Bad Design Allow Site Owner Alterations.

  • Author
    Posts
  • #429968

    obloodyhell
    Member

    Protein Wisdom Alters Commenters’ Words to Mock Them
    http://patterico.com/2009/12/20/protein-wisdom-alters-commenters-words-to-mock-them/

    Protein Wisdom is apparently powered by WordPress. As I comment in the thread at Patterico, good software design would not allow even the site ops to alter someone’s words without leaving a visible trace for others to see:

    Properly designed software would not encourage this, or at least, would acknowledge it has happened by “This comment was edited by the site proprietor. To see the original comment, click here” and provide a link to the original comment.

    I’m not saying you should not allow the proprietor to alter it at all, just that a trace should be left behind which others can use to call attention to if one should abuse the power to deal with things other than spam and/or inherently offensive/abusive entries.

    This is very, *very* bad design on WordPress’s part.

    Yet another reason to NOT use WordPress, or to trust blogs which do so.

    #430138

    supportbot
    Member

    You did not specify a blog address or reason for posting when you created this topic.

    This support forum is for blogs hosted at WordPress.com. If your question is about a self-hosted WordPress blog then you’ll find help at the WordPress.org forums.

    If you don’t understand the difference between WordPress.com and WordPress.org, you may find this information helpful.

    If you forgot to include a link to your blog, you can reply and include it below. It’ll help people to answer your question.

    This is an automated message.

    #430139

    raincoaster
    Member

    That’s not a WordPress.com blog.

    #430143

    And by the way, wordpress’s editor does track post and page revisions – at least in 2.8 and later, so there is a way to see what changes have been made.

    #430144

    tellyworth
    Staff

    Obviously they’re talking about self-hosted WordPress.

    It’s a ludicrous claim. All self-hosted blog apps allow site owners to alter comments. (Even if the software didn’t provide a UI to do it, the site owner has access to alter the database directly).

    #430145

    obloodyhell
    Member

    “Spambot” — The topic is relevant no matter if it’s about .com or .org. Both have input to, and power over, the software, albeit indirectly in one instance.

    (yeah, I know it’s “a bot” — the points it makes still need replies)

    This is an egregiously bad design flaw, and should be fixed as quickly as possible. Site proprietors should not be able to alter user comments without leaving a trace and chance of exposure if the power is abused.

    And people should be fully aware of it until it is fixed, and be pushing for it to BE fixed.

    #430146

    tellyworth
    Staff

    obloodyhell, it’s not a design flaw.

    There is no possible way it can be done. No self-hosted blog application prevents blog owners from altering comments, because it’s impossible.

    #430147

    obloodyhell
    Member

    It’s a ludicrous claim. All self-hosted blog apps allow site owners to alter comments. (Even if the software didn’t provide a UI to do it, the site owner has access to alter the database directly).

    The assumption you make is that all site owners can personally edit such. There is a reason they are using canned software — and part of it is usually strongly limited coding skills on their part.

    Yeah, it’s possible to get around it. This does not mean that the software should not discourage this being done, and there are ways to write it better to stop that.

    And yeah, it’s not a wordpress.com blog — again — SO WHAT?

    The software shouldn’t encourage it, should explicitly even make it difficult to do. And wp.com has input into that, more than most.

    #430148

    obloodyhell
    Member

    There is no possible way it can be done. No self-hosted blog application prevents blog owners from altering comments, because it’s impossible.

    OK, what part of “genius” did you think applied to you?

    READ CAREFULLY.

    I explicitly</i> did NOT say “prevent alteration” — I said it should LEAVE TRACES.

    That’s a categorically different thing. And yes, it IS correct that a really savvy site op can override that by going in and explicitly editing the DB themselves.

    There are ways to make THAT painful enough that it’s not something someone is going to do without really, really good reason.

    #430149

    raincoaster
    Member

    It’s not a WordPress.com blog: this is WordPress.com. You are complaining about software which is not in use here.

    At LEAST direct your paranoia to the correct site.

