💬 Re: I wish there were a better story around replying to blogs

Comments

In reply to: Re: I wish there were a better story around replying to blogs

I agree that this is a massive pain point and it’s something I’ve talked about a lot on this blog.

At present, I use a combination of 1 (via isso) and 4 (via webmention.io + webmention.js). The integration on 4 is also helped by using Bridgy and Bridgy Fed to receive webmentions from Mastodon and many of the silos, which strikes an okay balance for me, although it’s far from perfect.

One of the biggest problems with webmention, IMO, is that it doesn’t provide a good story for protected/private responses to protected/private entries. Ticket Auth might eventually provide that, but adoption of that protocol has been slow-going, to say the least, and there’s still open questions about how to actually manage the credentials in an unsupervised flow (especially when using a third-party webmention endpoint). An older WIP called AutoAuth had a much better story for that use case but the protocol was incredibly complicated and implementations never progressed beyond the proof-of-concept stage.

For me, isso as my primary comment system remains the least-bad option of a lot of bad options.

💬 Re: Private Comments, or Why I’m Down On Webmentions

Comments

In reply to: Haven Blog: Private Comments, or Why I’m Down On Webmentions

This article raises some good points, but there’s another reason I’m not all-in on Webmention: comments on private posts.

Post privacy is incredibly important to me, and supporting webmention on a privacy-post context requires that the comment (and notification thereof) be visible to the receiver’s endpoint, without it being visible to the world at large. This is okay with “unguessable” private URLs, but if you are doing a login-requred thing you start running into issues where you have to either let endpoints through to see the data (which means that any bad actor could also do the same), or you need the endpoints to support the authentication protocols (via e.g. AutoAuth or TicketAuth), and given how difficult those have been to get any meaningful adoption, I’m not terribly optimistic about that changing any time soon, especially with how many people farm their webmentions out to webmention.io which isn’t really in the business of managing things like authentication tokens.

But also, if you live in a world of webmentions for replies, that also greatly increases the chances that someone’s reply will be accidentally posted in public. I already see enough issues where friends will reply to my unauthenticated “stub” entries on Mastodon, rather than posting native comments onto my blog.

The more I get annoyed with Internet comment mechanisms, the more I think that email really is the way.