[Fwd: CommentBack joining proposal]
Owen Winkler
community as a whole to consider.
-------- Original Message --------
Subject: CommentBack joining proposal
Date: Sat, 10 May 2008 00:05:17 -0700 (PDT)
From: Mic <email removed>
To: habari-d...@googlegroups.com
I'm Michele "Mic" Zelco. I write from Italy (Venice area) and I'm the
co-founder of ZicZac (ziczac.it) an Italian social news site.
In Italy there are a lot of discussions among bloggers about those
social sites.
Those sites drive a lot of traffic if a post hits the home page, but
with the problem that everyone put a comment on the "social site" and
not on the original blog.
Also our users are complaining about this issue and we're looking for
a way to resolve it.
I do believe that a global solution will be easier to adopt and share
for everyone.
So, we're thinking about a trackback-like protocol (named CommentBack,
original, eh?) that could do the trick, sending the comment posted on
the social site to the original blog.
I found you're discussing about an xmlrpc version of this issue here:
http://groups.google.com/group/habari-dev/browse_thread/thread/5a5fabe48110df2b/c847f680ec3117b0
This has at least two benefits, the comments are also in the same page
of the content they are talking about and the author is notified when
someone is commenting his content on another site.
I've set up a very simple site at http://www.commentback.org, trying
to give a base to discuss about this issue with all the players
envolved (blog engine developers, social sites staff, users, etc...).
I'll put there also the draft we're working on and every spread-the-
word initiative I've done.
I'm writing to you to ask your ideas about this project and to know if
you may consider to partecipate in this.
Thanks for your attention, I hope to hear some news from you.
Mic
ringmaster
>
> So, we're thinking about a trackback-like protocol (named CommentBack,
> original, eh?) that could do the trick, sending the comment posted on
> the social site to the original blog.
> of the content they are talking about and the author is notified when
> someone is commenting his content on another site.
protocol because it is far too vulnerable to spam. Habari doesn't
support Trackbacks at all for precisely that reason.
I think that as a group (not just Habari, but others) we can come up
with something better. I would like to see the effort continue, but
not in its current vein.
Owen
Michael C. Harris
I certainly think there is a need for something like this, and I'll
help out where I can. I don't know enough about spam and trackback to
be able to comment with authority, but if no-one else chimes in I'd be
happy for what you've said here to be our official position.
--
Michael C. Harris, School of CS&IT, RMIT University
http://twofishcreative.com/michael/blog
Mic
> For what it's worth, I think this is a very poor way to construct this
> protocol because it is far too vulnerable to spam. Habari doesn't
> support Trackbacks at all for precisely that reason.
As anticipated via a private mail to you, I've thought about an
authentication framework, but I've not written it to the draft to not
add complexity in this very first phase.
The draft I posted is only to be considered a starting point to
attract people to work on a better solution.
I'd really like to know how you'll structure a protocol to resolve
this issue (Indeed I started this CommentBack.org initiative for the
purpose to let people discuss togheter).
Given that a comment received with a CommentBack could be queued as
any other comment in an anti-spam system (like Askimet?), I was
considering a way for the user to save in the client-site (the social
site that links the blog post), after "claiming" the blog, a custom
string that will be used as password in the POST as a new parameter.
The same password has to be saved in the user blog to check it.
Obliously it could be added some kind of hashing to not send the
password in clear.
All this should be optionally activated in the server-side (on the
blog) CommentBack engine.
Then if a known site (ie a site for which the blogger has saved a
password) is not using it or using a wrong one, the comment is
discarded directly, if the site is new the comment is saved and the
blog admin notified of a new client-site to be added.
This is far from perfect, because adds a lot of manual-overhead for
the blogger to claim his blog and register a password on the client-
site.
(Can this be automated in some way?)
Another approach could be this one.
Given that a spammer could use his domain for the comment permalink or
a legit URL (like a digg-story-one) and put a spam link in the comment
body, the problem is only in the second case (the first one is done
with a blacklisting of thespammer-site).
So the server, received the comment, could check if its permalink is
valid, or directly at the site-client URL or with some protocol to be
determined.
What do you think about those approaches?
Mic
Scott Merrill
> > For what it's worth, I think this is a very poor way to construct this
> > protocol because it is far too vulnerable to spam. Habari doesn't
> > support Trackbacks at all for precisely that reason.
>
>
> Thanks for your interest, Owen.
> As anticipated via a private mail to you, I've thought about an
> authentication framework, but I've not written it to the draft to not
> add complexity in this very first phase.
> The draft I posted is only to be considered a starting point to
> attract people to work on a better solution.
> Given that a comment received with a CommentBack could be queued as
> any other comment in an anti-spam system (like Askimet?), I was
> considering a way for the user to save in the client-site (the social
> site that links the blog post), after "claiming" the blog, a custom
> string that will be used as password in the POST as a new parameter.
> The same password has to be saved in the user blog to check it.
> Obliously it could be added some kind of hashing to not send the
> password in clear.
I don't think CommentBack items should go through the normal spam
checking process.
As we described our original CommentBack proposal:
http://wiki.habariproject.org/en/Summer_of_Code#Comment_Tracking
All incoming CommentBack items should have been authored by a user of
the receiving blog. As such, we don't need to check their content for
spamminess.
In our description linked above, we have Bob's blog redirecting Alice
back to her own site after submitting a comment on Bob's blog. This
is one way to make sure that the authentication process happens
manually: Alice approves each incoming CommentBack at the time it is
created.
Another option would be to asynchronously send CommentBack items to
the blog of the comment author, and to store these in a separate
moderation queue. Again, traditional spam checking of these items is
not appropriate.
Once Alice approves an item in her CommentBack moderation queue, some
mechanism could be used to automatically approve incoming CommentBack
items from this site in the future. In this way, once Alice approves
a CommentBack item from Bob's blog, all additional comments that Alice
leaves on Bob's blog will be automatically approved within Alice's
blog.
Cheers,
Scott
Mic
> I don't think CommentBack items should go through the normal spam
> checking process.
>
> As we described our original CommentBack proposal:http://wiki.habariproject.org/en/Summer_of_Code#Comment_Tracking
> All incoming CommentBack items should have been authored by a user of
> the receiving blog. As such, we don't need to check their content for
> spamminess.
I've read the description at the link you've posted and what is
described there is a little bit different from what I was thinking for
CommentBack. This only because my point of view is from the social
site perspective and so I was thinking about comments sent from the
social site to the original blog and not between blogs.
Given that, I think that this protocol could be used also for that, is
only about how you'll handle the comments received by the blog and to
implement in the blog also the "sending" infrastructure and not only
the receiving one.
I wrote what could be a first approach to "authentication" and spam-
prevention here, in reply to Joseph Scott:
http://groups.google.com/group/commentback/msg/916dde0d86848f05
I'd be very happy to know what you think about it.
Thanks,
Mic