too many beautiful and insightful sentiments from @erikspiekermann to count. Absolutely love it.Kartik PrabhuI would like to suggest that abuse/spam-prevention could be solved by the usual site-level methods and a good UI/UX flow. Here is my hypothetical solution based on some user-flow borrowed from existing systems/silos.
1. The web software I install has a webmention-processor which comes with a built-in white/blacklist and possibly a spam-detection AI like Akismet. All of these installations are optional of course.
2. When I receive a webmention, it is marked for asynchronous processing ( with optional manual moderation ).
3. There also is a personal blacklist, to which I can add a sender-domain (similar to Twitter’s block user functionality) by a click of a button on the said response or in a moderation list.
4. The processor then uses the following priority list personal-blacklist > global-list > AI to decide if the webmention should be processed at all.
The steps above could be enhanced by GPG-encryption, rate-limiting using time-limited endpoints, comparisons with some friends/following list.
What do you think? @kylewm @t @joeld @gregor #indieweb
I haven’t encountered enough webmention spam to implement any of these yet. So take them with a “fistful of salt”!Kartik Prabhu
same could be said of HTTP, it is still here. Sharing of block-lists in ad-blocking software suggests that blacklists/whitelists do work. I say lets work with those for the moment.
It is an important problem, no question. I hope you have started a conversation about how to solve it. :)Kartik Prabhu
of course not disputing the facts you have mentioned. pointing out that doing it in a decentralised global way might not be possible.
As in, do I trust the same people are you. Probably not.Kartik Prabhu
While I appreciate the sentiment and the idea of this post, I think having abuse prevention baked into a notification spec is misguided.
* How do you include abuse prevention including rate-limiting, trust-verification into a decentralised notification spec based on an HTTP POST request?
* What counts as abuse and trust is decided by the communicating parties not the notification spec. Same as whether you trust someone is not built into the English (or other) language…
This is why (I think) webmention leaves it up to you to implement rate-limiting and trust-verification ( use PGP or something if you like ) on your own site.
I’m sure @indiewebcamp would love to hear suggestions to the contrary though. But remember, webmention is a notification spec and a decentralised one at that.Kartik Prabhua quick and dirty sketch of @steveaustinBSR ‘s “the drowning rattlesnake” story.
from The Steve Austin Show http://podcastone.com/Steve-Austin-Show-Clean SASc - EP153
That is the same as “How does someone without a blog make any statement of more than 140chars?”
The 140 character limit is a self-imposed one if you use only Twitter. People get around it all the time by doing multiple-tweets, or using G+ and Facebook.
Secondly, I am not against a comment system ( well actually I am, see: https://kartikprabhu.com/article/no-comment ) but, you can have both a comment form and webmention support. If that seems like too much work, then it is a judgement call. If you and your commenters are fine with putting their content on your site (along with all the log in and authentication stuff) then so be it.
It all boils down to “do you want to own your content on your site and same for your commenters?” The indiewebcamp.com answer to that is “Yes.” but again it is up to you how to do it for your site.Kartik Prabhu
“if (3) had come 3 days after (2), wouldn’t it make sense to show (3) in Kyle’s stream? ”
Broken links so I don’t really know what (1), (2) and (3) are, but this is still possible to do with webmentions. It is just a matter of sending the webmention notification.
“only the other hand, if Kyle and Kartik went back-and-forth 10 times in a single day on that thread, would you want all of Kyle’s responses to appear in his stream? ”
*would you want* is a very good question. IMO multi-threaded forum-esque displays are a nightmare from UI/UX perspective.
“and what if there are other people involved? If Alice responds to Kartik, will Kyle ever see it? And what if Bob responds to Alice? ”
This is left as a choice to the two communicating members. In principle, I could send a webmention to Kyle every time my post gets a reply from a third person and he could choose to update his thread with the same.
In all excellent points raised, mainly about these being reader experience problems to be sorted out.Kartik Prabhu
“Technology that makes it easier to report spam than to combat harassment; technology that presumes your mere presence equals consent to data mining and psychological manipulation; technology that emerges from a world of wealth and privilege that represents but a tiny percent of the world’s lived experiences; technology that is colonized by those with the greatest access to it, that rewards the early adopters; technology that espouses the meritocracy, a myth which serves to comfort those who are more equal than others; technology that permits hate to robotically multiply, to make the least advantaged among us feel the least welcome: This is not neutral technology. This is technology that is complicit in the social systems that its creators inhabit.” — Mandy BrownKartik Prabhu