Photography Plants

Day at the Gardens 2








Photography Plants

Day at the gardens





Technology Weblogging

TypeKey scavenger hunt

Recovered from the Wayback Machine.

More information about TypeKey and comment management incorporated into Movable Type 3.0 is appearing, but it’s appearing in bits and pieces in certain weblog comments.

In BuzzMachine comments Mena Trott wrote:

Our announcement about the TypeKey service was focused on the TypeKey service, not the way we’ll be handling comment registration. But, without going into too much detail, I will say that we’re not starting this service in order to police or ban users. From a liability standpoint alone, it doesn’t make sense. Movable Type 3.0 has a robust comment registration system that allows the user to ban or accept users on their own weblog. TypeKey is a way to say “this person has an account and has entered a verfied email”–now you, as the weblog owner, will decide how you will handle this commenter.

We operate in California, a state where the legal system advocates personal privacy. We feel the same way, so of course, we’re not going to be providing a public list of all the blogs you’re commenting on without explicit user approval.

And regarding the subpoena issue: While Ben and myself founded Six Apart and the company still reflects our vision, we are a company that has counsel and if and when these situations come up, we follow legal guidelines. This certainly doesn’t mean just handing over user data.

Six Apart didn’t just decide to create TypeKey on a whim. We weighed the pluses and pros of both decentralized and centralized registration. Believe me, the decision didn’t happen overnight. Ultimately, the need to not sign up on every weblog you wish to comment on and the ability to say that your TypeKey identity is your own (rather than having decentralized comment registration where someone could possibly snap up your identity on a particular weblog) were two of the major issues that made us choose a centralized authentication system.

We’re going to want to compile a list of questions that people may have and add those to our FAQ. But, ultimately, we’ll want to get the product out of alpha before answering too many speculative questions 🙂
Posted by Mena Trott at March 20, 2004 03:16 PM

I can respect that Six Apart is in the middle of a development cycle, but the architecture for TypeKey is obviously designed, and the topic has been introduced with just enough information to cause confusion and concern. I’m not sure that waiting to answer questions is a feasible idea for the company. Nor is putting bits and pieces of additional information in some weblogs.

Mena is saying, “Trust us”, and asking us to trust her and Ben because they’ve been a part of this community, and have been helpful in the past, and have provided software for free for many of us. I imagine that many of you know the Trotts personally, and are very uncomfortable when talking about ‘trust’ and ‘abuse’ when referencing them.

But TypeKey is not ‘Ben and Mena” – it’s Six Apart, a company, as both the Trott’s have stressed, that has impacted on their communications and their decisions in the past. A company that the Trotts could decide to sell for a couple of million tomorrow to some major international corporation, and more power to them.

John’s Jottings has pulled together several other weblog entries on MT 3.0 and TypeKey, and it was through his effort that I found out Jay Allen has bought into TypeKey as a solution, and is discontinuing future mt-blacklist updates. As he writes:

When I saw the original feature list, I was highly skeptical that this release would solve the problem. However, SixApart did such a fantastic and elegant job of looking at the problem from a wider perspective that I was instantly won over. This new version completely solves the problem of control over outside submission to one�s blog in such an elegant and powerful way that I myself was astounded.

I can understand Jay wanting to move on – he isn’t paid for mt-blacklist other than through donations. And I’m also not surprised that he would favor a system that would basically prohibit comment posting unless you authorize the person making the comments, and the person has been ‘authenticated’. As with blacklisting, better to lose a few good comments, then run the risk of comment spam or trolls. Which means comment registration and an authentication service, which is TypeKey.

But many of us have never been comfortable with the blacklist feature of MT-blacklist, because as we’ve seen, it was abused and legitimate URLs were added to global blacklists. What we liked, what I liked, was Jay Allen’s nicely elegant email integration for managing comments, and his global comment deletion and entry re-build feature. With enhancements added to throttle the individual DoS (Denial of Service) attacks we’ve suffered from poorly designed comment spam systems, or deliberately from script kiddies, we’ve managed to gain control for the most part on our comments, with only a little effort on our part.

It does sound like some of this has been added to Movable Type 3.0, as I discovered when Ben Trott added a comment to


TypeKey is definitely not the only new feature in MT 3–it’s only a part of the release, and in fact, in our original announcement at it was barely even mentioned.

But as you said, comment registration is not for everyone, and to help out folks who don’t want to use it, we’ve also vastly improved MT’s comment management functionality: you can now look up “all comments by this author”, “all comments from this IP address”, etc, and bulk delete those comments. This is really powerful when combined with comment registration, of course, but even without using comment registration, the tools are much more powerful than in MT 2.x.

With regards to scalability: we’ve now implemented one of the major scalability improvements in TypePad into Movable Type–speeding up the archive list generation by using the MySQL or PostgreSQL processing engine rather than MT.

Finally, as far as features go: another one of the major changes in MT3 is the callback interface, which exposes much more of MT’s internal processing to plugin modules. This allows plugin developers to build large application functionality on top of Movable Type, and we’re hoping to see some really interesting tools get built, because we know that by this point, when there are hundreds of plugins up on , there are many people besides Six Apart building interesting things with Movable Type. 🙂


I think from this we can infer that if you use comment registration in Movable Type 3.0, you have to tie into TypeKey – there is no separate solution.

