by johnk idVer:f9b399091dc85eb8fbd97920f333d403
Tuesday, Oct. 21, 2014 at 1:06 AM
We don't have accounts, but there is a way to verify that you are who you say you are.
Due to the complaints from a user, we have added a feature to the site that fulfills one of the functions of "user registration" which is to allow people to have a consistent identity. It's called "ID verification", and it appears as a long hex string after your name, like this:
imc-volunteer idVer:324659533317de05378c76587
That hex string is computed from the "author" and "secret" fields.
By using the same author and secret for each post, you'll produce the same idVer value. That matching value verifies you. The reads need to manually check that the idVer values match.
idVer works because someone else won't know your secret. You should pick a secret that isn't a password for any other website. Even though the secret is not stored anywhere, it may be intercepted as it's sent up to the server.
The secret is not stored anywhere. It's used to calculate the idVer, and then disposed. The idVer is appended to the author field, and saved.
(It *is* possible to spoof a user if you have direct access to the database. You could replace the author and bypass the calculations. But that's not any worse or better than any other similar commenting software.)