An odd place to draw the line

by Michael S. Kaplan, published on 2005/09/11 23:50 -07:00, original URI: http://blogs.msdn.com/michkap/archive/2005/09/11/463928.aspx


Robert Scoble has a nearly famous policy about comments on his blog -- he never deletes them. He lets people vent and rant and leak out whatever ectoplasm or vomit or whatever they are going to spew out on the comment page. And he does not delete them. Even if they are anonymous. Or maybe it is especially when they are anonymous?

Me? I am not nearly as tolerant as he is, as my comment policy indicates. It is not that I mind when people disagree with me -- that happens all the time. It is just that I prefer there to be a bit more dignity....

Anyway, apparently some bozo started posting comments in his name, which inspired a post that Robert did entitled Trolls go over the line:

The trolls are out of hand. Now they are impersonating me on my comments. I will delete any comments that are made in my name that aren't mine. Just gonna take me a while to do it cause they are over on Channel 9 doing the same thing. Ahh, the fun.

I won't delete any comment not made in my name, but doing it in my name is over the line, sorry.

It seemed like an interesting place to draw the line. Interesting, and maybe even a little bit odd.

I mean, if someone started posting as Robert (or anyone) on other blogs, that would seem to me to be pretty obnoxious. Would he ask the hosts of the other blogs to take action to remove the posts, especially if the person was choosing to be very offensive? This is hardly a theoretical point; as I mentioned in this post I had to get such a comment removed from amazon.com when someone tried to fake a post from a former colleague of mine in PSS.

And more importantly (if his answer to that question is YES), if someone complains to him that some jerk is posting in their name on Robert's blog and asks him to remove the imposter's comments, would he?

Just trying to understand if the line is drawn in such a way to protect the integrity of Robert's blog, the integrity of Robert on his blog, of the integrity or Robert everywhere he hangs out (which was, at last count, approximately everywhere!).

As I said, it seems like a really odd place to draw the line, given his previously stated policies. The notion of a policy that says "post anything you like here, as long as my name is not taken in vain here" has a real scent of something on it. Ego, perhaps? :-) Maybe the name "Robert Scoble" is rare enough that he is the only one, but such a claim smacks of ego, too. :-)

It would not work for me since there are other Michael Kaplans in the world, some of whom actually send me mail from time to time....

Or will Robert recognize that the more attention he pays to the troll, the more interest he will generate in the dork's campaign?


# amorson on Monday, September 12, 2005 7:41 AM:

I actually would like to get his answer on this.

# tzagotta on Monday, September 12, 2005 10:16 AM:

New crime of the future -- blog impersonation. How interesting...

# Maurits on Monday, September 12, 2005 11:57 AM:

I'm a fan of perfect-information systems.

How do you deal with forgery? Authentication, natch.

If someone posts as guest "Bob Scoble", post a follow-up comment saying "That is not me."

If the comment system doesn't allow for authentication, use PGP.

# Huh on Monday, September 12, 2005 3:14 PM:

Someone impersonated me on the weblog of Raymond Chen. Despite saying obnoxious things about myself supposedly in my own name, Raymond wasn't 'aware' of the issue.

Typical Microsoft 'we need lawyers to tell us what is right and what is wrong' mentality.

# Michael S. Kaplan on Monday, September 12, 2005 7:11 PM:

Maurits -- I could ban anonymous posts then; I would rather just moderate them.

Huh -- not sure what you mean here. I am not consulting lawyers, I am expressing my opinions.

# michkap on Monday, September 12, 2005 7:31 PM:

<P>This is Maurits, testing whether anonymous users can use names already in use by registered users... </P>
<P>[And this is the moderator letting you know that you are not actually michkap &lt;grin&gt;]</P>

# Dean Harding on Monday, September 12, 2005 7:39 PM:

And what about if I post a non-trollish comment in Robert's name? Maybe it's OK if I make him look good :-)

Maybe another way would be have Robert's name appear in some way that you can't fake - like when it displays his name, make it red but if an anonymous poster gives the name "Robert Scoble" it just appears in regular black. Heh, but then only a true geek would come up with a technical solution to a social problem :p~

# Michael S. Kaplan on Monday, September 12, 2005 7:52 PM:

Yes, you can do that, maurits.

But I had to approve it before it showed up.

# Maurits on Monday, September 12, 2005 7:54 PM:

<P>-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 test of impersonation countermeasures -----BEGIN PGP SIGNATURE----- Comment: pub http://matthew.vaneerde.com/pgp-public-key.asc iD8DBQFDJhT/UQQr0VWaglwRAjLBAJ9E7NU8dtOAHSGpN19NEngwjDZPNwCgvXEa SRxUVy4gHoXH63aKuwGvmtY= =xv8y -----END PGP SIGNATURE----- </P>
<P>&nbsp;</P>
<P>I remain unimpressed. :-)</P>

# Maurits on Monday, September 12, 2005 8:01 PM:

Your comment HTML-ification (which I can without fear of contradiction call a "bug") broke my PGP signature.

