Allowing OpenID accounts to post to existing communities

[foxfirefey]

So, currently mark is working on a project to import communities so we can migrate scans_daily, and part of that means making it so that OpenID users can edit and delete posts in communities, but not post to them. But what if OpenID accounts with verified emails were allowed to post to communities?

* OpenID users can already join communities, so they can comment as members, but they're barred from participating directly in the community through posting. However, many communities are too quiet as is--opening them up could have good effects, even if few OpenID users take advantage of the ability.
* If OpenID users want to give communities content for members to read, that's probably not a bad thing. If somebody only wants to participate in our communities and doesn't feel like they need an account because their main blog is elsewhere, making them get an account to participate isn't going to make them want to use it like a full account. (This is especially good for some things like letting outside developers make posts in dw_dev.) Letting them participate without getting a full account slightly lowers the barrier of entry, and prevents username space from being taken up more than it has to. And, we could make it easy to upgrade an OpenID account to a full fledged account with an invite code and the choosing of a username, converting all their posts and comments.
* Community admins might want to restrict this, so they should be given controls to be able to choose whether or not OpenID accounts can make posts in their community. They could also choose to have all OpenID account posts go into a moderation queue, but real accounts automatically go through. Defaults could make a big difference here: allowing OpenID accounts by default creates a more open, outward facing friendly Dreamwidth overall, while allowing community admins to open up their communities to OpenID posts but not having it on by default makes it the responsibility of the community creators to advertise that they're using Dreamwidth as an open platform for that particular community.
* One downside is that spamming via communities would become much easier. However, like discussed above, communities could be given controls to let admins determine whether or not OpenID accounts could post at all or be automatically moderated. However, because OpenID accounts wouldn't be able to *create* communities, it would be much harder to use that as a loophole. On the other hand, it would mean spammers would only need to get ahold of one account to start mass producing communities for OpenIDs to spam in. But then again, there's nothing really stopping them from doing that now besides the community creation rate limiting.

So, what do you think the effects of letting OpenID communities post to DW would be? Positive? Negative? Underutilized?

Comments

[pne]

I'd be for it.

[sashajwolf]

I don't see it getting enough use to be worthwhile, especially when balanced against the increased risk of spam.

[foxfirefey]

I think it would be useful in certain circles, such as the upcoming scans_daily and for certain areas of fanfiction.

[azurelunatic]

If there's a rogue OpenID server, it could be banned, the whole kit and kaboodle, I believe. Though LJ's full of spammers the poor thing, and it would not be too difficult for LJ spammers to make the leap in that way. Though LJ would probably be glad to suspend the little bastards should they do so. It could be more work, but I think it would be worth a trial.

If it happens, it should come with settings to differentiate posting permissions: I think a lot of community admins would be fine with it if they could set all OpenID user posts to moderated and give regular users open posting.

[existence]

If the openID users could be moderated in such a way, I would definitely be for this.

[sophie]

Thinking about this for a while, I think that the spam concerns can be offset by forcing OpenID users to have validated email addresses before posting to a community. While some spammers wouldn't be deterred by this, it makes finding the rest of them a lot easier.

But maybe even that's not enough.

[foxfirefey]

Yeah, I did specify verified emails! It doesn't stop things entirely, but it does raise the barrier of entry. LJ still has plenty of spam, though, even with that requirement.

[sophie]

Are you sure? The only comment spam I've seen on LJ has been from anonymous users, not registered users. And up until very recently, it was possible for registered users to post without needing a validated email address. That's changed only recently.

Although looking at the Recent Posts feed, there are some spam posts, yes. Not nearly as many, though.

[foxfirefey]

Well, I'm comparing post-spam to post-spam, since LJ has plenty of anonymous comment spam since plenty of journals allow anonymous comments, same on DW. And yeah, there's not as much spam on the latest posts thing, but there still is some, even with email verification. And every one of those spam LJ accounts could also serve as a valid OpenID that they have the resources to email validate.

[ironed_orchid]

A community I mod got joined by a bunch of 'users' on lj who seemed to exist for the purpose of spam.

[foxfirefey]

Interesting--did they post to the community? Otherwise, my guess is it's an easier way of getting the Google juice of having your spam journal linked to in Google without the effects of friending a journal that will get an email notification about the event.

[ironed_orchid]

No, they didn't post, but they all had user names like "russian_women" "dating_agency" and "russian_girls". I know they joined because it a was a closed membership comm and I got emails for everyone who tried to join.

[holyschist]

If the spam problems could be curtailed, I think it would be positive--hopefully it would lead to more active communities.

[triadruid]

Instinctively, I'd say it would increase the spam greatly while increasing the user content somewhat (OpenID is not exactly intuitive at first for users, while spammers have it down/can share scripts).

But I have no numbers to prove that.

[foxfirefey]

Well, I wouldn't say spammers have it down, necessarily. They don't seem to have found it worth it so far.

[mark]

I'm very against it. OpenID accounts can participate in discussions but not create content (entries) and the risks of spam and abuse by allowing them to create content feels too high, IMO.

Also, the benefits are very minor. If someone really wants to create content, they can get a DW account. It's easy, I believe, and if it's not then we have to fix that and make it easy for people to join the site and participate.

[matgb]

If someone really wants to create content, they can get a DW account.

To an extent, true. But they need to either have an invite code, which means they have to ask for one, go through the faff of getting it, etc, or they have to pay.

And while I'd like many many paid users, I think it'd be offputting.

You see a minor benefit, I see a major one: it allows existing users of the site, who're commenting and being involved, to actually participate as full members of comms they're a part of. Many of the OpenID commenters on my (or more importantly miss_s_b's) journal are non-LJ OpenID users, and now that you've moved to OpenID2, we definitely plan to promote that usage more often; that includes a lot of active, senior UK political types and similar.

If I can, say, persuade Adrian to participate over here without any faff, they I can eventually persuade him to dump MySpace completely in favour of using DW. But baby steps are easiest--despite having an open offer of codes, a lot of our friends prefer to not bother signing up--if signup becomes significantly easier, I think we can persuade people to jump over here at a greater rate.

And I definitely want to use DW comms for 'real' blogs at some point; allowing OpenID users to participate fully would make that a lot easier. I pretty much agree with all of 'Fey's benefits above, and disagree it's a minor advantage.

[mark]

I'd rather just remove invite codes than allow OpenIDs to contribute more than comments. If the point of invite codes is to control growth and limit spam, then making OpenIDs able to contribute in the same ways as a normal account effectively neuters those benefits of invite codes.

Also, OpenIDs don't have to explicitly agree to the Terms of Service, which is something pretty scary for a site operator to have people who use your site who don't have to agree to your ToS.

The only way I could see this working is to remove invite codes (so we don't place artificial pressure on people to go get an OpenID to get around our restrictions) and make an OpenID account be forced to agree to the ToS before they can do things on the site.

If both of those happened, then people might as well just use a normal account so we can keep OpenIDs as the "you want to participate in comments, but you don't want to actually join the site" sort of "lite" accounts, IMO.

[matgb]

OpenIDs don't have to explicitly agree to the Terms of Service, which is something pretty scary for a site operator

Good point, well made.

So yes, if you dump invite codes, then this might not be worth doing, but if you keep invite codes (I care not one way or t'other), then perhaps have a need to agree to TOS when an OpenID is validated, and only allowing validated IDs to take part?

There're loads of things I'd like to see improved for OpenIDs, never have written them all up (auto discovering email addresses and Gravatar support would be two), and full involvement in comms is lower on my list, but I favour it, I think it'd benefit the site, but it's not my site after all.