Conversations versus CAPTCHA
Tue, Feb 1 2005 2:34
There's been a bit of talk about CAPTCHA lately, and stemming from that I think I have a better solution to the problem...
f'ing SPAMMERS are causing many blog to implement visual CAPTCHA's... those damn pesky things that make you squint and try to decipher the letters and type them into the textbox. Visual CAPTCHAs have a number of problems:
(a) computers can actually crack them relatively easily
(b) humans have difficulty with them
(c) inaccessible to the visual impaired (or hearing impaired if it's an audio CAPTCHA)
(d) spammers can still just cut and paste their spam to your site and submit in probably less than 10 seconds easily.
Considering spammers are a'hole yokels with nothing better to do with their time, we need to prevent them manually posting (d).
So what's a better approach ? What's the answer ?? CONVERSATION
That's right, do what humans do rather than have computers trying to generate things to prove you aren't a computer
Let's say we add an extra field to a post, a simple text field (probably < 255 char). I'll call that field the "key". Then when you post a blog entry, you also fill in the key. And for anyone to post a comment they have to put that key in the title. The server would read the title, if the key is in there it accepts the comment and removes the key from the title, otherwise it just rejects the comment. The real trick here is how do you let the readers of your blog find the key ? Easy, you include it in the conversation, either directly or implicitly.
For example, say I set the key to "dog". In my blog entry I might write "To reply include what has four legs and barks" or "To post a comment " what is man's best friend". So even though the key is static, as is the clue, it's a one off and hence incredibly difficult for a machine to guess, especially as they don't know where in my blog post the clue to the key will be posted. And it stops those cut and paste spammers as they too have to stop and read the actual entire blog entry. Plus it's accessible to the visually impaired.
So really, all along I think the answer to blog spam has been looking us in the face... use CONVERSATION, not CAPTCHA