A number of MSN Spaces users had to deal abusive comments from malicious users impersonating others on their weblogs. This is a problem we are well aware of and are examining various approaches to curtailing.
Recently on I found an entry on Jen's Space entitled Petition where one of our users who's fed up with malicious comments wrote
The following petition was made with regards to suggestions for further upgrades to MSN Spaces as pertains to security.
-
We would like to see the option to enter any URL in your comment removed and replaced with a field showing the URL of the commenter by default. This field should also be inactive and therefore not available for modification or the changing of the default URL. There have been several cases where individuals have left hateful and slanderous comments on other Spaces using the URL of another member to avoid being identified. This sort of thing should be stopped and we believe that the above recommendation will help.
-
As with MSN Messenger, the ability to have your Space public and still being able to block certain members from viewing or commenting on your Space would also be beneficial. There have been several members that went Private to avoid people they did not wish viewing or commenting in their Spaces.
If in agreement to the above suggested upgrades to MSN Spaces please sign your names below in the form of a comment so that we can pass this on to the powers that be. I think we can all agree that these two recommendations will help with some of the ridiculous problems that certain members have been forced to deal with.
We've considered both approaches to solving the malicious commenter problem but neither one seems like a complete solution. The main problem with the first request is that it doesn't handle the case where the commenter is a valid Passport user who doesn't have a Space. Unless we prevent people from being able to provide their own URL, name and email address then this solution wouldn't really work. Given that we already get complaints that requiring Passport to post is restrictive, this would seem even more problematic. The second request doesn't really work if the Space is public because all the malicious commenter has to do is sign out and then they have access to the Space even if their Passport account is blocked.
For now, the best solution is to create a private space and add the Passport accounts of the various people you want to access your Space to your permission list. We have excellent documentation about permission settings which should show how to make your space accessible only to specific people in your address book or your MSN Messenger contacts.
In the meantime, rest assured that we are working on solutions to the impersonation problem which allow users to trust that commenters are who they say they are while not limiting the expressivity of people who leave comments in a blog.
I love the tough problems.