Поделиться через

How Trustworthy are Blogs?

  • Статья

As we strive towards to enabling Trustworthy Computing I was thinking recently about how trustworthy blogs are as a new communication medium.  For reasons blogs.msdn.com readers can discover on their own I’ll call it “The moo Effect” that stirred an internal discussion amongst MS bloggers on the subject.   Skipping to the chase I propose that blogs are not currently a trustworthy medium.  In most implementations blogs suffer from the same problems that have plagued technologies such as e-mail, forums, and newsgroups.  There are also new problems that have been creeping up as well.  At this stage of software development maturity, it is incredibly important to not leave secure computing out of the picture when you are developing a new form of social computing interaction.  Doing so will lead to the prevention of more mainstream adoption.  Here is my breakdown of the problems. 

SPAM: I’m sure there have been a lot of discussions on the topic, but the open nature of most blog comment entry systems enable spam without recourse.  To date the effects of this exposure have been limited.  I have seen only a few blogs with ads for porn sites posted in the comments along with generic statements like “I love what you have to say, visit my site and …”.  Now imagine a world where bloging and blog reading starts to impact a measurable percentage of internet users and the government starts cracking down on telemarketing and e-mail spam.  These “Advertisers” aren’t going to simply give up and go home.  They are going to look for new markets to pollute and we are going to give them a great one at this rate. 

Trustworthy Information: Every blogger loves seeing what interesting google searches lead hapless web travelers to their blogs.  To use myself as a small example: If you search for “jimmy fund red sox” (no quotes) in google you are likely to see my blog occupy a spot in the top ten simply because of this post and way the social network created by blogs fools the search engine.  In this case I believe I’ve polluted the search results with information that is not what the person was looking for.  I can’t imagine the countless “innocent” searches that must land tons of non-technical web travelers to the world of Scoble.  Let alone their reactions once they get there. This one is a double edged of course, since I do think it’s potentially helpful that when someone has a question about “devenv.xml” they will most likely find my entry that details how this file is used by VS.NET.  Regardless of whether or not this is a problem with blogs or with the search engines the end public perception could be “Damn, I landed on another one of those stupid online geek diary sites that didn’t help me.”

Identity: How do I know person X is really person X in all cases with the aggregation and redistribution of countless XML feeds now moving around the web.  I haven’t read about it yet, but it wouldn’t be that hard to steal someone’s blogging identity and redistribute their feeds with alternate content.  It would be much easier than spoofing and IP address and harder to verify you’ve made a mistake than simply misspelling a URL in your web browser.  How do you know you are reading the true Scoble feed?  When I searched to subscribe it seemed there were certainly more than one location offering this content and, as a user, I could have picked the wrong one. 

Anonymous Cowards: The term was made famous by Slashdot as far as I can tell.  At least there I can filter out these people and they are appropriately branded. :-) Currently anyone can leave a comment in my blog without being verified at any level.  Some would argue that the anonymity enables commentary by those that may not have otherwise shared their useful views.  I would call for both.  I do want to encourage ease of use in order to gain feedback, but I don’t want a world where someone can spam a bunch of blogs with offensive remarks that add no value under the protection of anonymity or potentially pretending to be someone else to harm their reputation.  Which leads me to…

Reputation: How do I know I can trust information coming from person X?  This is really no different than the problem of knowing whether or not you can trust information from web site Y.  However, with the new (much needed) move towards simpler publishing mechanisms that blogging represents it enables even more people to create misleading content without moderation.  Of course the argument could be “If you don’t like it don’t subscribe and subscribe to sources you trust”.  But how do I make sure I can find the good stuff?  What posts are the best ones to read?  There is no agreed upon content/user rating system that you might find in most new web forum implementations. 

I’m sure there are other problems that security experts could point out that need addressing, but these where the ones that have been on my mind today that I wanted to share.  Please don’t read this as an article against blogging.  I love what the phenomenon has enabled me and thousands of others to do.  I just know that the world is setting expected security standards higher every day and not paying attention to these problems now will only set us up for the same problems we’ve seen historically with every other ground breaking communications enabling technology that went too long without a care for security.  And this time users won’t accept simply “Hey look at this new thing is cool” without asking “is it trustworthy?”. 

josh

Comments

  • Anonymous
    February 10, 2004
    The comment has been removed
  • Anonymous
    February 10, 2004
    The comment has been removed
  • Anonymous
    February 11, 2004
    Blogging:2; Dev
  • Anonymous
    February 14, 2004
    I've deleted a comment made by someone who misrepresented themselves as a Microsoft employee. The point of the post was to show that Microsoft Employees themselves cannot be trusted because all of our “internal memos” end up on the web as soon as they are sent out. This is, of course, true for larger company wide memos and I think that most of the people that send these mails probably know that they will end up public sooner or later. A more valid, interesting point, might have been what JP says that you have to take everything with your grain of salt.
  • Anonymous
    February 15, 2004
    You think im gona use my real login aliase on the internet? I dont think so :D

    Next you want my BU so you can find it in headtrax. I dont think so :P
  • Anonymous
    February 15, 2004
    No, the irony of Ivana's comment on this post is not lost on me.
  • Anonymous
    February 15, 2004
    And, again, the reminder that Ivana does not work at Microsoft. She does, however, have a LOT of free time on her hands though.
  • Anonymous
    March 04, 2004
    I have a few ideas of my own to the problems mentioned, but as i'm not very well familiar with the current blogging system, i would like to know that if i write a comment to this old posting, will the author (you josh :-) be able to notice new comments to old posts (perhaps if it's already in archive). I guess this depends on the blog system used for postings?

    If anyone reads these new comments to old bloggings, then i'll give you penny of my thoughts..
  • Anonymous
    March 05, 2004
    .TEXT sends me notification whenever someone comments in any post no matter how old. So... I'm listening.
    josh
  • Anonymous
    June 01, 2009
    PingBack from http://paidsurveyshub.info/story.php?id=78436