“I bet a comment from Dominik is awaiting moderation!
Looking at the RSS for comments, I see dominik commented, but moderation doesn’t get in its way….
So this is the question: how secure is it against blog spam?”
Since writing my original post, I’ve now received an invite from CoComment (thanks guys). Lee’s got a point, but in order to explain the problem let me breifly explain how the system works:
- Sign up for coComment and add their bookmarklet to your browser
- Write a comment on a blog
- Use the coComment bookmarket to submit the comment to both the coComment server and the original blog server
So at the point of submission your comment is essentially semantically forked – with a version going into coComment and an identical version going into the blog server.
Conversations on my blog are represented on coComment like this.
The key point is there is a semantic fork. That means that if the blog administrator chooses to edit the content of the comment, it isn’t reflected in the coComment representation of the post conversation.
Of course, I’m not advocating the editing of comments, but ultimately it’s important for a blog owner to be able to do so – in the event of inappropriate, libellous or offensive content for example.
The other issue is that of moderation. I moderate all comments that originate from unknown posters. Once you’ve submitted a comment and had it positively moderated, all of your future posts are published instantly – standard in the WordPress setup and is only used to beat spam (I publish all on-topic comments submitted – good or bad).
However, comments that are held for moderation on a blog are instantly published and reflected in the coComment system. That’s concerning because ultimately coComment’s representation of a post’s conversation is not identical to that of the originating post — they are semantically forked. And they will not necessarily be representative of the blog author’s moderation decision.
Finally, this also means that the coComment representation of discussion is only of those who have also used coComment to submit their comment. That’s a bit of an issue because clearly not everyone will be using coComment. Even if critical mass is achieved for the ‘in tech blog crowd’, Robert Scoble and co will be pretty well covered, but further down the long tail there will still be problems.
I have to say that from what I’ve seen coComment is actually a pretty nice system and I would still very much recommend it to other people.
However the semantic forking of comments is cause for concern on many levels – especially seeing as blog authors don’t opt in or out of having their comments tracked by coComment.
There is also a real danger here for comment spam — spammers simply submit their spam to coComment instead and circumvent the blog author’s control entirely. Its possible coComment have a mechanism in place to deal with this – it would be interesting to know.
The reason this issue is arising is simply because there is no standard way to semantically represent comments.
WordPress makes comment RSS available (here’s my site’s RSS comment feed, and this post has its own comment feed too). But MovableType and most other blog platforms don’t provide this out of the box (of course, the generation of any feed is possible with the right template if you spend the time to install it). Even still, there is no agreed standard to do this, anyway.
If we can all agree on a comment feed standard – which in many respects is just as important as the original blog feed – than a whole new comment aggregation opportunity arises. The Technorati of comments and discussion, etc.