Towards better pseudonym posting on message boards - casual commenting.
As you may know, I allow anonymous comments on this blog. Generally, when a blog is small, you don't want to do too much to discourage participation. Making people sign up for an account (particularly with email verification) is too much of a barrier when your comment volume is small. You can't allow raw posting these days because of spammers -- you need some sort of captcha or other proof-of-humanity -- but in most cases moderate readership sites can allow fairly easy participation.
Once a site gets very popular, it probably wants to move to authenticated user posting only. In this case, once the comment forums are getting noisy, you want to raise the bar and discourage participation by people who are not serious. My sub blog on Battlestar Galactica has gotten quite popular of late, and is attracting 100 or more comments per post, even though it has only 1/10th the subscribers of the main blog. Almost all post using the anonymous mechanism which lets them fill in a name, but does nothing to verify it. Many still post under the default name of "Anonymous."
Some sites let you login using external IDs, such as OpenID, or accounts at Google or Yahoo. On this site, you can log in using any ID from the drupal network, in theory.
However, drupal (which is the software running this site) and most other comment/board systems are not very good at providing an intermediate state, which I will call "casual comments." Here's what I would like to see:
- Unauthenticated posters may fill in parameters as they can now (like name, email, URL) and check a box to be remembered. They would get a long-term cookie set. The first post would indicate the user was new.
- Any future posts from that browser would use that remembered ID. In fact, they would need to delete the cookie or ask the site to do so in order to change the parameters.
- If they use the cookie, they could do things like edit their postings and several of the things that registered users can do.
- If they don't pick a name, a random pseudonym would be assigned. The pseudonym would never be re-used.
- Even people who don't ask to be remembered would get a random pseudonym. Again, such pseudonyms would not be re-used by other posters or registered users. They might get a new one every time they post. Possibly it could be tied to their IP, though not necessarily traceable back to it, but of course IPs change at many ISPs.
- If they lose the cookie (or move to another computer) they can't post under that name, and must create a new one. If they want to post under the same name from many machines, create an account.
- The casual commenters don't need to do more special things like create new threads, and can be quite limited in other ways.
In essence, a mini-account with no authorization or verification. These pseudonyms would be marked as unverified in postings. A posting count might be displayed. A mechanism should also exist to convert the pseudonym to a real account you can login from. Indeed, for many sites the day will come when they want to turn off casual commenting if it is getting abused, and thus many casual commenters will want to convert their cookies into accounts.
The main goal would be to remove confusion over who is posting in anonymous postings, and to stop impersonation, or accusations of impersonation, among casual posters.
I don't think it should be too hard to make a module for drupal to modify the comment system like this if I knew drupal better.
Comments
brad
Sun, 2009-03-15 17:24
Permalink
Security
As noted, if a user really wants a good persistent identity, they should create an account or use some master ID system. However, permanent cookies should work decently well. This system does prevent impersonation. Its flaw is that the same user is going to keep changing pseudonyms every time they lose the cookie, accidentally or deliberately.
As an alternative to userid creation, a system could also offer casual commenters a link they can bookmark, which logs them in to their casual identity. This is pretty permanent, and even allows roaming if you have a bookmark sharing tool. It is not used commonly on sites that need real security because some people publish their bookmarks, and they are of course visible to people sniffing wifi and other networks.
brad
Sun, 2009-03-15 22:36
Permalink
Full reg not so much to promote
Some sites want registration because they want to have a count of users, sometimes to sell to advertisers. Many sites don't care at all who you are. We mostly care that you behave nicely, you don't impersonate others, that you participate productively and that you don't spam. Everything else is a means to that end.
The current common alternatives (account and unverified anonymous) don't serve that too well.
Alvin
Sun, 2009-03-15 17:26
Permalink
Now, for a limited time!
As someone who enjoys posting, but is not interested in signing up due to the nature of the topic (a TV show that is not long for this world), this solution seems ideal.
The fact that it is short lived may be, to some-- like me-- actually an asset rather than a drawback.
Add new comment