General Notices

Why you now need to login to post comments…

When I started this particular site in 1999 it was one of only a few hundred active personal weblogs in the world. Every time a new interesting site was discovered, everyone in the community linked to them. I met a lot of really nice and intelligent people in that early community, many of whom I’m still friends with. I mention this to demonstrate that it was possible to have a community of people who liked and got on with one another, communicating primarily through their sites but doing so completely without the benefit of blog comments systems.

I feel like my grandfather when I lurch into language like this, but in those days when people wanted to respond to someone else’s post, they wrote something on their own sites and stuck in a link. In many ways I think that we should have stuck with that way of handling communication through webloggia, that we should have dug around and find new ways to optimise that process (√° la Technorati), but when I look online today it’s not where we find ourselves. One way or another we have to make do and work to improve the environment in which we find ourselves.

The first systems I saw which allowed people to comment on blog posts were completely orthogonal to the blog posting services themselves. Sites like Haloscan were support crews for installations primarily built on top of Blogger. A link on the individual weblog entry would trigger a pop-up that was hosted in an entirely different place. Comments and posts weren’t stored in the same databases–sometimes they weren’t even stored on the same continents. And because they were held so distinctly, and because weblogs were so new, they weren’t exactly highly evolved bits of technology.

But still–even then–no message board would have allowed someone to start posting without a registration process or e-mail confirmations. These approaches were (and remain) some of the best ways to weed out the casually abusive. So why weren’t these features on blogs? Because many people’s interactions with a particular site were often desperately slight. You might find yourself visiting dozens of sites in a day. Some of those sites you might want to respond to, but you’d probably never visit again. The overhead for signing up with each one was just too substantial. So these comment systems kept themselves for the most part open and vulnerable, and simply hoped for the best. And for a time, everything was fine.

I switched my site to Movable Type fairly late in the game compared to other people in the community. The big selling point at the time was built-in comments and an individual page per post. I understood the attraction of the individual pages, but was far from convinced about comments. When I first turned them on, it felt very strange indeed. It felt as if I were opening up my home so that other people could come in and draw on the walls. And some people drew very rude things indeed. But on the whole the things were people’s opinions, they put effort into writing them and I had to respect that at least.

I think for me the real turning point was when the slow trickle of spam that had been coming into many MT sites for a while turning into a torrent of Trackback abuse, and I felt that it had got so bad I was forced to turn the whole mechanism off: Trackback is dead. Are comments dead too?. Trackback is still around a bit today in some forms on some sites, but for the most part once the spammers figured out that it meant that you could easily infect other people’s sites with links to your viagra-farm they leapt into action like a vampire spotting a ripe young neck. I don’t want to be mean to Six Apart here. MT was the most vulnerable to this kind of behaviour, because MT had pioneered the standard. A lovely idea crumbled under the weight of vicious cynicism from a few dozen vampires.

And then the comments. The dominance of a few key platforms meant that it was now possible to automate comment posting at a tremendous scale. I ended up getting a dedicated server at to host and barbelith, convinced that the popular online community was causing everything else to slow down. Instead it turned out to be continual fake comments coming into several times a second, talking about mother/daughter incest and bestiality. I ran to the people who developed anti-spam measures and installed MT-Blacklist and did everything I could, and still to this day–even with many tens of thousands of spam-comments automatically blocked–I need to plough through forty or fifty spam posts a day. Hundreds of thousands of comments have been spammed without me even seeing them, but still the ones that get through have lowered my opinion of humanity quite significantly.

It’s for these reasons that I’ve decided to do what maybe I should have done years ago – switch from allowing anonymous and blog-style comments through to requiring that people sign up before they post. And this is possible because of a range of new services that make the need to ‘sign-up’ everywhere less of an issue. From now on you’ll need to be registered using OpenID, Vox, Livejournal or Typekey to post a comment to They’re all services that have originated with SixApart, the same people who came up with Movable Type in the first place. Of all of them OpenID is the most open and the most interesting, in that anyone can host an Open ID service and you can sign in using those services to an Open ID enabled site in the world. The old problems of overhead have semi-evaporated and that’s why I feel I’m able to take the risk and make leaving a comment just that little bit harder. Hopefully I won’t put too many of you off.

I’ve done this finally because I’m trying to fight to win back my site. I want to recover the pleasure I used to get from the place, a pleasure that has been despoiled by cynical, money-grubbing bastards. It’s part of a process of working out why I’ve stopped playing in this glorious communal space and looking at how I can fix it rather than putting up with it. Stage one is fixing the comments problem. For a few months at least–until the spammers catch up–I’m not going to spend any time each day looking at people trying to sell men dreams of fantastically terrifying erections. I can barely cope with how happy that makes me.

After that I’m going to look at another problem that’s been stopping me from enjoying myself online – people who think my voice is for sale, and that my site is nothing more or less than a ‘vehicle for their messaging’. That’s going to have to stop too, and I’ll be writing about it shortly. In the meantime you can get a sense of my current mood on the thread surrounding this Flickr picture. In a nutshell, this is not a brothel – there are no prostitutes here.

And what can you do? You can reassure me by checking that the new comments stuff works. I’ve still got a few things around error messages and preview screens that at the moment are completely broken, but I need to know that in the meantime there aren’t any major ways that you would like to post that just don’t work. And I’d like to hear how you have dealt with your own spam problems on your own sites, and how spam has affected your writing and your blog. I’m looking forward to hearing from you!

