Impersonated on my own website

June 28 2008

I guess the only surprise here is, why it has taken 4½ years for this to ever happen.

Since there is no identity validation for comments on this site (as with many blogs), anyone can post under any name.  By site terms, though, comments must be posted using one's real name and a valid e-mail address.  Over 35,000 comments have been posted here, and less than 100 of those are pseudonyms (mostly in cases where I just didn't catch it in time).

Before this week, though, I had never seen anyone post comments using my name.  Until this week, when I started going after one troll who used anonymouse.org to post here.  At first I just deleted his comments, then I blocked the IP for that site.  Still not enough.  Last night, he posted two comments using my name....

Image:Impersonated on my own website

Now, there was one tell-tale sign that these weren't from me.  Each comment was signed.  I don't sign comments.  But otherwise, I realize that readers would assume these would be comments from me -- there's no history here of impersonation, so...

I deleted the comments, as well as the responses they quickly drew.  NO, 8.5 is not the last version to support the Mac platform.  But yeah, clever way to get attention.  Sigh.

I'm not quite sure what to do about this.  I've seen a few blog implementations (including some Dominoblog ones) where comments from the site owner get highlighted differently.  If that would work when I comment via blackberry, browser, or Notes client, I will look into something like that.  I could also post IP addresses with comments, but again, I travel a heck of a lot.  Open to suggestion, because once again, my trust in humanity got me stung (thankfully just a small bite this time).

Dear Comcast New Jersey subscriber -- next Friday, go to bed at your normal bedtime.

Ed Brill | Highland Park, IL USA Category:  Blogging  Add/View Comments [42]

Post a Comment

  1. 1  Nelson Morris  | 6/28/2008 7:22:46 AM

    If you are logged in, it should be as easy as s flag computed on the backend #if(@Username="CN=Ed Brill...."

    You might need to slap an &login to your url when posting on a browser.

  1. 2  Ed Brill http://www.edbrill.com | 6/28/2008 7:28:53 AM

    Seems like an excellent opportunity for a bit of community assistance to put some additional protections around that part of your blog.

    I volunteer.

    But then, you have rather easy access to Steve Castledine, don't you? :-)

    -- Nathan

  1. 3  Ed Brill http://www.edbrill.com | 6/28/2008 7:30:03 AM

    Oh, and I wonder how long until someone's asking Alan Lepofsky's whereabouts last night. ;-)

  1. 4  Jeremy Hodge http://www.hodgebloge.com | 6/28/2008 7:34:19 AM

    Glad to hear you were impersonated!! The alternative would have been much worse :) ....

  1. 5  Kerr  | 6/28/2008 8:08:49 AM

    I'm very glad to here it was bogus.

  1. 6  alan lepofsky http://www.alanlepofsky.net | 6/28/2008 8:24:22 AM

    I'm not telling, but I will say Angelina Jolie was involved at one point of the evening.

  1. 7  Ed Brill http://www.edbrill.com | 6/28/2008 9:12:17 AM

    I'm having the strangest sense of deja vu... { Link }

    It seems rather simple to check $UpdatedBy or Session.UserName. I'm not sure what would happen when you post from your BB, though, since that might not have your hierarchical canonical name.

    -- Charles

  1. 8  Ian Connor http://ianconnor.blogspot.com | 6/28/2008 10:19:56 AM

    I think just posting the IP address here would probably make the user think twice. There are a lot of readers of your blog. This clown in New Jersey might realize he is not that anonymous. He might not want to run the risk of annoying a reader that might live very nearby or can connect his IP with an address.

    A few years ago I had some company click through my wife's google ads once and I was able to track it down and provide information to the FBI for an investigation - IPs are not anonymous.

  1. 9  Ben Poole http://benpoole.com | 6/28/2008 10:29:27 AM

    What is it about (ab)users in New Jersey / New York? All of the trolls on my site over the years have been from there (and one of them was Comcast too!)

  1. 10  Henning Heinz  | 6/28/2008 11:26:21 AM

    Now that blogging is a business tool everything is taken very serious but I really had a good laugh. Sorry but maybe the person that tried this thought that it would not work.

