We all heard about Microsoft’s evil plan to dominate the world, haven’t we? Yes, the passport! Basically, it’s a centralized authentication system that allows a user to login only once to all sites participating in Microsoft Passport service. But what does this have to do with SixApart’s TypeKey?
Well, TypeKey isn’t very different, at least not to me. It’s a service that stores user information and authenticates via a central server. Apparently, it’s mostly valuable when in blog comments, it’s supposed to get rid of (or reduce) comment spam, and verify that when you’re commenting you are who you claim you are, so blog owners can make sure that nobody comments unless logged in via TypeKey.
So far so good, but TypeKey isn’t exactly my favorite solution for this kind of problems. Centralization, in most cases, proved to be a failure, it’s prone to errors, it’s maintained by a single entity, and everything’s in one location, that’s just too risky.
I’m not going to explain how TypeKey works, everybody knows that already, but here are the most obvious problems that kept me from using TypeKey at my blog.
1. SixApart owns it
Now don’t get me wrong here, I like SixApart, in fact I’m using one of their greatest products right now. But that doesn’t change the fact that SixApart is a private company, they do whatever they want whenever they want, so no matter how much I’m assured that TypeKey will always be there, that it will save my poor soul from the unearthly devils of spam, I’m still going to be skeptical, I’m still going to worry about it, and I’m going to implement it unless what SixApart provides some legal proof of good faith.
2. TypeKey is centralized
So if it’s server fails, none of my visitors will be able to comment, and guess who will have to answer all flame emails? No thanks, I’m don’t want to go through that, at least not with TypeKey.
3. It isn’t trustworthy
In a sense that SixApart doesn’t review all new TypeKey accounts, so I can claim to be the ghost of Elvis coming from the underworld and nobody would even notice. There’s no guarantee that TypeKey-authenticated comments are any better than anonymous posts.
4. It doesn’t solve SPAM problems
SixApart advertises TypeKey as a solution for spam, for them it isn’t about authentication as it is about filtering spam. Well guess what… TypeKey can’t solve spam!! You heard it, it can’t, not without heavy moderation and comment monitoring that might throw either my privacy or my freedom of speech out the window.
5. Sometimes, it’s just stupid
Face it, the majority of comments on most blogs are those “Very nice post Dave”, or “I liked it, wanna visit my site?”, or something similar. There’s nothing wrong with this kind of comments, on the contrary, it shows people care, except it’s to damn stupid to ask somebody to fill in a dozen of personal information, reply to a verification email, and only then login, just to write a couple of words. Yes, it’s a one-time process, except most people don’t like filling information, most of them don’t like having to login only to complete some trivial task. I know most websites do it, but does that make it right?
These are the problems that bother me most and keep me from using TypeKey. SixApart could’ve done better, much better. They could’ve used created a decentralized trust-based system that uses public/private keys. Take a look at PGP, they got rid of having to buy SSL certificates, your own key can be signed by people who trust you and can verify that you are who you claim are; if only TypeKey was an acronym.
Personally, I think commenting should be powered by either PGP or a similar system, I should be able to sign a comment with my key just as I do with emails. This way, we get rid of the need for a central server, we can require a key to be signed by at least two people in order to allow a comment, we can do a lot of things with that. Commenting shouldn’t require logging in (unless it’s a portal), it should require some identification, I wouldn’t care if haX0r commented on some entry, I only care to know that guy’s an actual human being who’s trusted enough not to spam me.
Comment (1)
6cngsl42l1l6y2dm