How Verrit’s “Authentication Codes” Expose Peter Daou’s Continuing Ineptitude
Verrit is the new venture by Peter Daou, Democratic bigshot and staunch Clintonite. Aside from being probably the last six-letter domain that wasn’t taken yet, Verrit’s name appears to stand for something like “verify-it” and provides user-verifiable tidbits and quotes (called, of course, “verrits”) that can be fact-checked by the reader using the helpful code displayed alongside each one. Like this one.
So what IS a Verrit authentication code? Simply put, it’s nothing. It’s made up. It is given as a unique number to each post on the Wordpress-backed Verrit blog, and emblazoned on the associated social-ready images. The internet can then rest easy knowing that by plugging that arbitrary authentication code into Verrit.com, they can validate that this post was actually made by Verrit.com. It’s almost too smart. It’s like a URL that you can’t actually use for anything.
Of course, this is first predicated on the idea that Verrit.com is considered any type of informational authority worth counterfeiting (which it isn’t, because it’s brand new) and impartial (which it isn’t, because it’s run by Daou). What we’re looking at is a real-time exercise in hubris, authentication code “lol”.
The real meat of it is the authentication code. As for what makes up the number — difficult to say, other than the fact that most if not all of the authentication numbers seem to start with either 0443 or 0116. If one had to guess, these two prefixes are probably for two authors posting their “verrits” so as not to overlap numbers, and artificially increased a large amount to make it look like there’s a whole lot of “verrits” on the site. Of course, I’m willing to be wrong and I’d be delighted if the real explanation were any more intelligent.
The whole lark is marketed as a kind of “strike back” against fake news — finally, a trustworthy outlet where everything that is said can be verified back at the source. The problem comes from the fact that these authentication codes are really not backed by anything at all and the code is just a reference to its own, all living on a Wordpress blog.
And the fact that it all relies on Wordpress is a big issue.
Wordpress is the world’s most popular content management system for a reason — it makes running a blog easy for the type of people who need their blogging to be easy. However, Wordpress also carries with it a storied history of regular, critical security vulnerabilities. And while fixes do usually come in short order, this means a Wordpress administrator must stay on the ball and constantly be up-to-date on potential issues.
Wordpress updates come around once a month at a rough average, and an installation left untouched for more than a season or two will more than likely be vulnerable to serious issues that can lead to the content repository easily being compromised.
Frankly, Wordpress is wholly unsuitable to be considered the backend for a supposed immutable, eternal source of truth. The decision to use Wordpress for a website of this supposed gravity was made by someone who is either totally technically ignorant or not genuinely serious about the organization’s mission. It’s ill-advised at its very best.
What Could Have Been Done
Let’s pretend for a minute that the concept of Verrit were a good one. No, really, just play along. If you must have a “code” to accompany a quote or a blurb, then the code should be something — anything — that can be used even in some small part outside of Verrit.com. Perhaps first, an identifier of the person or entity being quoted (Hillary would be #000001, obviously), a date code for when it was uttered, and a few more digits as an index in case the person said many quotable things that day. Now when I want to verify that Bernie (identifier #000666 perhaps) said “I’m going to give away ponies” on whatever-the-hell day — I can then look that up in a thousand places that aren’t a Wordpress installation on Verrit.com. (Wait, I think I just invented sourcing one’s quotes.)
Or how about a checksum of the quote? Or if you want to get really fancy, do some steganography on those social images and build a validator so people can upload suspected images they found online to see if they are legitimately from Verrit and not from one of the thousands of people making fun of Verrit.
You can nerd this up in a number of ways that are actually useful, maybe. Hell, you want to validate a continuing series of accurate statements? Get the blockchain in here, that’s what it’s for.
I get what Daou and others believe they are marketing toward — there really is a population out there that is confused about how the content they are reading is created. There are certainly voters who don’t know how to tell real news from fake, and this authentication scheme is a grab at making those people feel a little better about what they read and share.
But when the authentication mechanism is meaningless, backed by nothing but a post on a Wordpress blog, you very dangerously redefine what “authentic” means, and ultimately are setting yourself up to do more harm than good. Circuitous references on a Wordpress blog do not — and will never — equal mankind’s greatest hope to battle misinformation, or whatever the hell they’re saying it is.
Simply put, this is a gimmick of a website designed as a desperate bid to regain some form of relevancy by people who have absolutely no idea what they’re doing. And it’s being hawked by Peter Daou. But please forgive me for repeating myself.