    For a simple hack maybe an Input Translation formula could help

    @If(@Name([CN];@UserName)!="Ed Brill" & @Contains(@ThisValue;"Ed Brill");"Trollomat";@ThisValue);

    or

    @If(@UserName="Anonymous" & @Contains(@ThisValue;"Ed Brill");"Trollomat";@ThisValue);

    And no, I am neither in New Jersey nor use Comcast.

  1. 11  Henning Heinz  | 6/28/2008 11:47:28 AM

    Ok, I forgot that maybe you post responses without logging in then this would not work. Publishing the IP will maybe prevent people from commenting while at work.

  1. 12  Ed Brill http://www.edbrill.com | 6/28/2008 11:54:37 AM

    I think we've come up with a solution...essentially a username password kinda thing for me to comment. More later (John I will ping you)

  1. 13  Carl Tyler http://www.iminstant.com | 6/28/2008 12:11:20 PM

    @6 Another night that ended with Thumbelina and her 4 sisters eh Alan?

    @12 What happens if Ed Brill the comedian wants to comment :-)

  1. 14  mikelotus  | 6/28/2008 12:30:15 PM

    Posting an IP address is pretty worthless unless you are also going to block anon proxy servers, Tor and JAP as posting mechanisms too.

  1. 15  Timothy Briley  | 6/28/2008 12:37:45 PM

    I read it shortly after it was posted. Given that you're not one to post this late and that it wasn't your writing style AND the "Oh by the way, we're killing the Mac Notes client" would be just an incredible stupid thing to do, I fully expected to wake up today and find that it was bogus. Anyone that took it seriously was either a newbie or just not paying attention.

  1. 16  Ed Brill http://www.edbrill.com | 6/28/2008 1:08:17 PM

    @15 By the time I was awake this morning, there were several comments and two bloggers blogging about it....

  1. 17  Charles Robinson http://www.cubert.net | 6/28/2008 5:06:22 PM

    @16 - I can understand the comments, people (especially your readers, and I'm including myself) tend to get wound up pretty tight with minimal information. But for someone else to pick it up and blog it without some confirmation is bizarre. If something like this were true you wouldn't be publishing it as a comment. As my mom used say, "anyone with one eye and half a brain knows that".

  1. 18  Ben Poole http://benpoole.com | 6/29/2008 3:35:11 AM

    @14 @16 guilty as charged. It was early, I was hungover and it seemed worthy of comment. (Note that I did say, "If true…")

    So shoot me; I wish I could be perfect like you guys.

  1. 19  Ben Poole http://benpoole.com | 6/29/2008 3:35:55 AM

    @15 & @17 I meant. See, I'm still not with it :-p

  1. 20  Dvir Reznik http://dvirreznik.blogspot.com | 6/29/2008 4:45:30 AM

    Ed,

    How about moderation? you need to approve the comments before they appear on the site?

    Is that possible?

  1. 21  Ed Brill http://www.edbrill.com | 6/29/2008 7:50:42 AM

    Dvir, no interest in moderation. The volume of comments is too high, and I can't "babysit" 24/7. It also would mean the bad guys won... moderation slows down the collaborative nature of the discussion.

    We have some good ideas discussed offline in the last 24 hours in terms of validating comments from me...I don't think we need to do anything stronger than that for now.

  1. 22  Eric Mack http://www.ericmackonline.com | 6/29/2008 10:16:50 AM

    Simply modify the comment save routine to prevent posting comments on behalf of Eric Mack from the web and/or require a password for web comments from Ed Brill.

    Then, using the Notes client, which I presume is where you do most of your blogging, you will not be challenged.

    hth

    Eric

  1. 23  Flemming Riis  | 6/29/2008 12:02:57 PM

    how about just requiring signup so everyone needs to register to post.

  1. 24  Ed Brill http://www.edbrill.com | 6/29/2008 12:23:54 PM

    @22 you're on the right thought. I blog 100% from Notes, but I do leave comments from the browser (as I am right now).

  1. 25  Ken Barker  | 6/29/2008 1:02:59 PM

    Why don't we all just ignore dumbass comments that are not likely to have come from you? Seems simpler.

  1. 26  Gavin Bollard http://dominogavin.blogspot.com/ | 6/29/2008 5:26:57 PM

    Personally, I see dumbass comments as useful sometimes because they give you an opportunity to clarify IBM's vision.

