elusiveat: (Default)
elusiveat ([personal profile] elusiveat) wrote in [site community profile] dw_suggestions2009-11-11 11:52 pm
  • Add Memory
  • Share This Entry
Entry tags:

html and OpenID

Title:
html and OpenID

Area:
OpenID

Summary:
I think you're going to develop a more receptive user base if you give OpenID folks the ability to use html in comments.

Description:
I recently had some OpenID folks expressing unhappiness with their inability to use html in a thread in my journal. I've already met with quite a bit of resistance to my decision to switch to dreamwidth from livejournal, and I suspect that others are meeting with similar resistance. I don't know whether OpenID is handled differently when posting to paid accounts (I do have a second account that is paid but have not done much with it so far). I think that at minimum you should try to fix this for paid account users, but will do best to elliminate the problem entirely.

Here's the thread: http://elusiveat.dreamwidth.org/325169.html?thread=1730609#cmt1730609

Note: I chose not to report this as a bug because I don't know whether it was a deliberate design decision.

Poll #1690 html and OpenID
Open to: Registered Users, detailed results viewable to: All, participants: 42

View Respondents

This suggestion:

View Answers

Should be implemented as-is.
13 (31.0%)

Should be implemented with changes. (please comment)
15 (35.7%)

Shouldn't be implemented.
11 (26.2%)

(I have no opinion)
2 (4.8%)

(Other: please comment)
1 (2.4%)

Flat | Top-Level Comments Only
ext_81580: (Default)

[identity profile] zvilikestv.net 2009-11-12 05:04 am (UTC)(link)
I am pretty sure that not posting html only extends to hyperlinks (http://en.wikipedia.org/wiki/Hyperlink).

the point is to deter spammers
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-11-12 05:07 am (UTC)(link)
Perhaps validated OpenID accounts should have the ability to post links?
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 05:09 am (UTC)(link)
Yes, this: there's no verification mechanism for proving that a particular OpenID service isn't controlled by spammers, and so links are treated like anonymous users' links (which are also link-stripped) to prevent boosting pagerank. (90% of spam is to boost search engine results via linking.)

I let the suggestion through so that people can discuss whether or not that should be changed, but given the prevalence of spam on the internet (and yes, a lot of it is OpenID spam, because many services treat an OpenID account like a verified account -- which is precisely why we don't, not exactly) I really, really, really don't think it'll change without good reason.
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-11-12 05:12 am (UTC)(link)
DW's move has been to treat validated OpenID's more and more like user accounts. Would that be an acceptable compromise, to allow validated OpenID's to post links. (They could still be automatically appended w/ noindex, nofollow.)
afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)

[personal profile] afuna 2009-11-12 05:18 am (UTC)(link)
For reasons that you and [staff profile] denise, I think that at the very least, only validated OpenID accounts should be allowed to post links.

If we want to be a bit more strict, perhaps also require that the journal that the openid user is commenting in have granted access to that openid user? That leaves communities as well,though. Hm.

I like the idea of noindex/nofollow! I don't know if the spammers will be paying attention to whether those attributes are present, and decide on that basis if it's worth posting links, but we won't lose anything in either case.


pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2009-11-12 02:54 pm (UTC)(link)
Seconded, on all counts. (And I thought identity accounts with validated email addresses could do that already? Or am I thinking of something else?)
afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)

[personal profile] afuna 2009-11-12 02:56 pm (UTC)(link)
Nope. Maybe to you were thinking of being able to comment on entries that block anonymous comments?
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2009-11-12 03:10 pm (UTC)(link)
Hmm, probably.
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 02:58 pm (UTC)(link)
I also thought that OpenID accounts with validated email addresses could already post links, and I think they should be able to.
triadruid: Apollo and the Raven, c. 480 BC , Pistoxenus Painter (Default)

[personal profile] triadruid 2009-11-12 03:35 pm (UTC)(link)
Agreed. Provided that we (and by we, I mean DW) can cut off an OpenID server if it starts to validate badly, this seems a good compromise.

Then again, will that let through spammers from (forex) LJ?
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 03:50 pm (UTC)(link)
"Validated email addresses" is validation on DW's side, so that shouldn't be a problem. In order to post links, someone would need to validate their email address on DW, regardless of what their OpenID server was, so this should stop spammers.
triadruid: Apollo and the Raven, c. 480 BC , Pistoxenus Painter (Default)

[personal profile] triadruid 2009-11-12 05:27 pm (UTC)(link)
Ah, that makes more sense.
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 03:23 pm (UTC)(link)
If we want to be a bit more strict, perhaps also require that the journal that the openid user is commenting in have granted access to that openid user?

I'd be curious to know if there's any practical reason why this won't work. (I can't think of one.)
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-11-12 06:30 pm (UTC)(link)
Comms would be a problem, but also I have a combined public/private blog, which, when I'm posting, has a fairly high readership--I don't want to pick and choose who gets to put links in my posts, and certainly don't want to be granting access to political opponents who I'm happy to talk to.
azurelunatic: Vivid pink Alaskan wild rose. (Default)

[personal profile] azurelunatic 2009-11-12 06:27 am (UTC)(link)
I do like this idea.
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 10:24 am (UTC)(link)
Yes, this sounds like the best solution.
miss_s_b: River Song and The Eleventh Doctor have each other's back (Default)

[personal profile] miss_s_b 2009-11-12 06:34 pm (UTC)(link)
This. I have a lot of openID commenters from other political blogs, and they have expressed annoyance with this.
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-11-12 02:07 pm (UTC)(link)
From my persepctive, [personal profile] miss_s_b gets a lot of comments from non-LJ bloggers, we're trying to promote OpenID logins and similar.

If I comment on a WP or Blogger blog, I can put in a link to back up an argument. If they come back to comment here, they can't.

From feedback from friends, that's a real discouragement for them to continue discussions here--on LJ we'd both regularly get 50+ comment threads, on here we don't, partially because some users are put off.

We need, at the least, to allow validated accounts to comment properly. If you want to promote DW as a blogging platform that supports interoperability.

I, as a DW user with a paid account, find it really annoying that I can't click links put into Jennie's comment box by personal friends that we trust implicitly, just because they blog elsewhere, and we're encouraging OpenID use.

The friends that take the time to hand code the links find it even more annoying.

[identity profile] nablacdotu.livejournal.com 2009-11-12 05:31 pm (UTC)(link)
to prevent boosting pagerank

rel=nofollow?
azurelunatic: Vivid pink Alaskan wild rose. (Default)

[personal profile] azurelunatic 2009-11-12 06:24 am (UTC)(link)
I could have sworn e-mail validated OpenIDs could link.

http://google.com
azurelunatic: Vivid pink Alaskan wild rose. (Default)

[personal profile] azurelunatic 2009-11-12 06:25 am (UTC)(link)
Guess I was wrong!
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 07:00 am (UTC)(link)
Is there a problem with letting individual Dreamwidth users choose what level of spam risk they are willing to accept?
zvi: self-portrait: short, fat, black dyke in bunny slippers (Default)

[personal profile] zvi 2009-11-12 07:06 am (UTC)(link)
Spam is a problem for the service as a whole, as well as an individual account owner. It eats up resources and makes the service unattractive to people who are considering signing up with it.
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 07:20 am (UTC)(link)
The attractiveness issue seems like a moot point if individual users are choosing what to allow (unless you're suggesting that the spammers would eat up so much bandwidth that the site would cease to function properly). I mean if you're talking about individual aesthetics, I can make my journal plenty unattractive without the help of spammers if I'm so inclined. I don't know why I'd do that, though.

Similarly, if I thought spammers were making my journal unattractive to my readers, I would select options that allowed me more control over content, maybe even screening non-DW users. Or (heck), only allowing comments from OpenID folk that I have on my Access List.

