In my previous post I mentioned a recent article from Dion Hinchcliffe that is based on the following assumption: anonymity is extremely difficult to handle (look at what happened with the comments of the Washington Post blog) hence it’s advisable to simply forget it!
You have to have certain barriers to participation or things can spin out of control. Like they have apparently done at the Washington Post blog, where they publically shut all comments down […]. It does make you wonder that if a big, relatively forward thinking public icon like the Post can’t control the writeable Web, what chance will other folks have?
The risks of this line of reasoning are enormous and the consequences can already be seen, here is an excerpt from a recent post of Declan McCullagh of CNET:
It’s no joke. Last Thursday, President Bush signed into law a prohibition on posting annoying Web messages or sending annoying e-mail messages without disclosing your true identity. In other words, it’s OK to flame someone on a mailing list or in a blog as long as you do it under your real name. Thank Congress for small favors, I guess.
As usually, Bruce Schneier has crystal clear view of the implications.
What does this mean for the comment section of this blog? Or any blog? Or Usenet? More importantly, what does it mean for our society when obviously stupid laws like this get passed, and we have to rely on the police being nice enough to not enforce them?
If all this craziness is an offspring of comment spamming I think we should try to solve this annoyance before it will get us into a police state. So here is my humble proposal. I’m certain not to be the first to come up with such a schema, built on on Dick Hardt vision.
With respect to comments on a blog. We envision the commenter needing to build up a reputation over time, and it would be associated with a particular persona. Since it takes a sequence of good behavior to build a positive reputation, there is a cost to that reputation, that good netizens will want to preserve if having a good reputation provides additional value.
Basically a reputation system is what makes eBay a trusted place for selling and buying stuff. I believe it can be “easily” implemented for blog comments.
Start getting a brand new commenter reputation from a provider, then start placing your comments. Every time a blog owner accept your comment on his blog your reputation improves, but if the blog owner reject your comment then your reputation deteriorates. Acceptance and rejection of comments could be done manually or configuring some policies on the blog platform (filter out low reputations, do not process reputations from specific providers, …). Your reputation will evolve thanks to the cooperative cooperation of the websites that, instead of just shutting comments down, will adopt this approach.
Anyone can create an infinite number of reputations, but it will take an infinite amount of time to foster all of them. Probably you will just get few of them, one for each of the social environments you play in.
All is requested to each reputation provider is the compliance with a standard API. (O course good providers should stop bots creating fake accounts and prevent all possible frauds.) Blogging platforms then need to add some modules to place the queries to verify the commenter reputation and act accordingly.
But what is the reputation of a commenter? A username/password plus a number from 1 to 10? Which policy should be use to update a reputation? Of course I’m not so naive to pretend to know all the answers, but I know that the TypeKey approach is wrong since there is no cooperation among sites to build the reputation. TypeKey is a static system while reputation is inherently dynamic.
Who should undertake the task to define the details of this schema? I say that the plethora of Identity 2.0 players could eventually offer something useful and addicting. It won’t end the quest for the Holy Grail of a general purpose single sign on solution, but it’s a big step forward to bring identity and reputation concepts closer to most of the Internet users.
Some of the pieces are already out there and specifications like YADIS should help to overcome the interoperability issues. Furthermore there is plenty of space left for competition among provider over additional features. Solve this problem and the blogger community will love you.
Dick? Johannes? Drummond? Kim?
TypeKey's not the wrong approach
…unless you’re contradicting yourself. TypeKey supports OpenID (and will support yadis), so it’s just an identity provider, one of many, in a federated world. That seems to be exactly along the lines of what you’re suggesting is the right approach, no?
Adding reputation to authentication?
Supporting OpenID, and even better Yadis, is great. Still, TypeKey is “just” an authentication service for posting comment, TypeKey can tell the blog that the commenter is probably a human since he entered the captcha code, the commenter is not bothered by registering and using one account for each blog, and there are many other advantages. But TypeKey can tell nothing to the blog about the reputation of the commenter.
It would be wonderful to add this capabilities to TypeKey. In my last post I proposed a collaborative, open distributed schema to handle the reputation of commenters. The schema has a weakness with regard to self-hosted identities (Johannes Ernst of LID pointed this out and he’s definitely right), but I hope it could be a nice integration of TypeKey capabilities.
Any suggestion is more than welcome.