mskala (mskala) wrote in suggestions,

Allow screening of OpenID users

Allow screening of OpenID users

Short, concise description of the idea
When someone posts a comment using OpenID, treat that as an anonymous comment for the purposes of screening, or else offer a new screening option to control treatment of OpenID users; not the current behaviour of treating them the same as Livejournal registered users.

Full description of the idea
Anybody can create a valid OpenID identity without needing to pass much in the way of verification requirements; that's the point of OpenID. As a result, robots and anonymous persons can easily create them. That's not a bad thing; it's how OpenID is supposed to work. However, it appears that Livejournal's current behaviour is to treat OpenID identities as non-anonymous for the purposes of journal comment settings, and that's a bad thing because it de-fangs an important anti-spam mechanism.

If someone authenticates with OpenID, they're able to comment without screening on journals like mine that require screening for anonymous users. Presumably, they'd also be able to comment at all, on journals that disallow anonymous comments. As a result, those screening/blocking settings don't really work anymore. I don't know how long this has been the case. I first started getting spam comments from OpenID-authenticated spammers today. It doesn't look like I can force them to be screened, which is what I'd do with other anonymous users, short of also screening non-friended registered Livejournal users. It looks like "registered" now means "registered anywhere" (including with an authority you cooked up for yourself), not "registered with Livejournal in particular". By allowing OpenID users to post comments as if they were registered, Livejournal is reducing its own registration requirements to the lowest common denominator of all sites that could be used to create valid OpenID identities - including, obviously, some with inadequate verification requirements.

Suggestion: "registered users" should only mean registered Livejournal users. Either provide a separate setting for whether to screen/block/allow OpenID users, or else treat them as anonymous users.

An ordered list of benefits
  • Better ability for journal authors to block spammers
  • More encouragement for people who want to comment on Livejournal to actually join Livejournal

An ordered list of problems/issues involved
  • OpenID becomes less useful for non-spamming users, somewhat watering down its purpose
  • Harder for Livejournal to supplement its dwindling user base with commenters coming in from other sites

An organized list, or a few short paragraphs detailing suggestions for implementation
  • Three ways this could be implemented: easiest, simply treat OpenID users as anonymous users. That could be seen as penalizing them, though, which might be undesirable.
  • Second-easiest: treat OpenID as a level in between "anonymous" and "registered non-friend Livejournal user". So, for instance, the current "Comment Screening" options which are "No one"/"Anonymous commenters"/"Anyone not on my Friends list"/"Everyone" would see an additional option like "Non-Livejournal users" inserted between "Anonymous commenters" and "Anyone not on my Friends list".
  • Hardest, but most powerful: have a completely separate setting for whether to allow OpenID commenters, which would have options like "Don't allow," "Allow but screen", and "Allow".
  • If the system allows OpenID users to be designated as friends (that's mentioned on the help page but I don't know if it's implemented), then I'd think that OpenID users who are designated as friends should be treated equally with Livejournal users who are designated as friends, bypassing the general OpenID settings. The issue here is only the general public of OpenID users - who I think should be treated as members of the general Internet public (i.e. anonymous and possibly robotic), not as members of the (authenticated, verified human) general Livejournal public.
Tags: anonymous users, openid, § implemented
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded