Posts
At the last Barcamp, there was a talk by Jitendra Gupta of a startup called SezWho. In the words of the company, SezWho is a distributed context, rating and reputation service for blogs, forums, wikis and other social sites. It provides WordPress plugins that show up a rating system for comments on a blog. The biggest advantage is the possibility of carrying over the comments to other blogs that have this embedded.
However, there still are some fundamental technical questions that have not been answered. When a user wants to comment on a site, his identification solely relies on the email address provided. However, no confirmation about the user is actually used. Simple script can hence change the reputation of a person rapidly.
Additionally, with services like a temporary inbox, the genuine reputation of any user can be very easily tampered with, even if confirmation mails are provided. Providing random emails would only make SezWho believe that the ratings have been submitted by a first time user. The argument that the algorithms at SezWho would not allow drastic rating changes also would not stand as sites with heavy traffic do change reputation of people drastically.
The root of all these problems is the fact that at no step in the flow is the authenticity of the user checked. Though it is easier by not requiring the users to register, it opens up a lot of potential to spam. Hence, I would imagine that it would be a lot easier to use existing Identity Systems, and leave the assurance of authenticity of the users to them. Infact, instead of asking for the mail id, the user could be required to supply his OpenID at the same place. Since it is the blogging platform, I guess that the distribution of OpenID should be a lot more than the distribution of SezWho.
As an alternative, if a user does not have an OpenID account, SezWho can offer the user to provide an OpenID account, thereby ensuring authentication in subsequent transactions. Thus, instead of asking for the email address in the popup dialog, the site would not ask the user to enter his OpenID, and then popup a dialog (belonging to the OpenID provider, in an iFrame) to authenticate the user, or get user consent.
To summarize, it apparently looks like SezWho does not really emphasize on the authenticity o the users who rate comments. This is a task that can be performed by any Identity system like OpenID. If you this that the scheme described above has flaws, I would love to discuss them.
Friday, November 23, 2007
SezWho :: Analysis of an Identity Based Commenting System
Subscribe to:
Post Comments (Atom)
3 comments:
Parsuraman,
I think you are focussed too much on the authentication...A number of times authentication is provided by the community and individuals who want more strict authentication can get more control via sezwho by locking their profiles.
The main goal is to provide portable context - ratings and reputation as well as participation history all put together make it useful...without the history etc. just the score would become fairly meaningless...
-Jitendra
Jitendra,
Moreover, this post tries to adopt the model of SezWho to the OpenID world, looking at how OpenID Providers could provide a commenting systems.
However, I would love to learn about profile locking using SezWho.
Any pointers to that ? That was some Information I could not get...
Good article,Thank you!
Tactical Flashlights
Tactical Flashlight
Flashlight
Led Flashlight
Led Flashlights
Led Lights
Rechargeable Flashlights
Streamlight
Tactical Gear
Tactical Light
Tactical Lights
Xenon Flashlight
Xenon Flashlights
Palights
HID Flashlight
High-intensity Flashlights
Wolf-Eyes Flashlight
Wolf-Eyes Flashlights
rc helicopter
helicopter
airplane
r/c
rc
rc airplane
rc heli
r c helicopter
r c airplane
airplane model
remote control
video game
PS2
PS3
Playstation 2
Playstation 3
Nintendo DS
SONY PSP
WII
XBOX
XBOX 360
Gamecube
GBA
Post a Comment