charmian: a snowy owl (Default)
charmian ([personal profile] charmian) wrote2011-05-11 09:18 pm
  • Add Memory
  • Share This Entry
Entry tags:

LJ allows identity accounts to post in communities

In the latest release, LJ has now allowed for identity accounts (openID, Facebook, Twitter, and others) to post in LJ communities. While this new feature has been overshadowed by the LJ nav strip revision, it seems to have already caused some controversy.

Personally, I'm for this feature (although I don't think that it'll affect me personally much); I really don't think there's much of a security issue with Twitter/FB accounts posting, and actually I'm puzzled by the assertion that LJ-Abuse has less data on the identity accounts than other accounts. I mean, isn't LJ Abuse able to trace even anonymous posters through IP addresses and other things? Anyone with more technical knowledge want to chime in on those aspects?

I now wonder, though, if Dreamwidth is going to implement a similar feature, and if so, would there also be this kind of opposition?

Poll #6955 identity accounts posting in comms on DW
Open to: Registered Users, detailed results viewable to: All, participants: 33

View Respondents

Should DW allow identity accounts (openID) to make posts in communities?

View Answers

Yes
22 (66.7%)

No
8 (24.2%)

Other (explain in comments)
3 (9.1%)

Flat | Top-Level Comments Only
foxfirefey: A wee rat holds a paw to its mouth. Oh, the shock! (thoughtful)

[personal profile] foxfirefey 2011-05-12 07:26 pm (UTC)(link)
This topic has come up before and the answer is always no because of spam concerns. LJ has a lot more resources to deal with those problems, and a lot less to lose since there's already lots of spam that has to be dealt with anyway.

The closest I can come to workable solutions are:

* External account posts are always put in a moderation queue. Possibly allow communities to opt out of putting them in a moderation queue, with the caveat that if untended spam in the community keeps getting reported that site admins can remove that ability.
* External accounts can post to communities, but only after applying a valid invite code to their account. This pretty much puts them on the same footing as regular accounts.

Unfortunately, both of these solutions are still barriers, and kind of inscrutable ones at that. They all put barriers on the external account to jump through hoops or endure extra scrutiny. So I'm not sure how attractive these "solutions" are to addressing the wants of those who want this.

The best candidate I can think of for this ability is [community profile] scans_daily.
Edited 2011-05-12 19:26 (UTC)
charmian: a snowy owl (Default)

[personal profile] charmian 2011-05-12 09:23 pm (UTC)(link)
Ah, I see, but isn't there already that spam concern with open-ID accounts when it comes to comments?

Maybe another way the situation could be improved is if we account holders with invite codes could "validate" external accounts too? So that would at least get rid of one of the steps for the external account holder.
foxfirefey: A guy looking ridiculous by doing a fashionable posing with a mouse, slinging the cord over his shoulders. (geek)

[personal profile] foxfirefey 2011-05-15 07:53 am (UTC)(link)
There is a concern with OpenID spam comments! But comments aren't as attractive a target as top-level posts, which more people have more of a chance to see. And comments overall have higher barriers than posts: users have the ability to implement screening, CAPTCHAs, or only allow registered users. Community posting barriers are mostly up to the person running a community and is members only or open, moderated or unmoderated. No CAPTCHAs, only registered users.

I think the first option I suggested is probably the most tenable--I think if communities can turn off OpenID posting, and it goes to moderation by default, and if a community can opt into having OpenID posts not be moderated by default, it could strike a balance between spam concerns and both spectrums of user needs.

I'm not sure how getting validated would eliminate a step for the external account--they'd have to find somebody to do it for them, or be invited by somebody who already knew about it. I guess it could work, though, if OpenID users could be validated with an invite code by somebody else OR if they could use the invite code on their own. The latter might be easier for some folks.
Edited 2011-05-15 07:54 (UTC)
charmian: a snowy owl (Default)

[personal profile] charmian 2011-05-15 08:04 am (UTC)(link)
I think it saves a step it a user with an invite code can directly validate an openID user, rather than the increased steps of sending it to the openID user and then having the openID user validate themselves.

Yeah, I think that is the best idea: have it non-default and just an option that can be turned on if the community maintainer desires it.
azurelunatic: Vivid pink Alaskan wild rose. (Default)

[personal profile] azurelunatic 2011-05-19 02:42 am (UTC)(link)
The vast majority of reported spam on DW is still anonymous comments, followed at a distant second and third by OpenID comments made onsite and imported from LJ, and I honestly don't know offhand which is second and which is third.
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2011-05-16 10:34 pm (UTC)(link)
I prefer the first option, and would prefer to be able to opt out of it (longer comment below about what I've got in mind).

For a 'standard' comm, you'd need controls and safety precautions, but for someone like me looking for an outward facing comm, the whole point of interoperability as a project is to allow people to just get on with it.

I really want Twitter commenting here, I really want an easy taskflow for identity login, and I really want comms to be able to let people post with whatever they're logged in as.

Spam is always a concern, but if it's in some way moderated, that should solve it--maybe ID accounts can only post unmoderated to paid comms?
Flat | Top-Level Comments Only