    For example; the Mac comment is a good excuse to acknowledge the disappointment over the iphone but point to a link or press release reaffirming IBM's vision for the platform.

  1. 27  George Paglia  | 6/30/2008 8:12:00 AM

    Can you send yourself an email when Ed Brill posts a reply? A bit redundant, but it would sure flag you when something happens.

  1. 28  Flemming Riis  | 6/30/2008 2:10:08 PM

    @27 problem is if its a trend that people are lame next one will be Alan or XYZ , but hopefully its not.

  1. 29  Bill Buhl  | 6/30/2008 2:48:45 PM

    Ah.. you're all fueling the fires, you know the troll is reading these and letting you think up the next few ideas.

    I like freedom to comment without registration, but how far will it really set anyone back if that is implemented? Once you do that, it would seem pretty easy to prevent the easy impersonation of existing users and in particular Ed.

    Since people are inclined to read and report on what Ed comes across at times, you really don't want things to appear to be from him. The rest of us are free to post ignorant comments at our leisure as most users would challenge the far fetched ones...

    While some comments may be viewed as ways to promote more conversation or clarify, the potential for more harmful comments is there.

  1. 30    | 6/30/2008 4:16:59 PM

    Troll at 12.34.88.194 comment removed.

  1. 31  John Turnbow http://www.navasoata-unified.com | 6/30/2008 4:24:09 PM

    Ed,

    If you check your log you "might" be able to find what "company" at least the imposter came from unless they did it from home or used a borrowed device or computer.

  1. 32    | 6/30/2008 4:35:44 PM

    Troll still at 12.34.88.194 comments removed.

  1. 33  Jeff Picco  | 6/30/2008 5:28:10 PM

    Good chance the troll has posted under his / her real name in the past. logs can be very helpful with that.

  1. 34  Troll  | 6/30/2008 10:56:11 PM

    Another troll came by from 193.194.89.2 here. Algeria...this troll really gets around.

  1. 35  Mike Robinson http://www.invcs.com | 7/1/2008 5:34:36 AM

    Wow,

    I was fooled. The troll was pretty crafty in that he stayed pretty even toned- had he totally gone out of character, most would have known something was up.

    Anyway, I don't mind authenticating as it can be saved, however you could also prevent someone from using edbrill.com in the email and web (someone other than yourself of course). But then that doesn't prevent someone from say impersonating Nathan :)

  1. 36    | 7/1/2008 11:18:15 PM

    Yep, this was the troll again. We're going to fix this shortly.

  1. 37  Rob McDonagh http://www.CaptainOblivious.com | 7/2/2008 12:03:52 AM

    Boring little troll...

  1. 38  Kerr  | 7/2/2008 3:35:30 AM

    @36, "He left this article"

    Are you saying the author of the *article* is the troll? Or is this just another troll post?

  1. 39  Ben Poole http://benpoole.com | 7/2/2008 3:40:09 AM

    @38 Or, OR Ed's being impersonated again?

    Oh it's getting too post-modern for me now :)

  1. 40  Kerr  | 7/2/2008 3:54:25 AM

    @39, yeah, that's what I meant. I'm not even sure I know who *I* am any more! ;)

  1. 41  Bill Malchisky Jr. http://www.EffectiveSoftware.com | 7/2/2008 11:59:02 AM

    Good luck with the (mild) lock-down and troll removal process. I prefer a troll-free blogging experience myself. :) Thanks for keeping us informed and for improving the site.

    Have a great holiday on Friday.

  1. 42  Jeff Mirman  | 4/24/2009 7:57:12 AM

    Hey Ed,

    I just accidentally came across this and given the amount of time this has been up I'm somewhat surprised no one has mentioned the existing solution. Internet power users have long been concerned with the validity of information they place on the Internet either through some form of posting or blogging or even via e-mail and files. The solution they use is digital signatures through public key encryption (e.g. PGP). If you used PGP (or a similar public key solution to sign your posts and had your public key posted on a public key server anyone could easily verify it is really you. If support for public key signatures was built into blogging software it could be even more user friendly. That's the only drawback--there's a visible digital signature and text wrapper (for text posts). If support were built into the server software it could be much more friendly from a UI perspective and maybe even approach eye-candy.

    Jeff Mirman