Monday, May 24, 2004

Why I PGP-Sign All My Comments

Ever since I've begun PGP-signing the comments I make on blogs other than my own, I've been receiving all sorts of negative responses from people who don't appreciate why I bother, and resent the aesthetic impression made by PGP signatures at the bottom of my comments. This post by Jay Allen ought to dispel for any doubters why I find it worthwhile to go to the trouble.

My Own Private Idiot

Over the last few days, I've been posting a great deal of helpful information both here on my site and elsewhere around the web. For a while, I was going through the Trackbacks on the Six Apart website looking for any places where I might be able to clear up confusion. Someone however, didn't seem to like what I was saying.

This person started following me around and leaving comments after mine, accusing me of attacking people on their own sites and lying on Six Apart's behalf for financial reward. Eventually, he brought it here to my blog. After going back and forth, I had had enough and lost it in Grand Jay Allen style. Of course, I should have recognized a troll for what it was, but I didn't.

Although the lying accusation was ridiculous, I wondered about the attacking part. Things have been rather stressful at times and I admit that when I get stressed or have to repeat the same thing over and over again, I can be short with people. So, I endeavored to look back over all of the places I had commented in order to apologize to anyone who I had attacked.

I didn't find one. However, what I did find was a treasure trove of comments by my troll, sometimes under different pseudonyms, quite often attacking, always vituperative and ill-mannered.

So I called him on it and banned him from commenting on my site.

The Misanthropic Doppelganger

But of course, a troll who can't engage simply gets enraged. In this case, he began posting hateful and wrong-headed comments under my name throughout the blogosphere. Most of his comments are extreme and not even close to what I espouse. He has hit many blogs and as I write this, he is still wasting his time and mine.

Normally, I would not feed the trolls, but in this case, I needed to tell people that if they see my name in their comments with rude, aggresive or hateful comments, it is most certainly not me.

"Idiot" is precisely the term to apply to individuals like the one Jay Allen mentions, and it's because the online world seems to be chock full of idiots that I now insist on signing all my comments unless the site owners have the time to waste checking that the IP address matches my usual one everytime they recieve a post under my name; it's a concession on my part to the aesthetic concerns of those who object most strongly, but even looking up IP addresses isn't perfect, as there's no guarantee that my IP address won't change (as indeed it regularly does), or even that the IP address matching any large collection of posts under my name is actually mine to begin with.

I can certainly appreciate to some extent why a lot of people get annoyed at the sight of PGP signatures at the end of comments, but any sympathy I feel in that direction is more than outweighed by my concern for my own good reputation, which I refuse to allow any malignant little cretin on the web to sully under a false guise. It is also true that not everyone will bother to verify a PGP signature anyway, and to be honest, I expect that very few people will actually take the time to do so; nevertheless, the mere fact that a message comes with one makes it easy enough to determine whether or not some comment was actually posted by me, should a reason come up for anyone to care. An additional benefit of PGP-signed comments is that a blog owner can't alter the message in the slightest without breaking the signature, so one can't get words put into one's mouth without being able to disown them.

To be honest, none of these issues with comment verification would exist were it not for the total lack of concern on the part of blog software writers for issues of identity verification, a failing shared with most software developers in other domains, I hasten to add. Had Movable Type and TypePad come with provision for PGP-signing built-in (as suggested here, for example), the aesthetic impact of signing wouldn't be an issue, and as an added benefit, comment verification would automatically be handled server-side. Instead we're presented with a "solution" that is anything but one, although it has the benefit of giving MT-users a nice warm glow inside that "something is being done!" about identity impersonation and assorted shenanigans.

One benefit of working with a GPL-based system like WordPress is that anyone with the requisite skills can always add in support for a desired feature and distribute a version with the necessary modifications, even if the new code is rejected by the maintainers of the original code. PGP-signed commenting support is definitely one feature I intend on working on for WordPress, once I've learnt my way around the current codebase.