Adam Rice

My life and the world around me

Distributed comment authentication

With the introduction of Typekey, the discussion of blog-comment validation and moderation has kicked into high gear.

I applaud the nice Six Apart people for doing something to turn back the tide of comment spam and crapflooding. And while I wouldn’t necessarily discourage anyone from using Typekey, I think we might be able to do better.

I’d like to see a social-networked, peer-to-peer, graduated comment-moderation technology (is that enough buzzwords?). Here’s what I mean.

  1. I would be able to whitelist or blacklist commenters. I’d actually like something a little more fine-grained than just blacklisting: I’d like one class for trolls, another for spammers. Trolls might actually have something interesting to say once in a while, spammers (almost by definition) don’t, so I might want to put troll postings into a moderation queue and simply shitcan anything from a spammer.
  2. I would be able to publish my whitelist, troll-list, and spam-list as separate items.
  3. À la LOAF, I would be able to subscribe to someone else’s various lists. If I know “I can count on Alice’s whitelist”, then I’d automatically whitelist anyone she does. One might be able to take this a step farther and use “two degrees of whitelisting/blackisting.” If I really, really trust Alice, I might be willing to trust all the whitelists/blacklists that she subscribes to herself. Of course, we’d need some kind of RSD format for publishing our whitelists and blacklists to make this work. I suppose you could get into the question of whether you want to reveal to others whose whitelist you subscribe to, but frankly, that level of cliquishness strikes me as way too silly to worry about.


  1. I have trouble envisioning this sort of scheme scaling to a size to be useful. To achieve a useful size, you begin risking contamination of the data. That’s been a problem with the Vipul Razor anti-spam mechanism.

    Maybe it’s just my inner lazy shit speaking, but I find it hard to get too excited about complicated mechanisms to handle the comment spam problem. Maybe some sort of scheme to automatically (and invisibly) register past contributors, and hold others for manual moderation.

    At this time, I am completely satisfied with MT-Blacklist. It seems sufficient to deal with my current comment spam levels. That may not be true if the comment spam problem grows. From my vantage point, it seems pretty static right now.

  2. Any blacklisting mechanism is prone to poison-pill attacks, I reckon. Could you elaborate on the Vipul Razor problem?

    My own blog doesn’t get that many comments, but I’ve seen some that do, and more complex moderation could make their lives easier. In any case, I’d imagine most of the work would be in one-time setup and occasional tweaking.

    I think that MT-Blacklist isn’t working on my blog because I’ve hacked the comments script pretty ruthlessly with Jacques Distler’s patches. I get a couple bits of comment-spam per week, but I think the unscripability, throttling, and inconvenience keeps me from getting more. I’ve also noticed some comment spammers are actually making relevant-seeming (but shallow) posts.

    I can also imagine other interesting effects–if the same person appears on many blacklists, you’d take that as a sure vote to blacklist.

  3. Reminds me of Microsoft’s Hailstorm, but with a much more limited scope. I’m interested to see if they start adding other services that are authenticated by TypeKey, or allow third party services to use it as their own authentication mechanism.

  4. I should clarify … I like MT-Blacklist not for the blacklist capability, but rather than one-click spam cleanup. The lifetime of spam comments on my blog is under a day, and often under three minutes.

    Vipul’s Razor is a system that gathers spam submissions. It had problems with non-spam infecting the dataset.

  5. I believe Typekey will have an open API, so if you run a !MT blogging system (or for that matter, a !blogging system), you could still hook into it.

    As some Drupal users have noted, Drupal already has had a “central sign-in” feature that admins can enable, where joining one Drupal install gives you a, ahem, passport to others with central-sign in enabled.

Comments are closed.

© 2018 Adam Rice

Theme by Anders NorenUp ↑