Six Apart has announced TypeKey, a centralized identity verification and authentication service for websites. The idea is that you’ll have a single login for all of the websites you visit that can be used to verify your identity for comment posting. This, in theory, will eliminate the “comment spam” that has plagued popular Movable Type-based websites for some time. According to the TypeKey website, the service will be made available at no cost to “personal weblog authors and commenters,” although registration is required and no mention is made of commercial website license fees.
But license fees and registration requirements are just the tip of the iceberg. TypeKey appears to be Microsoft Passport with training wheels.
While Six Apart and its principals Ben and Mena Trott enjoy impeccable reputations in the weblog and micropublishing communities, the centralized nature of TypeKey is quite disturbing. Sure, sure, there’s a spate of sensitive privacy statements, but centralized services make enticing targets, mostly because they provide single points of access and even a single compromise can be catastrophic. And because it’s a centralized service, it will certainly be a target for distributed-denial-of-service attacks. Furthermore, it remains to be seen if TypeKey complies with the European Union privacy directive.
But wait, do you want a centralized server tracking every weblog comment you’ve ever made? Not me. Shelly Powers goes so far as to refer to TypeKey as the PATRIOT Act of weblogging.
And what happens when the server goes down. All of the RSS pinging services are also centralized and when one of those goes down, it slows my publishing system to a crawl. As Morbus Iff asks, “if TypeKey is down, will it deny or allow all comments?”
I should probably hold criticism until TypeKey is released, but I very much dislike the idea of any centralized system. ExpressionEngine, the software currently behind this website, offers a decentralized registration system as part of the package. I’ve configured it to require registration for commenting and to require a valid email address for registration. Yeah, it’s a pain in the ass, and you have to do it separately for every ExpressionEngine-driven website you want to play in, but that’s life with the spam parasites.
0 responses. Comments closed for this article.