What's the logic behind not letting people edit/delete their comments?
July 10, 2016 11:00 PM Subscribe
I just learned that Wordpress does not let you edit/delete your own comments in others' blogs. Why is this?
I accidentally posted a comment on a Wordpress blog with my email address attached to it, because in Wordpress the default Public Display Name is the email address used to create the account. I found this baffling - it was like having my phone number being set as my default Public Display Name. Why would an email address ever be used as default Public Display Name??
Then I found out that I could not edit/delete the comment, which is now waiting for the blog owner's moderation. Link.
I can ask the blog owner to not publish the comment, but the person still has perfect freedom to publish and keep it, apparently.
Of course, all this wouldn't have happened if I had paid attention. But I do not understand why such risk should exist in the first place. What if someone accidentally posts a traceable / sensitive information in a comment? Why not let the person delete it?
I understand that "Blog owners are in full control of the comments on their blogs" in Wordpress. But being able to delete someone else's comment is clearly different from being able to keep it.
Then I vaguely remembered that some other post/comment systems also had similar "unable to delete" policy, and started to wonder about possible reasons behind it. I cannot think that it would save cost or the companies are out to get careless people like me. Any idea?
I accidentally posted a comment on a Wordpress blog with my email address attached to it, because in Wordpress the default Public Display Name is the email address used to create the account. I found this baffling - it was like having my phone number being set as my default Public Display Name. Why would an email address ever be used as default Public Display Name??
Then I found out that I could not edit/delete the comment, which is now waiting for the blog owner's moderation. Link.
I can ask the blog owner to not publish the comment, but the person still has perfect freedom to publish and keep it, apparently.
Of course, all this wouldn't have happened if I had paid attention. But I do not understand why such risk should exist in the first place. What if someone accidentally posts a traceable / sensitive information in a comment? Why not let the person delete it?
I understand that "Blog owners are in full control of the comments on their blogs" in Wordpress. But being able to delete someone else's comment is clearly different from being able to keep it.
Then I vaguely remembered that some other post/comment systems also had similar "unable to delete" policy, and started to wonder about possible reasons behind it. I cannot think that it would save cost or the companies are out to get careless people like me. Any idea?
Spam?
posted by bongo_x at 11:35 PM on July 10, 2016 [1 favorite]
posted by bongo_x at 11:35 PM on July 10, 2016 [1 favorite]
Theoretically you could post "Do you like cats?" and the blog owner could reply "Yes, I love them" and then you could go back and edit your post to read "Do you like naked pictures of Justin Bieber" and that would be absolutely hilarious but the blog owner might not think so. I don't know why you can't delete the comment altogether though!
posted by intensitymultiply at 4:39 AM on July 11, 2016 [1 favorite]
posted by intensitymultiply at 4:39 AM on July 11, 2016 [1 favorite]
N.B. that Wordpress isn't alone in this. Time was, before WP basically owned the blog universe, comment-posting was something that explicitly happened at the pleasure of the blog owner. You submit the comment, and then it's out of your control.
This is the normal, default way these things worked everywhere. Some discussion sights and forums had different rules, but comments have always been treated somewhat differently.
I don't allow commenters to edit or delete their comments on my blog, either.
posted by uberchet at 7:00 AM on July 11, 2016 [1 favorite]
This is the normal, default way these things worked everywhere. Some discussion sights and forums had different rules, but comments have always been treated somewhat differently.
I don't allow commenters to edit or delete their comments on my blog, either.
posted by uberchet at 7:00 AM on July 11, 2016 [1 favorite]
Allowing deletion or editing increases the possibility of a malicious person being able to develop a means of attacking the site. At the moment, all a commenter can do is add their comment to the moderation queue. If commenters had access to posts in the queue, hosts would start getting hammered with all sorts of deliberately malformed requests to see if they could store more stuff, delete/modify legitimate content, or get escalated privileges.
