Friday, January 01, 2010

Echo: Authentication Notes, etc.

UPDATE 3/8/2010: dirk gently has done it again: NOW there is bensonmum for JS-Kit/Echo. You will still need Firefox 3.x and Greasemonkey installed beforehand, but it works quite well (and you will need to use one of the authentication methods described below to keep from being hidden to all bensonmum users by default... so if you're one of those who just uses a graphic from your computer to display an avatar, or use no avatar at all, don't be surprised if people aren't responding to your comments, 'cause they probably can't see 'em). You can download/install bensonmum for JS-Kit/Echo here (top link).

Looking for the Echo Quick Start Guide? Click here.

The shitbirds have quickly deduced how easy it is in Echo to make comments that appear to be coming from someone else (nymstealing and gravstealing -- the tools of the troll!), so here are some thoughts as to what you can do to combat that. But first, don't panic. It seems A-man has handed out admin rights to some other folks who use the comments, and most of the troll infestations are short, and the comments deleted fairly quickly. Besides, we all know when someone is obsessing over another regular, or just being a disruptive ass, it's likely NOT the person the shitbird is "imitating."

Now to the meat: One advantage that Echo has over Haloscan is the fact that there is a more robust authentication feature -- the only one that Haloscan had was Gravatar, and that one was pretty useless without the addition of bensonmum to your browsing arsenal.

Echo's authentication feature allows you to either NOT authenticate at all (using NO avatar, a picture from "My Computer," or Gravatar*; most trolls will be going with those methods, obviously), or to authenticate using one of four services: Blogger (Google), Twitter, FriendFeed, and/or Yahoo.

I recommend that all you regulars out there sign up with one of the four services at the top of the image above, and use one of them to authenticate within Echo.

Why? Because this will put a link to that service in your profile (viewable whenever someone hovers over your avatar image), which means everyone knows you were able to log into that service, hence, you are not likely to be an imposter. EXAMPLE: If you hover over my avatar, you'll see that the first link, labeled Blogger, leads you to this blog. Hence, you know it was me that made that comment. No shitbird can fake a Blogger link at the top of its profile that will lead you to this blog.

The shiny blue marble (last icon in the above image) can be ANY URL the user decides to put into the "My Site" option in the authentication selector, so it alone cannot be trusted to guide you as to the real identity of the commenter -- not without one of the other four being present and verified (and by "verified," I mean that you KNOW that the link goes to the expected person's site, and not a shitbird's).

* Yes, I know... Gravatar uses an authentication scheme, but within the context of Echo, without bensonmum available to do the heavy lifting, its authentication scheme is essentially USELESS.

Other thoughts on Echo, as presently implemented...

The authentication features above are a plus, as are the administrative abilities to delete/block disruptive shitbirds (the latter being dependent on someone with administrator rights being available in real-time to deal with the problems).

However, since the ability for users to quickly format text and add links has been disabled, I feel like we're stuck using a bloatware version of Haloscan, essentially. I do not know why A-man disabled the text formatting features, but I want to lobby him to reconsider. If it was the color text thing, I think that distraction is a very minor price to pay for never fat-fingering one's formatting or text or links.

Your thoughts?
.

2 comments :

Anonymous said...

Thanks again, Jeffraham. I needz all the help I can get!
-B&L

Anonymous said...

Wow - you mean, someone is finally taking some action against these morons?

Post a Comment