Skip to main content

Director of Web Strategy at the Internet Society. Author, speaker and podcaster on Internet technologies, VoIP, telecom, security, social media, IPv6, DNSSEC. Addicted to the sport of curling.


These Seek infrared cameras for iPhone / Android look so cool! I'd love to have one to look at our house and see the heat loss.


You either create your future... or you allow others to create it for you.


Fascinating. It never occurred to me that our keyboards only show uppercase letters and not lowercase. (As a 5yo hunts for letters)


We are the sum of the choices we make.


Hmmm... wondering where adding analytics (such as Google Analytics) is on the intended feature list for Known.


Questions About Known (@withknown) Platform, Webmentions and security / spam

3 min read

On my drive to an airport yesterday, I listened to the enjoyable conversation on Leo Laporte's This Weed In Google (TWIG 266) where he talked with Known's Ben Werdmuller and Erin Jo Richey about the platform and about the "Indie Web" in general.  Kevin Marks was also a guest and continued talking with Leo for a time after Ben and Erin had left.

The discussion helped me understand a great bit more about what they are aiming to do with Known - and also with the broader "Indie Web" movement that I hadn't really been tracking.  I'm a huge fan of all things that are "distributed and decentralized", so I very much like the model that is being developed.

I was also intrigued by the discussion of Webmention, something I'd not heard of but seems to be an updated and improved evolution of the "Trackback" concept that many of us used back in the early days of blogging in the early 2000s (as well as "Pingback" that came later).

I was left with a whole number of questions... some of which I think I'll understand better when I get a chance to install Known directly onto one of my servers... but the biggest question was:

How will Webmention deal with spam?

That to me became the biggest problem with Trackback - spammers turned to it and deluged all of us running blogs with tons of trackback spam.  It's still a problem on several sites where I still have trackback enabled (and I moderate all comments/trackbacks as a result).

I see on the page (which is a redirect to a Github page) that they have some thoughts around spam and abuse:

  • The verification process SHOULD be queued and processed asynchronously to prevent DDoS attacks.
  • Receivers SHOULD moderate Webmentions, and if a link is displayed back to the source, SHOULD link to sourcewith rel="nofollow" to prevent spam.
  • Receivers MAY periodically re-verify webmentions and update them.
  • If a receiver chooses to publish data it picks up from source, it should ensure that the data is encoded and/or filtered to prevent XSS and CSRF attacks.

But that doesn't really offer any solution beyond moderation... which means that the publishing platforms implementing Webmention have to provide some kind of interface for moderating comments and webmentions.

How does Known handle this?  Could I set up a Known server and start sending webmentions to every other Known server I could find?

Right now all of this seems to be more in the experimental development phase where this is all fine ... but at some point when this gets to be more popular, the spammers will come.  Inevitably they show up with their twisted desire to (ab)use every platform to advance their business model.

How will the world of "webmention" deal with that?  And how will Known specifically?

Many questions... 


It's Monday... what are you going to do this work week that will make the world a bit better?


Heading to Hartford (BDL) to fly to Virginia for an @InternetSociety all-staff meeting...


I'll be talking about @withknown in my report into Monday (9/15) @FIRpodcast episode. Listen then for more info...


What Is Known?

1 min read

What do we know about Known?  What can we learn about it...   that's why I am here! :-)