Sam Kington's blog
  1. Home
    2.  » 
  2. Undated
    3.  » 

BlogMatch

Ingenious technological attempt at solving ages-old problem.

BlogMatch is yet another find-out-about-other-people / dating service. That’s not the interesting bit. The interesting bit is how it determines that you’re a) a LiveJournal user, and b) the LiveJournal user you say you are.

Consider a service that brings together two LiveJournal users that don’t know each other, and what it needs to do. For each user, it needs to a) store information about them, and b) verify that they’re telling the truth about being the user that they say they are.

There’s a simple way to verify point b: ask them for their livejournal password, attempt to log in to their account, and if you manage to, then they’re who they say they are. The problem is, the sort of people who would give you their password are also the kind who seriously weigh up the pros and cons of giving this nice man from Nigeria their bank account details.

So here’s how the system works:

  1. You sign up for the system, give them a username and password, tell them some details. It gives you a string of letters and numbers that is a shared secret - i.e. something only you and BlogMatch know about.

  2. BlogMatch’s computer(s) posts a new entry on a special LiveJournal. The entry reads, basically: “LiveJournal user blah wants to sign up for the service. If this is you, tell me the secret key I told you.”

  3. You, the LiveJournal user, go to this blog entry, and add a comment saying “I am user blah and this is the key you told me about.”

  4. LiveJournal sends an email notification to BlogMatch’s computer(s), who parses the email, realises that it’s from user blah (and it can trust this information because LiveJournal independently verified it), sees that the right shared secret was quoted, and activates the user’s account. It then posts a reply to the comment, saying “Yup, you check out.”

I got this from Andrew Ducker, but rather than linking to his journal post, I’ll instead link to the blogmatch handshaking process he got involved in. I really like the idea that livejournals, which were supposed to be humans talking to other humans, have been subtly subverted by automated CGI scripts as part of a program to get humans talking to each other.