Wednesday, August 15, 2012

A Team Blog With No Administrators Is Given To The Authors, For Their Control

We have known, for a while, that every Blogger blog has to have at least one administrator.

That rule is enforced by the Permissions wizard, which gives any administrator the choice to demote or remove any administrator, from the Permissions list - but only when there is at least one other administrator in the list.

When the Permissions list is displayed, if there are at least two members with administrative authority, each administrator entry, in the list, has a link to demote or remove that member. If there is only one member with administrative authority, there is no such link - and that member can be neither demoted or removed from the list.

As long as only the Permissions wizard is used, to demote or remove administrators, this article would be meaningless (see the above link). But, there is another way for administrators to be removed - and this occasionally leaves blogs with no administrator.

If the only way to lose an administrator (or member) from a blog was by using the Permissions list to demote or remove, then the Permissions list setup, as described above, would be sufficient.

Unfortunately, the Blogger - and Google - account deletion processes don't consider the member lists for the blogs owned by the account. When a Blogger account is deleted, the fate of the blogs owned, by that account, has to be decided later.

Any blogs which have only one member (the owner) are either frozen or deleted - as with only one owner, there is no need to keep those blogs. Any blogs with more than one member simply lose that one member. But what if a blog has more than one member, but only one administrator - and that one administrator takes a hike?

With a team blog with one administrator, and one or more authors, losing the one administrator would leave a blog that was being published (by the authors), but could not be managed (because there was no administrator). This would, in the past, lead to panic in the forum.
The administrator for my blog deleted his Blogger account - and now my blog has no administrator! What do we do now?

With no administrator existing, Blogger Support would be summoned, and would have to determine whether a blog:
  • Had no administrators.
  • Had at least one author.
  • Was being requested by a person who had a legitimate need to request control (a former administrator, or a current author).
Failure to ensure that each condition was being properly met could, with the right problem report, allow a hijacker to improperly assume control of someone's blog - with only Blogger Support to blame for enabling the hijacking.

To allow control recovery without needless delay, and avoid the need for endless detail in verifying any such panicky report, Blogger Engineering made a simple procedural change. The "Forgot your username or password?" wizard, when control recovery is requested for a blog with no administrator, simply sends the appropriate access tokens (aka "login instructions") to all blog authors - as long as the membership list is well maintained.

Any blog authors, able to receive the login instructions, then become de facto administrators - and can jointly determine the fate of the blog. The control recovery process can be automated, and the risk of possible hijacking of actively owned (administered) blogs is reduced. This simply requires that at least one blog author uses a Blogger account based on an active and genuine email address - and if necessary, can search persistently for the email sent.

When this reset process is done, each author of the blog initially has the same power as each of the other authors. Blogger leaves it to all authors to act honourably - and to politely choose one or more authors to be administrators. As long as the author submitting the reset process is able to locate the email message in his Inbox immediately, he can make himself the sole administrator - if he decides.

If one of the authors has problem locating the email, it's possible that the other newly appointed administrators could unwisely hijack control of the blog. If this happens, it will be up to the authors to jointly establish order. Blogger Support will not be involved in any conflict.

The more authors a given blog may have, the greater the chance that one author, receiving the email message, may act dishonourably, and hijack the blog. In cases where there are a large number of authors (precise number not known, right now), Blogger will defer to the author requesting the reset.

In this case, the author requesting the account reset can enter his email address, that is used by his Blogger account, to have the password reset email sent directly to him.

>> Top

1 comment:

Jiayi Zhou said...

Even after having sent the "forgot your email/password," I still have not been given control of the blog as an administrator.. and the blog still has no administrator.

The original administrator was an old (college) email of mine.. which no longer works. The blogger account for that still exists, but I can't even add it back into the blog to delete old posts.