Thanks mostly to Robert Scoble, I’ve been carrying on a blog conversation with several thousand readers who’ve come to hear about my bout with racist hate speech here in my comments section; and my dissatisfaction with Typepad’s response to my predicament.
This is the final installment on this issue. But here I wanted to get away from the hate speech itself and address the issue of blog security. What tools does your blog host/provider provide you to prevent abusive speech either before it happens or afterward? Also, once an abusive commenter breaks through whatever defenses you might muster (such as they are) how do you prevent them from returning?
It seems to me that Typepad in their response to me revealed a fundamental weakness in their argument that I, and not them, should be the one responsible for blog security. On the one hand they argue that globally banning an abuser is a very bad idea (an argument I now concede) because IPs are shared by hundreds of users, passed on from one user to another when a computer is sold or given to another party, etc. Yet they argue that the best tool for me to rid myself of the abuser is–guess what–an IP ban! This is what Anil Dash, a 6A vice president, had to say on the subject:
An individual IP address can represent hundreds (or even thousands) of
individuals on a shared address, and it can also be reassigned,
sometimes in just a matter of minutes to another party, who may be
completely innocent. For that reason, IP banning is often useful at the
level of managing an offensive or unwanted commenter for a single site,
but is not practical, or even always desirable, for an entire service
that’s in numerous countries and languages around the world.
Let’s look at how effective banning is at a user level. Say I place the user’s IP on my ban list. Say I add his name, e mail address and any other unique data that might only be associated with him. How protected am I? Turns out not very.
As Anil said, IP addresses are fluid things. A banned commenter can go to a friend’s house and post another abusive comment to my blog (someone has done this here). Someone might have access to three or four computers or more at home, work, girlfriend’s house, mother’s house, whatever. And as for banning by name or e mail–all of that can be fraudulently manufactured by a semi-imaginative hater.
In short, the tools most blogger’s have available for blog security are minimal. But what could be done? Movable Type seems to have many more blog security features. Understanding that MT is hosted by the user’s computer (and not by 6A), there may be reasons why these features haven’t been offered to TP users but…the MT spam blacklist is not only a great spam filter it could be helpful in turning away haters as well. Also, Typekey is another MT feature that allows a user to turn on authentication. This means that all first time comments will be held for the user to authenticate. All subsequent comments can be turned on for that commenter. This would probably do the trick for most haters who engage in lightning quick raids and crawl back into whatever holes they come from. It would take a stalker-hater some guile to break through this system. And most haters prefer brute force to guile.
So why doesn’t Typepad introduce these features or something like them to Typepad users so we can protect ourselves and our blogs from such marauders?
Richard,
Just wanted to thank you for the comments, and let you know I posted a response.
Also, because TypePad sucks in another way, I can’t post the actual URL for my comment [I think I fixed this for you, Vern–Tikun Olam].
Add a colon and 8180 after the dot us in my blog address.
:8180
Apparently TypePad doesn’t believe in ports.