Recently, someone posed as a representative of Nuffnang and posted a bunch of comments on a blog. The(new)mediaslut wrote a blog post giving advice on how to deal with the issue of an imposter. That post highlighted steps that can be taken after the fact of impersonation.
So the question I asked myself was how to prevent anyone from posing as a representative of a company in this new online media landscape with blogs and comments.
Specifically, how does a representative of a company establish his or her identity?
There are two ways which I am aware of.
1. Leave your name, email and site’s URL.
Presumably, the email you leave will be a secret which is used to identify yourself to the blog’s administrators. However, emails are easily harvested and it is actually a trivial thing to find out the email used by the representative of a company.
2. Install a blog commenting system to handle the identity of commentators.
Four examples of such systems:
a. http://www.sezwho.com/
b. http://disqus.com/
c. http://www.cocomment.com/
d. http://www.intensedebate.com/
There are a few problems with such systems:
1. The system has to be integrated with a blog.
2. Unless the services all use OpenID, people who like to comment regularly would need to have an account for each system.
3. Even if all the systems implemented OpenID, data regarding the comments made by a user would be stored in separate data silos with no aggregation of data across services.
So, I would like to propose a possible solution.
There will be a company, let’s call it COTRD, which establishes itself as an identity verification service for companies. COTRD is responsible for authenticating a user’s identity - the user is verified to represent the company or a company can setup accounts to be used by their representatives. The commentator, representing a site or company, who would like to establish his identity on a blog, first logs into COTRD to post the comment. Once the comment has been posted on COTRD, the user then posts the same comment on the other site with a link back to the comment on COTRD.
The idea behind this solution is to make use of the third field in the form when leaving a comment - the ‘Website’ field. Most people would just enter a URL for a domain (i.e. ian.onthereddot.com). What if, instead of just leaving the domain name of the website, the URL left is a permanent address to a comment hosted on COTRD?
Since, only the authenticated representative of the company could have left the comment on COTRD, if the comment on COTRD matches the comment on the blog, then that comment must have been made by the representative.
An analogy would be this. Only two people have the key to a house. Let’s call them Boy A and Girl B. Girl B receives a note from a stranger who claims the note is from Boy A. The note contains the words - ‘I Love You’. Now, Girl B goes back to the house, and sees the words ‘I Love You’ on the wall. Since only Boy A could have left those words because he was the only other person with a key to the house, then the note, or at least the words on the note, must have been from Boy A.
Of course, an astute observer might ask why can’t a company just post the comment on their own blog as a post. They could. But blog posts and comments are two different beasts and a company might not want to muddle up the content of their blog with every comment they had to post on other blogs.
A company could of course set up a separate blog where only comments are posted on it, so COTRD would have to provide other services to companies using its service.
Below is a comment highlighting the use of a service like COTRD.
Ian Timothy | 04-Feb-08 at 5:03 pm | Permalink
This project is an attempt to think of a different way we can solve the identity problem when it comes to online comments without a site having to integrate with other services. You can easily verify that this comment was made by Ian Timothy of comments.onthereddot.com by clicking on my name above this comment. The link will be to a page with the same content as this comment and only I could have left that content on that page.