As for the using up resources issue, if that's really a consideration, I'd think that would be solved by making it only an option for paid accounts.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 07:35 am (UTC)(link)
Spam is a collective nuisance. The techniques spammers adopt aren't adopted because they want to deface a particular page, a particular journal, or a particular website; it is a firehose tactic where they attempt to deface millions of pages because they know only 1% will get through, and every one that does get through gives them more benefit, and every additional instance that does get through increases that benefit.

'Attractiveness' in this case, despite how [personal profile] zvi used it, has nothing to do with a particular aesthetic -- "spam on my journal makes my journal ugly" -- but the overall success rate of spam attempts on a service. If a spammer attempts one million spam comments on Website X and only one gets through, Website X will be less attractive to the spammer than Website Y, where five hundred thousand of their spam comments get through. The success rate on Website Y means that more of the spammer's attention will be devoted to it.

For real-world examples, look at wikis out there without any sort of spam deterrant; those that revert vandalism quickly and block spambots are not targeted at anywhere near the same rate as those that don't. (Not just in the sense of "there is less overall spam because it is being removed", but in the sense of "there are fewer spamming attempts made against the wiki".) Each individual act of spam is the vangard for a thousand zombie botnets waiting to spew filth.

I don't know if you ever look at LiveJournal's latest posts feed, but a month ago, you couldn't load that page without 85% (conservatively) of posts being spam. LiveJournal now suspends around 30,000 spambot accounts per day, after some recent changes. The spambots are evolving; if a site like DW were to say "okay, what if OpenID accounts could post links in comments and have them linked normally," the next step could very likely be for those botnet networks to create the accounts on LJ, where there is little obstacle to account creation (reCAPTCHA has not only been cracked, it's common to have "CAPTCHA forwarding" where the botnet farms out the human tests to humans who are paid pennies for every CAPTCHA solved), and then rather than use those botnet-controlled accounts on LJ, where spam activity could be detected by the spamtraps now in place, use them as OpenID accounts on other services. It's already happening, quite frequently, because most sites don't cooperate with each other to detect and block spam cross-network.
owl: Stylized barn owl (Default)

[personal profile] owl 2009-11-12 09:34 am (UTC)(link)
Non-essential buses to spammers!
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2009-11-12 02:56 pm (UTC)(link)
Does a 1MV power bus count as "essential"? :-)
justhuman: (bunny2)

[personal profile] justhuman 2009-11-12 01:32 pm (UTC)(link)
Thanks for this, it really makes the situation more understandable.
denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)

[staff profile] denise 2009-11-12 01:40 pm (UTC)(link)
It's kinda frightening how fast spam networks adapt and evolve. And I think a lot of people don't realize that the goal isn't to deface an individual journal, but to collectively get as many links into their home website (which will boost the rankings in search websites) as possible.

If you've ever wondered why sometimes you get spam that's nothing more than a string of nonsense characters that look like somebody walked over the keyboard, for instance, that's the reason. They do a test run of gibberish that's easily Googled, and hit (say) a million pages, then wait a month and Google the gibberish and see what kind of visibility they get, so they know what kind of Google juice a URL in that location would give them.
triadruid: Apollo and the Raven, c. 480 BC , Pistoxenus Painter (Default)

[personal profile] triadruid 2009-11-12 03:37 pm (UTC)(link)
That makes sense. I'd wondered about the linkless spam on a wiki I administer. Thanks!
elusiveat: (Default)

[personal profile] elusiveat 2009-11-12 03:21 pm (UTC)(link)
Thanks for the clarification. I still think that DW is going to have big problems taking off without being friendlier to OpenID, but I don't have an obvious answer.