    #430150

    devblog
    Member

    Au contraire, it would be a bad design if you didn’t allow the owner/administrator of the blog to have such privileges.

    #430152

    tellyworth
    Staff

    Removing the edit function from the UI would have the opposite effect to what you’re intending.

    It would allow site owners to claim that they hadn’t altered a comment (“I’m using WordPress so I couldn’t have!”) when in fact they have.

    (Self-hosted) WordPress is open source. Anyone can modify it. Anyone could install a plugin that allowed modifying comments without leaving a trace.

    The mistake you are making is to assume that blog comments are authenticated or verifiable. They are not.

    it would be a bad design if you didn’t allow the owner/administrator of the blog to have such privileges.

    – that too.

    #430154

    obloodyhell
    Member

    And by the way, wordpress’s editor does track post and page revisions – at least in 2.8 and later, so there is a way to see what changes have been made.

    Does it make it so in such a way that it’s self-evident to the average user, so that people can notice it themselves, easily?

    Blogspot, for example, allows me to delete my own comments… but it still leaves a trail, so it’s not like my comments just “disappear”, giving me the capacity to claim I never said anything at all.

    Yes, that happens on a different level than what we are speaking of, but it’s a part of good behavior on the part of the software.

    WP does not exhibit good behavior.

    #430156

    tellyworth
    Staff

    Blogspot’s comment system is a closed system, not a self-hosted application.

    #430157

    timethief
    Member

    We answer technical support questions posted by those who have issues with using wordpress.COM blogs only. You don’t have one but have received your answers from Staff anyway so maybe the time has come for you to slip slide away. Yes, we have no bananas and no troll food either.

    #430159

    raincoaster
    Member

    You could try Tumblr. Tumblr does not allow comments in the first place unless the theme has been hacked.

    #430160

    obloodyhell
    Member

    1) Are you ALL frigging idiots?

    > It’s not a WordPress.com blog: this is WordPress.com. You are complaining about software which is not in use here. At LEAST direct your paranoia to the correct site.

    So you DON’T use the EXACT SAME SOFTWARE?
    Oh, wait, the bot said it:
    WordPress.com utilizes the same WordPress software which you can download at WordPress.org.

    So that’s bovine excrement on your part.

    2) I also EXPLICITLY stated that it wasn’t a question of ALLOWING someone to alter comments, but to do so without leaving any trace. That is another order of magnitude issue.

    > (Self-hosted) WordPress is open source. Anyone can modify it. Anyone could install a plugin that allowed modifying comments.

    Closest to a valid argument, but the design of its comment engine can be done in such a way that it’s discouraged — tracking and validation information can be built into the comment engine in such a way that you would have to replace the entire thing. And you can make it a part of the strictures of the open source licenses that are applicable that said tracking information will not be removed without a clear warning to the reader that this is in effect.

    So it’s a resolvable issue.

    #430161

    timethief
    Member

    Indeed there’s always that opportunity and it’s available free of charge. It’s a closed system too in more ways than one. Why several wannabe political pundits have set up their own soapboxes over there so they don’t have to rise to the challenge of being exposed by commenters as concocting fallcious arguments.

    #430162

    obloodyhell
    Member

    > Blogspot’s comment system is a closed system, not a self-hosted application.

    So yes, you ARE an idiot. Attack a trivial side point which ignores the issue being raised.

    #430163

    tellyworth
    Staff

    Closest to a valid argument, but the design of its comment engine can be done in such a way that it’s discouraged — tracking and validation information can be built into the comment engine in such a way that you would have to replace the entire thing.

    You’re welcome to build it. WordPress is open source.

    And you can make it a part of the strictures of the open source licenses that are applicable that said tracking information will not be removed without a clear warning to the reader that this is in effect.

    You’re also welcome to seek legal advice on how to do that without violating the terms of the GPL.

    Both things should be done here:

    http://wordpress.org/

The topic ‘Bad Design Allow Site Owner Alterations.’ is closed to new replies.