Conversations versus CAPTCHA

Posted Tue, Feb 1 2005 2:34 by bill

There's been a bit of talk about CAPTCHA lately, and stemming from that I think I have a better solution to the problem...

 

 f'ing SPAMMERS are causing many blog to implement visual CAPTCHA's... those damn pesky things that make you squint and try to decipher the letters and type them into the textbox.  Visual CAPTCHAs have a number of problems:

(a) computers can actually crack them relatively easily

(b) humans have difficulty with them

(c) inaccessible to the visual impaired (or hearing impaired if it's an audio CAPTCHA)

(d) spammers can still just cut and paste their spam to your site and submit in probably less than 10 seconds easily. 

 

 Considering spammers are a'hole yokels with nothing better to do with their time, we need to prevent them manually posting (d).  

 

So what's a better approach ?  What's the answer ??  CONVERSATION

 

That's right, do what humans do rather than have computers trying to generate things to prove you aren't a computer

Let's say we add an extra field to a post, a simple text field (probably < 255 char). I'll call that field the "key".  Then when you post a blog entry, you also fill in the key.  And for anyone to post a comment they have to put that key in the title. The server would read the title, if the key is in there it accepts the comment and removes the key from the title, otherwise it just rejects the comment.  The real trick here is how do you let the readers of your blog find the key ?  Easy, you include it in the conversation, either directly or implicitly.

 

For example, say I set the key to "dog".  In my blog entry I might write "To reply include what has four legs and barks"  or "To post a comment " what is man's best friend".   So even though the key is static, as is the clue, it's a one off and hence incredibly difficult for a machine to guess, especially as they don't know where in my blog post the clue to the key will be posted.  And it stops those cut and paste spammers as they too have to stop and read the actual entire blog entry.  Plus it's accessible to the visually impaired.

 

So really, all along I think the answer to blog spam has been looking us in the face... use CONVERSATION, not CAPTCHA smile

 

 

 

Comments

# re: More Casey Worship

Monday, January 31, 2005 7:49 AM by TrackBack

# re: Conversations versus CAPTCHA

Thursday, February 03, 2005 7:12 AM by bill

Captcha also stops you from posting via RSSBandit or any other CommentAPI capable reader, perhaps they will begin updating RSS Readers to include this but I haven't seen one yet.

I recently started using SharpHIP which is basically the same as Captcha, I have since received 0 spam which I used to have to clear several times a day.

I am sure that you could add Accessibility to the control easily, there are several ways I can think of to extend one that would still frustrate spambots.

I also thought of using some sort of Beyesian filter control instead to just filter the comment and reject it if it meets certain criteria. That could at least cut down most of the spam I got which was 10 links and no real text.