Of course, I’ve already been talking with another developer about hacking the code to either use locally-based authentication, or no authentication, and I’m sure others are thinking the same – which means we have yet another round of hacked code so that we don’t have to tie into this centralized authentication scheme.

On a MeFi thread, Matt Haughey says of TypeKey:

It seems on the surface to be a sort of weblog-world Microsoft Passport. I once had a chat with the original creator of Passport, face-to-face, and he asked why I didn’t use it for MetaFilter (since it would eliminate a lot of programming for user management). I stated that I didn’t due to security risks, the integrity of the data, and the inherent mistrust of the company behind it. I believe Six Apart has to deal with the same sorts of issues, but I trust their security is tight, I trust that they won’t do evil things with our data, and I trust them as a company.

I think this is a good option for people that are currently turning off their blog comments due to the deluge of spam. If the choice is no comments vs. register with Typekey comments, we as readers and owners win if Typekey is adopted. Heck, I’m tired of deleting the 1 or 2 a day that show up to my open commented Typepad and MT blogs and will seriously consider moving to registered comments only for those blogs.

There is definitely a danger in having a central store of data and taking any actions against accounts in that central store. I hope that Typekey is as transparent as possible in what they do to abusive accounts and why they do it. Of course this is all based on that single info page – perhaps typekey will never ban users system-wide and it will be up to site owners to ban users one by one (though it would be nice if there was a trusted central spammer db like mt-blacklist). But the danger is that if one person is accidentally banned from typekey comments, there could be a lot of problems.

To me, deleting one or two comments a day, especially if the tools are easy, doesn’t bother me. I figured it’s the cost of doing business, and worth it to keep my comments open for those good, but anonymous, comments that come my way every once in a while. As long as throttles are in place to prevent my system from being overloaded and taken down, and I have a good mechanism to clean up my comments, I won’t need or use registration, and hence wouldn’t need TypeKey on my site.

Besides, didn’t I say I wasn’t going to continue using Movable Type? So what’s my problem?

My problem is that TypeKey impacts on me outside my space. If other sites implement TypeKey, and I refuse to ‘register’ with some form of centralized authentication service, I can’t comment in their spaces. If other tools buy into the open API (information of which is only available after TypeKey is released), and incorporate TypeKey into their tools, then the number of sites I’ll be able to comment at, will shrink.

Not only will I, who you can assume is an ‘authenticate’ person, be restricted from joining open conversations on comment threads, but the flavor of comments will begin to change, and I can’t see this as a good thing. It seems to be popular behavior, now, to sneer with disdain at the misfits that clutter our comment spaces. Not surprisingly, another opinion I don’t share, and probably not shared by the majority of people who would like more responses to their writing, not less.

I’m writing a longish essay, which I hope to finish soon (yeah, yeah, so who’s the tease now?), on comments and communication and ‘proper’ behavior, and yes, even incorporating subjects as diverse as Howard Stern and AKMA’s signification and accountability. (Though I am not a philosopher, and usually find when I ruminate on AKMA’s more learned discussions that I’ve found a po’man’s interpretation of the subject matter, and have attached to the bright and shiny thread in the discussion rather than the more complex and hence richer aspects, most likely to the pained reading by one and all.)

In the writing one of the points I hope to make is that even negative statements have their place in communication. Yes, even a troll can serve a purpose, if by trolling they force people into defending what are deliberately provocative statements, weak assertions, and unfounded assumptions. We are in danger of filtering all passion from our interactions with each other. Why have comments if everything we say boils down to the safely, ‘Indeed’, and ‘Indeed not.”

Whether I use Movable Type or not, TypeKey impacts on me. So I continue to push about it. And to be frank, Six Apart does have an architecture in place for comment management in Movable Type 3.0, and I think they really need to provide a detailed look at this sooner, rather than later. Hints and teases, and promises of ‘more later’, are only going to make things worse, rather than better.

In the meantime, if you know of any other weblogs where any member of Six Apart has left comments, please drop me a note in comments, or send a trackback ping to this posting (you don’t have to link me to do this.)

(Morbus Iff has a good comment at his site about the implications of DDoS (Distributed Denial of Service) attacks against TypeKey:

If TypeKey proves effective, it won’t be able to stand up to a DDOS attack (if Microsoft, Yahoo, and eBay can’t, what makes us think that Ben and Mena will?), and while it runs around figuring out router filtering rules (ha, ha, ha), blogs will be as susceptible as they were before (well, that really depends on MT: if TypeKey is down, will it deny or allow all comments?))

Again, and yes, this is speculation based on what Ben has said, to take it with a grain of salt: but my impression is that TypeKey is used when a person registers with a site, to authenticate that person’s access to comments. I get the impression that it’s not used for every comment, only for the registration process. If true, this would eliminate some of the technical problems – but leave a lot of social issues still unanswered.

But then there’s that ‘login once, comment everywhere’ statement. Gah!

Frankly, mentioning something like TypeKey without being ready to provide details was perhaps not one of Six Apart’s better ideas. Stay tuned for when more information is released.