Named Commenting (GSoC 2010)

[onli]

The "Named Guest" comment level should give people from outside of dreamwidth the opportunity to comment on an entry without registering and without remaining completely anonymous. A Specification is already given.

Comparison

A comment on other Blogsystems like Wordpress typically stores following additional information besides the comment-text:

• Name
• Email
• URL
• (Whether to subscribe the entry)

The introduction on the "Summer of Code"-Wikipage speaks only about Name and URL, not about email. It was explained to me that email-addresses should not be stored so that nobody could spam another by entering a foreign email-address on comments to entries.

Necessary changes

Frontend

It's not strictly necessary to add one additional commentform. The current anonymous-commentform could be replaced with a new one having the additional fields, a comment without a chosen name would be a "old" anonymous comment.

Draft:

Note the use of "URL" in the list and "Website" on the label of the inputfield. Website is default on such forms, URL used in the OpenID-form. Which one is better suited? Instead of using Name/"URL/Website" in the list, it could also get called "Named comment".

Also note that "unverified identity" shall be appended to the pseudonym in the commentlist. The presentation of the comment itself aside from that won't differ from the comment of a logged-in commenter.

Database

At the properties associated with a comment, a place for the url has to be created.

Possible Extensions

Settings

A blogowner could get an option to require the commenter to use a pseudonym. This probably isn't a real extension, more a necessary option.
The other way around, to not allow anonymous user to use a pseudonym but to comment anonymously, is possible, but I don't see a usecase for that. Can you think of one?

Saving

It's possible to store in the cookies of a user his data, so he doesn't have to enter his name and url again, the commentform gets prefilled. The specification says it shouldn't be prefilled after a session or on other journals or on other entries. This could made controllable by adding a checkbox to the commentform asking whether or not to save the entered data (maybe instead of the session). It's also quite possible that it'd be useful if this storing of data wasn't per entry, but only per journal.

Email-related

Also storing email-addresses would allow to

1. Subscribe to an entry by just entering an email-address
2. Add suggested support for gravatar.

To prevent the use of this system for spamming, a double-opt-in-system for each subscription on entries could be used. The first email would ask if the owner of that address really wants to subscribe to the entry and only send notifications about follow-up-comments when answered "yes" (by clicking on a link).
Also a checkbox would be needed to activate the subscription in the first place.

Comments

[denny]

This feature would be great to see on DW.

Not sure about adding (unverified account) after names... why not have that as the alt text for a different 'user head' icon instead?

[zvi]

No, no, no! The comment has to make it clear that this is not a verified identity. If you make a signed comment as Sue, there is nothing in the system to make it even slightly difficult for someone else in the same conversation to make a comment as Sue. It needs to be really clear that this is not an account, when we have discussion, because this is a MAJOR CHANGE in DW-style conversation, where, heretofore, a signed comment was always associated with an account either verified by us or verified by some third party website.

[denny]

Well, it's a major change for DW (and LJ) but one that brings it closer to how most other sites with comments work, so I don't think it would be particularly misleading. I figured just dropping the little head would be the simplest way to do it, but that doesn't help people without graphics.

[zvi]

There are many people who use DW/LJ extensively and don't read other styles of blogs, certainly not with any regularity.

Also, please explain the harm you feel results from having (unverified identity) appended to the comment signature?

[denny]

You seem quite adamant/excitable about this issue, and I'm not feeling a great need to get into a debate about it, so I think I'll step out here.

[onli]

I understand denny's point. It really feels strange to have such a mark in a commentsystem when it's normal on most blogs to be able to comment without login. But maybe that's not an issue on most blogs because they are not part of a community.

Now when thinking about that, "verified" seems to be the wrong label. The identity is not verified apart from having an account on this site - which is an important information, bot in no way a verification. So not linking to a profile, thus implying "this is no dreamwidth-account", looks like a good solution to me. Are you sure that won't work?

[zvi]

If we introduce gravatars or automatically generated identicons, the lack of a profile isn't going to register, I don't think.

If you don't like the vocabulary, is there some other word than verified you think works better?