(why yes, I did work for a company that had a homebrew bulletin board system with an image upload/moderation feature. A spammer worked out that the moderation queue exposed image URLs to the public web, so we very briefly and accidentally became a host for terabytes of porn.)
posted by scruss at 8:45 AM on July 11, 2016
(why yes, I did work for a company that had a homebrew bulletin board system with an image upload/moderation feature. A spammer worked out that the moderation queue exposed image URLs to the public web, so we very briefly and accidentally became a host for terabytes of porn.)
posted by scruss at 8:45 AM on July 11, 2016
All of the above is correct. Also, from a technical standpoint, you don't necessarily need to be logged in to post a comment (this is a preference in Wordpress). If you've got a Wordpress blog that allows comments from non-logged-in users, there's no way to authenticate that you are the original author of the comment who wants to change it.
So not only could you go back and edit your comment to say "Do you like naked pictures of Justin Bieber", your 13-year-old cousin could do it for you.
posted by adamrice at 9:53 AM on July 11, 2016
So not only could you go back and edit your comment to say "Do you like naked pictures of Justin Bieber", your 13-year-old cousin could do it for you.
posted by adamrice at 9:53 AM on July 11, 2016
To elaborate on the spam angle (which I had happen on my site for a while) spammers would add an innocuous comment (eg: "This is great, thanks for posting!"). After the comment got through the filters and the spammer became an authenticated poster, they would change it to some kind of overt ad and it wouldn't trip any alarms.
Threaded conversations also make deleting tricky. If someone starts a thread and gets a hundred replies, then deletes the starting comment, what should happen to the replies? They've lost their context, so maybe throw them out. On the other hand it gives a tremendous amount of power to the thread starter to also delete the posts of a hundred other people.
There are technological solutions to these problems, but they all add complexity, sometimes an amazingly large amount of it. (Which also means the comment platform is more costly to develop and maintain.) Usually the best answer is to simply not allow editing. The possible damage from allowing editing is vastly larger than the possible damage from not allowing it.
posted by Ookseer at 11:00 AM on July 11, 2016
Threaded conversations also make deleting tricky. If someone starts a thread and gets a hundred replies, then deletes the starting comment, what should happen to the replies? They've lost their context, so maybe throw them out. On the other hand it gives a tremendous amount of power to the thread starter to also delete the posts of a hundred other people.
There are technological solutions to these problems, but they all add complexity, sometimes an amazingly large amount of it. (Which also means the comment platform is more costly to develop and maintain.) Usually the best answer is to simply not allow editing. The possible damage from allowing editing is vastly larger than the possible damage from not allowing it.
posted by Ookseer at 11:00 AM on July 11, 2016
I don't know why you can't delete the comment altogether though!
People will have responded to it in the meantime. Deleting the comment can make the later comments seem incoherent.
Also, there's still a potential for mischief. For instance, if you know the blogger is strongly opposed to Donald Trump, you could leave 2 comments:
N.B. that Wordpress isn't alone in this.
Yeah, there's this community weblog that doesn't let you delete comments and only lets you edit them for the first 5 minutes.
posted by John Cohen at 3:43 PM on July 11, 2016 [1 favorite]
People will have responded to it in the meantime. Deleting the comment can make the later comments seem incoherent.
Also, there's still a potential for mischief. For instance, if you know the blogger is strongly opposed to Donald Trump, you could leave 2 comments:
Comment #1: I have to say, I think Donald Trump will be a great president.Then the commenter could delete Comment #2, making it look like the blogger thinks Trump will win the election and be a great president.
Comment #2: Just kidding! He'll probably lose the election, and he'd be a terrible president if he won.
Blogger's comment: Well, we agree about Trump.
N.B. that Wordpress isn't alone in this.
Yeah, there's this community weblog that doesn't let you delete comments and only lets you edit them for the first 5 minutes.
posted by John Cohen at 3:43 PM on July 11, 2016 [1 favorite]
« Older Snorkling Recommendations for Great Barrier Reef | Cat with urinary blockage - urethrostomy decisions... Newer »
This thread is closed to new comments.
posted by charmedimsure at 11:07 PM on July 10, 2016 [12 favorites]