17 replies on “Why you now need to login to post comments…”

If you’re reading this, it’s worked for me 🙂
(I always sign in to my OpenID provider before attempting to use it on another site. Just so you know in case you’re tracking down bugs.)
On the one blog I contribute to that does allow comments, we recently switched to registration-only. I haven’t quite got round to setting up OpenID for registration, but that’s certainly the aim.
If Technorati actually worked for tracking links to posts, it would be all very well. I personally think that comments on blogs don’t provide very much at all; so we need something to fill that gap and make cross-blog conversations work without everyone having to read everything. (Or at least for everyone’s feed reader to read everything; although I suppose a super-aggregator could do the job, we probably don’t want to trust anyone who could do it right now.)
Anyway, my little thoughts.

The comments box on the preview page seems to be rendering insanely small for me in Safari or Camino, plus I can’t seem to find a way to choose anything other than my full OpenID URL as my posting name (as James seems to have done). Though apart from those issues, it works fine.

Comments seem to work, and I’m right there with you on PR spam. I’m also starting to notice that SEO crap is spreading to the blog world, to the point at which 25% of new comments on my blog seem to be from someone merely trying to boost their pagerank with an empty nonsense comment.
Preview page bug: set a width and height on textarea in CSS so the comment box isn’t super small

Looking good, though Verisign’s PIP doesn’t seem to work as an OpenID. It’d be interesting to see if you get a change in the number of (legitimate) comments before and after the change.

Works fine at your end, Tom.
One thing that I noticed is that if I try and sign in with OpenID using my own blog URL, which delegates to TypeKey, my commenter name shows up as ‘’ — but if I use TypeKey directly, it uses TypeKey’s stored name for me.
I’m presuming that this is a problem either with MT4’s OpenID implementation or (far more likely) my own implementation of the OpenID delegation facilities. I’ll investigate further, but if you or Simon have any tips I’d appreciate it.

Tried via my OpenID but it timed out three times so logging this comment via Vox.
Sorry about the spam problem. I’ve switched platforms from Movable Type with MT-Blacklist to WordPress just to see if Akismet would do any better. It’s gone down from 50/day to less than 10 but that may be because I’ve moved to a new domain as well.

The delegation from to doesn’t seem to be working properly. MT is either ignoring yadis.xrdf and/or ignoring the rel= links in the OpenId head section of the page. It’s redirecting to my profile page, not requesting a login.
One thing we still haven’t managed in the blog world is to track comment threads on individual comments effectively on pages where we leave a comment. Post 10 comments during the morning’s catch up and you’ll be very unlikely to ever see responses. Maybe CoComment will help but it doesn’t hit the spot for me.

Yeah I’m interested in knowing that as well. It’s been interesting to hear that so many people have been having trouble with Open ID. I’ be really grateful if those of you who had problems with a particular provider and MT could post more about it, and I’d also really appreciate any comments or help from other people who know more about this subject.

I get hundreds, sometimes thousands, of comments every day but no spam.
One of the guys who helps with the site wrote a comments system when YACCS was down for a week (way back when) and it’s now integrated with WordPress.
I do have another blog that just uses WP comments and it gets hammered with spam.
Anything that makes it difficult for the spammers is good news.

Looks good here. Why does it ask me for my URL though? If I just logged in with an OpenID, couldn’t it fill that in for me? Typing even a handful of extra characters is just sooo tedious.

Im not a great fan of Open ID, the idea sounds OK but the actual implementation seems somewhat clunky – leaving the original site to go to another one and log in, every so slightly convoluted set up to point at your own domain.
Spam wise, all my spam on my WP blog gets picked up by Akismet and Spam Karma – Im sure it cant be that hard to get these running on other systems, indeed they may well already do so.

I’m wholly in favor of making commenting harder if the benefits to you, the blogger, are worth it. This is your space, and we all here play by your rules, or we can get the fuck out. I’ll put my Viagra, stock tips, and bestiality ads in my own space, thank you very much. 🙂
Maybe I’m missing something, but when you sign in with OpenID, there’s no space to put your name to display, only your OpenID URL. Perhaps that’s intentional, but I’d like my name to display in the Posted by: area.
For what it’s worth, some people still use something akin to the old format for “comments”. Daring Fireball has no comments, and instead he links out to people who respond to him if he thinks it’s interesting.

Well, it appears to work. I’ll second the last comment and ask for a place to put a display name, just to spare commenters from any spam crawlers.

Although it’s a shame that you have to make this change, it’s perfectly understandable and I wholeheartedly support it if it makes your life easier and the spammers life harder.
As for myself, I don’t really have a problem with comment spam on my blogger blog, ever since I enabled word verification. In fact, I don’t really think I’ve had blog spam since, other than the odd one or two that look like they’ve been entered by hand, and just link back to some crappy second-rate blog without making any comment about the post in question.
Still, I hope it works out for you and solves the problem.

My Typekey login worked in another comment I just made.
I thought you made an interesting use of a restricted tonal range. (Seeing as the picture had a lot of blog related comments, I thought the blog could do with a picture related comment.)

Comments are closed.