Okay, so I’m pimping my arguments for a Weblog user registration system again, but I think I have good reason to be doing so.
First it checks if the comment author is me. If so, it returns the value “dave”. Next it checks for the list of ‘Important Voices’ and if there’s a match, returns “voce”. The troll/off-topic check basically won’t work unless I manually change a commenter’s URI in MT, so I don’t expect to use it a lot, but I want to see if it will prove useful. Finally, if there is no URI, the comment is considered semi-anonymous and “anon” is returned.
This is an interesting thing, but as Dave notes:
Low-tech, insecure, but hopefully managable. The easy way to game this system is to leave someone else’s URI instead of your own, but I’m counting on the magic of PageRank and the desire for overflow links to keep everyone honest. There’s absolutely nothing now (short of TypeKey) stopping one from spoofing another on anyone’s site, but the payoff is a tiny little bit more in this case. Obviously this won’t scale, and will probably break sooner than I’d expect, but for now it works.
I think that user security is a potentially huge issue:
Say I post comments on Alex King’s Weblog. I submit a name of “Geof”, an email of “gfmorris AT gfmorris DOT com”, and an url of “http://gfmorris.net/” with my comments. Alex comes to expect, after a time, that comments with that data triple are mine.
Say someone decides that they hate me and starts posting comments in my name. They haven’t hijacked my computer at all; they’re just posing as me. They appear to be me, and there’s nothing to verify that the comment is from me.
My friend Bryan often accuses me of being the one who “is unafraid to point at the elephant in the room that everyone’s ignoring”. I’d hate to have to pretend to be, oh, Matt Mullenweg to prove my point. [If I ever did intend to prove my point, I’d let that person know first, of course.]
[Nota bene: I have fixed previous character set issues. I apologize for the temporary problems. –GFM]
[Nota nota bene: Not only did I try to use BBCode rather than HTML elements in the previous revision of the note, I didn’t realize the true source of the charset problems–internal to WP itself. Sonofa. –GFM]