[onli]

Maybe a simple "(extern)", or even "unregistered".

[ninetydegrees]

+1 for unregistered. It's simple and clear.

[zvi]

At least one case for forbidding signed comments.

There's a phenomenon on dreamwidth/lj/etc of anonymemes, where people make "edgy" or "mean" comments without signing their names, or they just get up to shenanigans.

Also, there are some people who don't want there to be any confusion that a signed comment is a verified comment, and those people might choose to forbid signed comments, while allowing anonymous ones.

[vlion]

Perhaps certain information needs to be required, e.g., an email. That could be hashed and presented as Anonymous #82C02340A, with some sort of gravataresque image for rapid visual ID. Then perhaps an email challenge-response could be done before the comment gets posted/unscreened/etc.


HTH.

[onli]

Hi vlion
I hope a email challenge-response won't be necessary to comment, it wouldn't change the situation of a possbile confusion by same usernames.

The idea with the hash of additional information and making a picture out of it isn't bad - it would solve the problem of confusing usernames. But requiring additional information would make the process of commenting more complicated (especially with required information). I hope, that when we mark the comments with a label and some time for getting used to the possibility of having named but unregistered comments, that won't be an issue.

@zvi: Right, then it'd probably help to accept the option. If adding options, I'll add both.

[pauamma]

Email challenge-response is a good way to get DW on an ISP's/email provider's/3rd party blacklist.

[vlion]

Is that so - challenge response seems to be common enough online.

(I am not a sysadmin, so I'm not sure what standard parameters are)

[libitina]

That would be lovely!

Do you need to build more spam protection into this plan?

[onli]

Spamprotection for the blogs or for misusing another's email-address?

[libitina]

Honestly, other than dreamwidth (and the like), I just have a wordpress blog with Akismet for spam protection. I haven't used Blogger, nor do I know what their back end looks like.

But it seems to me that the more means of access you create, the more possibilities for exploitation by spammers. Exploitation meaning any which way.

But I'm still in favor of greater access. One of the things I really love about dreamwidth is its commitment to interoperability and inclusion.

[cesy]

For allowing unsigned but not allowing signed anonymous comments - there are various memes where you deliberately want no names at all, and it would prevent annoyance if it prefills by accident and you don't notice, thus ruining the game.

I am so glad someone is tackling this, though.

[onli]

Thanks, i'm so unfamiliar with memes, never would've thought about that usecase.

[msilverstar]

I am always grateful for blogs that let me comment without signing in, even with OpenID, so I'm for this.

I think it should be clearly labeled, maybe "unverified"?

If these comments are screened by default, that reduces the spam factor. Also a beady eye on any comments which include a URL or the word Viagra...

[zvi]

Why would we screen these by default, site-wide? Do we screen anonymous by default?

[onli]

I didn't have a look at the anti-spammeasures on dreamwidth yet. That surely is an important point, but as anonymous comments already are possible on dreamwidth, the situation wouldn't change that much.

[denise]

I don't think it would be necessary to screen these comments by default, since they're essentially anonymous comments, yeah. That said, there should be support for letting the journal owner choose to screen them by default if they want.

if you check out the Privacy tab of the account settings page, there are three options there that are relevant in this situation, I think: "Enable Comments: Allow comments from [everybody/registered accounts/access list/nobody]", "Comment Screening: Screen [no comments (don't screen)/anonymous comments/comments from people not on my access list/all comments] before displaying them to others", and "Anti-Spam: Show CAPTCHA to [nobody/anonymous commenters/people not on your Access List/all commenters] ". With adding this level, I think it makes sense to include the additional option there.

(Our general anti-spam setup is to let users manage it themselves, and when they get a spam comment let them delete it and put it into our site-wide antispam system for us to block the spammer. I would not be opposed to adding a moderation-queue type deal, but I think it is way outside the scope of this project.)

[onli]

>I would not be opposed to adding a moderation-queue type deal, but I think it is way outside the scope of this project.
I totally agree ;)

I found the privacy-options when trying to make the screenshot and have a look on the current anonymous-commentform. I also think that would be the right place to add such a setting.