I do wonder about the degree to which invisibly converting html to text is going to deter spambots. How much difference does it make to the spammer whether their hyperlink shows up as a link rather than as text? I guess a lot of users are "click-happy"? Has any analysis been done about how much difference it makes?
cesy: "Cesy" - An old-fashioned quill and ink (Default)

[personal profile] cesy 2009-11-12 03:24 pm (UTC)(link)
There's a clarification further down this thread which explains why invisibly converting html to text deters spambots.
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-11-12 02:02 pm (UTC)(link)
Yes--the biggest problem with spam on LJ is comment spam on dormant/abandoned accounts, no one complains, no one deletes it, the spammers get their free link.

At the moment, most DW accounts are assumed to be active. In a year? Two? Then it'll be a real problem.

However, I really want to allow my validated commenters to be able to link.
pseudomonas: (eyebrow)

[personal profile] pseudomonas 2009-11-12 09:39 am (UTC)(link)
From my personal POV, I'd like OpenID accounts on my access list to have hyperlink-posting rights on comments to my posts. Otherwise it really looks like they're second-class-citizens.
zooey_glass: (Firefly: Noah's Ark is a problem)

[personal profile] zooey_glass 2009-11-12 11:15 am (UTC)(link)
It seems like a large portion of this is actually expectation control. I didn't know OpenIDs couldn't post links, but the second that [personal profile] zvi said it was an anti-spam measure, that made perfect sense. Maybe it could be made so that when you selected post as OpenID the list of allowed HTML said 'links will be stripped' with a little link to an explanation of why. I'm guessing that many people use links more than anything else and so assume when their link is stgripped that all HTML will be (that seems to have been the case for the OP's friends).

If there's a way of allowing validated OpenID accounts more privileges without inviting spam, that would probably also be a goodwil gesture. Although I have to say, at a certain point I think we (DW lovers) have to just accept that there will be a level of hostility no matter what. I think DW has made a big effort to make the site welcoming for people without accounts, but at the end of the day there has to be some point to having an account!
turlough: castle on mountain top in winter, Burg Hohenzollern (Default)

[personal profile] turlough 2009-11-12 02:02 pm (UTC)(link)
+1
aedifica: Me with my hair as it is in 2020: long, with blue tips (Default)

[personal profile] aedifica 2009-11-12 02:51 pm (UTC)(link)
+1
starlady: (moon dream)

[personal profile] starlady 2009-11-12 04:14 pm (UTC)(link)
+1
matgb: Artwork of 19th century upper class anarchist, text: MatGB (Default)

[personal profile] matgb 2009-11-12 06:32 pm (UTC)(link)
We do definitely need to improve the OpenID commenting experience generally, I keep meaning to write some new layer code to see if I can get mine working better, I think I'll bump that in the priority scheme.

A simple allowed list of code would be good, as would a link to the email validation page and similar
kerravonsen: (Default)

[personal profile] kerravonsen 2009-11-12 09:59 pm (UTC)(link)
+1
kyrielle: Middle-aged woman in profile, black and white, looking left, with a scarf around her neck and a white background (Default)

[personal profile] kyrielle 2009-11-13 03:47 am (UTC)(link)
+1
instantramen: a woman with black hair and white skin pouring water from a kettle (Default)

[personal profile] instantramen 2009-11-12 05:23 pm (UTC)(link)
I'm all for giving validated OpenID users the ability to post coded links, but I find myself agreeing with the arguments against allowing it across the board.
owlmoose: (Default)

[personal profile] owlmoose 2010-01-30 05:19 am (UTC)(link)
I see this is an old discussion, so I don't know if anything is likely to change, but I think this is important. Validated OpenID accounts should *absolutely* be able to include links and other simple HTML in comments. When I first started here, I only had a validated OpenID account, and all the documentation set the expectation that my experience would be exactly like a regular journal account in every way except for the ability to write posts. How can that be true if an OpenID account can't post links?

I understand the concern about opening the door further to spammers, but how many spammers will bother to validate their account? Treating validated OpenID accounts as no better than spammers is the opposite of welcoming.

I strongly suggest that you rethink this decision. Thanks.
Flat | Top-Level Comments Only