved can be trusted. The German blogosphere is rather small and most of my commentors are regulars, but every once in a while new commentors appear and I have no idea of knowing whethers these are fakes or not. I don’t want everybody to register with „my“ system, because this would limit the discussion, but I still want to be sure that I am always talking to the same person.

This is why I raised this issue last fall under the label OBKA (Open Blog Comment Alliance) and a lot of people participated. What we agreed upon was that we needed a decentralized system that will be supported by the major bloghosters and can be used by others via plugins. Therefore, no central authority is needed, you just need to register with an entity that you trust. This could be a bloghoster or maybe even a couple of independent authorities. All participating entities need to adhere to a few standards, because otherwise people could just register fake accounts on a large scale.

Tobi came up with a pretty good idea to handle the authentication process and even showed a prototype that works. An implementation of this system sounds much more appealing than a centralized passport-like service such as TypeKey, especially if the participation will be optional.

Maybe we can use the current attention on Typekey to develop an alternative system that even competitors can agree upon.

[via: TypeKey, the right lever? :: hebig.org/blog]

2 responses to Who can you trust and how?

  1. Who can you trust and how? [Noch’n Blogg] Endlich mal technische Spielereien, die mir wirklich sinnvoll erscheinen, klären sie doch die Authentizität des Kommentators. Eine…

  2. My german is very bad, I’ll go with english instead.
    From what I could see by looking at the source for the demo page, this system offers zero security.

    First, the user check on the demo page just displays a check mark or a red cross icon. This information isn’t pass to the page doing the check.

    Secondly, even if it did pass that information to the current page, there is no way that information should be trusted. I can run arbitrary javascript in my browser, force my browser to go fetch that image from a fake „antville.org“ domain, and so on…