My PGP verification software confirms that the post has been modified since it was signed :)

So PGP-signing has TWO benefits...
1) It proves that I really made the post
2) It indicates when the moderator has tampered with the post.

You may NOW be impressed.

# Michael S. Kaplan on Monday, September 12, 2005 8:08 PM:

Maurits -- i am not, however, impressed -- since I do not insist on any type of authentication whatsoever and simply reserve the right to keep and not keep based on whatever criteria I choose. :-)

If I had wated to force people to authenticate as a goal, then I would be impressed....

# Robert Scoble on Monday, September 12, 2005 8:14 PM:

Yes, if someone was using my name and email address in another blog's comment I'd ask that person to remove that post and/or change the name to be something else and/or change the post to say that the real Robert Scoble wants it made clear that a fake Robert Scoble was posting there. Why? Well, I need to protect my identity. Simple as that.

Now, is there another Robert Scoble in the world? Probably. But there isn't one that uses the email address of rscoble@microsoft.com.

# Maurits on Monday, September 12, 2005 8:19 PM:

Ah well. I still think PGP is an impressive solution to the following problem:

Allow commenters to reliably tie their comments to their personal web site (and thus, their "online identity")

Admittedly the PGP ASCII stuff looks ugly. Hopefully someone will write a PGP-savvy blog software that will hide the line noise behind a "verified w/ PGP" icon...

But you must admit that if Mr. Scoble were able to easily PGP-sign all of his comments* (perhaps even by default) then the imposter's comments would have carried far less weight.

* and publish his public PGP key on his blog, of course

# Maurits on Monday, September 12, 2005 8:33 PM:

Is that "Robert Scoble" comment REALLY by THE Robert Scoble? :)

# Michael S. Kaplan on Monday, September 12, 2005 9:09 PM:

But it does not matter to me. Did anybody read the post where I explained what I cared about here, why I thought there was something missing from Robert's plan, and what I wanted to know.

I am glad that you are coming up with solutions for problems other people might have. I am sure they will appreciate it. :-)

# Dean Harding on Monday, September 12, 2005 9:20 PM:

Actually, it's a good question. I mean, fair enough Robert wants to protect his identity. But I also want to protect my identity as well. What if someone posts trollish comments on Robert's blog with my name, would Robert delete those posts (at my request) even though that would seem to violate his "do not delete posts" policy?

# Michael S. Kaplan on Monday, September 12, 2005 10:18 PM:

I agree, Dean. That is a good question. It is one of the ones I asked! :-)

# Ben Bryant on Monday, September 12, 2005 10:20 PM:

No, I think it makes sense, it should just be an issue for Robert's own blog. I believe that all blogs should differentiate the author's or OP's comments from everyone elses with obvious difference in formatting. The authors ongoing comments should look like a continuation of the article, while everyone else's should be enclosed in a comment box, it makes for a much easier read, plus it wouldn't matter if someone used his name because it would be obvious they weren't him, and he wouldn't have to delete it.

# amorson on Tuesday, September 13, 2005 1:37 AM:

Do you really want to authenticate/login into the tens of blogs you read every day?

# Maurits on Tuesday, September 13, 2005 12:01 PM:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Did anybody read the post where I explained what I cared about here

Yes, I did.

If everyone were to PGP-sign every comment they made on every blog
where they posted, the problems you discuss in your post above would go
away.

There are some nitpicky concerns that would have to be addressed. If
someone PGP-signed "Yes, I agree", that post could be transplanted by a
malefactor to other blogs. So for safety's sake there should be a
footer to each comment:

I am Matthew van Eerde
I am posting on
http://blogs.msdn.com/michkap/archive/2005/09/11/463928.aspx
My home page is http://www.geocities.com/mvaneerde
It is 9:00 AM PDT on September 13, 2005

-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc

iD8DBQFDJvexUQQr0VWaglwRAgW8AJ9D5LR0H/SmQ2qwBhSd+M4E/CkVvgCgoMs0
Whjg+Hg3im8Uq3JpIUemxw4=
=Cdf6
-----END PGP SIGNATURE-----

# Maurits on Tuesday, September 13, 2005 12:11 PM:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Did anybody read the post where I explained what I cared about here

Yes, I did.

If everyone were to PGP-sign every comment they made on every blog
where they posted, the problems you discuss in your post above would go
away.

There are some nitpicky concerns that would have to be addressed. If
someone PGP-signed "Yes, I agree", that post could be transplanted by a
malefactor to other blogs. So for safety's sake there should be a
footer to each comment:

I am Matthew van Eerde
I am posting on
http://blogs.msdn.com/michkap/archive/2005/09/11/463928.aspx
My home page is http://www.geocities.com/mvaneerde
It is 9:12 AM PDT on September 13, 2005

(Take two -- double-spaces collapsed)

-----BEGIN PGP SIGNATURE-----
Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc

iD8DBQFDJvocUQQr0VWaglwRAnmUAJ9sAzxG+9KvuJvSPb04uc3fooEBbQCgsp3C
CCVMXgikkmty/st1ncO1WS4=
=Bde5
-----END PGP SIGNATURE-----

go to newer or older post, or back to index or month or day