Sock Puppets

gsb: today I was looking over comments on this post. If one hovers over the commentator’s name one can see the IP, or resolved domain, of the person who posted. Of course, there’s probably ways around this kind of thing, but it might be a good start. Can we have something like this?

FWIW, my experience is that both trolling and spamming were greatly reduced once I implemented this.

Related:

 Oh, that’s hot.  I definitely need to add this to Subtext.

Posted by Haacked at

Comment spammers don’t care that their IP address is being revealed. I have banned more than 200 IP addresses for posting comment spam. They always come back at new ones.

I think sharing the IP addresses of all your commenters is a bad policy, as I wrote today on Workbench. It may scare off some trolls, but at the expense of a bunch of legitimate users who might not want to share the details that can be gleaned from their IP address.

Posted by Rogers Cadenhead at

Everything is a balance.  At the moment, I seem to be able to attract healthy enough discussions, and the combination of defenses does seem to keep many of the trolls and spammers at bay.

I’ll also note that I’m in good company: virtually all wikis employ a similar strategy.

I also aggressively implement trackback, pingback, and automatically mine referers and harvest extractions to enable those that have weblogs to participate remotely.

But, if there was enough demand, I would certainly be willing to create a registration system that would enable trusted users to comment without revealing their IP addresses.

Posted by Sam Ruby at

I’d participate in the registration system.

Posted by Christian Romney at
Christian, Rogers: would OpenID meet your requirements?

Posted by Sam Ruby at

I don’t mind authentication — I’ve joined TypeKey and umpteen other systems to comment. This is the first I’ve read of OpenID.

I’m unclear on this point: If my OpenID server tells your blog I’m Rogers Cadenhead, what stops some prankster — let’s call him Mark, say — from claiming to be Rogers Cadenhead next week and posting here as me? If there’s no password, what’s to prevent it?

Posted by Rogers Cadenhead at
You log into the OpenID server present at the URL you enter and Sam’s blog checks with that server whether you’re logged in there.

Posted by Firas at
A UI suggestion: rather than “login”, a user can enter their OpenId blog or server into the URL field.  “Remember info?” will then preserve that for the next time.

Posted by Ken MacLeod at
Sam: OpenID looks very cool, although the list of servers is still quite small. Willing to try if you are. Thanks!

Posted by Christian Romney at

Sam,

I think what reduced spamming and trolling will also lead to privacy violations if this practice spreads widely. Even if search companies filter out IP addresses as keywords, private bots will harvest IP addresses for whatever reasons they might have. For example, I could see myself doing this to assign risk to IP blocks based on the behavior of the IP pool users. I’ll be able to measure the stickyness of each IP block from crawling also.

Meanwhile, spammers will just use anonymous proxies when this practice becomes common place.

Posted by Don Park at

Add your comment












Nav Bar