Security Risk and Privacy Risk on WordPress.com Commenting
-
Dear WordPress.com,
There is a huge security risk in how you handle comments. Consider this scenario (that happened to me!):
Registered member of WordPress.com, ‘John Smith’, goes to one of millions of hosted blogs on your .com platform and writes a comment:
“I am against racism!”
Now, once he presses “submit” button, he cannot edit his comment anylonger. From now on, John’s comment is in full control of the “webmaster” of a blog where he commented.
Now, if webmaster “hates” or “dislikes” John, he/she can go and EDIT/MODIFY John’s comment to look like this:
“I support racism!”
Isn’t this a huge security issue for WordPress.com ?
Ordinary reader will have no idea that renegade webmaster modified John’s comment to make John look like a racist. And John cannot go back and delete his own comment! That is a huge security issue! I think registered WordPress.com members OUGHT TO BE able to modify or even delete their own comments on other blogs.
-
This isn’t a wordpress.COM issue. It is a general way that almost all commenting systems everywhere are. No ability to edit after you submit. Some with self-hosted blogs will install plugins that allow this, and some legacy systems are set up to allow you to preview and edit, but typically once you preview and click submit, the comment is effectively carved in stone.
There are, sadly, those out there that will edit comments and change the meaning to support their views, which is actually illegal since the copyright on the comment belongs to the commenter, not the blog owner.
I sometimes edit comments a little, but only for clarity or to correct typos that could confuse things for other visitors (in those cases I always email the commenter letting them know of the edit and give them a chance to either approve them or not), but I let my commenters know that in my comment policy. I as a blog owner have the right to decide which comments appear on my blog and which do not, but once I publish the comment, then it is there for eternity, or until I kill the blog.
-
-
Surely it should not be possible then to edit someone’s comment. I discovered this capability and was shocked. As a blog holder, we have the ability to delete a comment. That should be enough. Whether or not the poster of a comment should be able to edit it, surely the blog holder should not be able to change the words of their commenters? Is that not something WordPress has any control over?
-
WP.com has designed it that way, and it’s been the source of frequent complaints, but they haven’t changed it.
I’ve used it only rarely: once to remove a child’s phone number, and once to post the IP’s of all the sudden influx of Pro-Scientology comments coming to my blog. Gee, they all came from the same IP within an hour or two of one another. What could that mean?
-
Dear WordPress friends,
Blogger.com is different. I can submit my comment but blogmaster CANNOT edit my words! He can accept or reject my comment, but he cannot make it look like I said something else.
WordPress.com : The problem with this system is not a design preference, but a security concern. Imagine if you leave a comment on somebody’s blog and a renegade blogmaster edits your comment and makes you look like a racist or a terrorist?
We need to change this friends. We’re not asking too much and, I am not “complaining”, I am simply trying to make wordpress better. And we can make it better by allowing original copyright holders (commenters) to delete or edit their comments (it’s their comment for God sake, they should be able to do it whatever they please.) Nobody but original commenters should be able to edit their comments. If blogmasters don’t like my comment, they should be able to delete it, but they should – under no circumstances – be able to change my words.
-
@bosniakandjewishfriendship
Volunteers cannot help you with this at all. They have explained the istuation. If your wish you can contact Staff directly with your feedback. > http://en.support.wordpress.com/contact/ -
Someone changing your comments contents is NOT a security issue. It is illegal if someone does that, but it is not a security issue. Security issues are things that could possibly harm a blog such as malware, adware, viruses, etc.
This all goes to issues of honesty and integrity, and changing it so that a blog owner cannot edit comments is not going to magically force everyone to be honest. Honesty and integrity are characteristics that each person has to choose. People bent on this sort of behavior will find ways around any sort of roadblock you put in front of them.
Scenario:
Wordpress.COM changes things so that I can’t edit your comment. I see your comment and it does not agree with my view so I decide not to publish it. I then log out of my blog, go to comments and using your username and information make a comment on my blog, IN YOUR NAME that supports my view. In other words, I impersonate you. Sadly this happens. It is illegal, but it does happen. The end result would be the same as editing your comment. How are you going to stop THAT from happening?
- The topic ‘Security Risk and Privacy Risk on WordPress.com Commenting’ is closed to new replies.
WordPress.com Forums 