This entry was posted on Tuesday, January 16th, 2007 at 10:05 am and is filed under The Political Weblog Movement.


This is being blogged publicly instead of communicated privately for two reasons:

a) I think users of Blogger deserve to know that this loophole has been in place for some time.

b) Blogger Support has let me down badly in the past, and I’m in no mood for yet another generic reply with no follow-up.

If you’re a regular user of weblogs running via Blogger.com, you’re probably already aware of the following:

1. In your comments settings, you have the following choices:
- Only Registered Users (only other registered users of Blogger.com can leave comments)
- Only Members of this Blog (only other registered users of Blogger.com that are part of your group can leave comments)
- Anyone (anyone can post a comment, using any name or nickname that they wish)

Blogger screen capture

2. If your blog is set to allow ‘Anyone’ to comment, this does increase the potential number of comments you receive, but it also allows those posting comments to not only post them anonymously, but also posing as other web users (after all, all they have to do is choose ‘Other’ and enter a name and domain).

Blogger screen capture

In any system that allows for unverified comments, anybody with half a brain can claim to be Fred Nurk from nurkindustries.com – and this is just such a system. So far, nothing new and alarming…

However…

While these types of claims to one identity or another are viewed with healthy scepticism, I fear too much trust is placed in the authenticity of comments apparently posted using a Blogger profile… because the system allows you to pose as any user of Blogger, providing that you know their Blogger name and the location of their profile (information that is easy to come by; all you have to do is copy the details from an authentic comment they’ve made).

Blogger screen capture

I’ve created a special test account where you can go and try this for yourself. Click here and go nuts.

The result is a comment posted under the name of another user of Blogger that will be widely accepted as authentic, as (if profile images aren’t being used) it appears identical to a comment made by an actual user who is logged into the system.

And it will have passed through Blogger’s own system without challenge (and yes, it works on both old and new versions of Blogger).

Try as I might, I can’t think of another major community-based website that allows non-members to pose as members within their own system.

Blogger should fix this. And fast.