I've enabled comments on this blog. I'm somewhat concerned about spam. Blogger offers a content spam filter. We've used that for some time at
The Daily Brief, and I've found it rather lacking. The greatest problem is that it's not sure-fire, and suspect comments have to go into a moderation queue. Legit commenters whose posts are flagged like this are left confused and anxious over why their comment isn't published right away.
I've been doing some research into more sophisticated spam filters lately. I have long advocated Turing code filters - images that can be resolved by humans, but not machines. Over at
Samizdata, Dale Amon installed one of these back in 2004. And TTBOMK they've had very good luck with it, as have others who have used them.
Well, Dale has a
long history at Carnegie-Mellon University, where they have been working on these for some time, under their
CAPTCHA (
Completely Automated Public Turing test to tell Computers and Humans Apart) project. It seems that this presents an interesting AI problem, with assorted computer scientists trying to defeat ever more complex CAPTCHAs.
And there in itself is a very interesting situation: At Samizdata, they employ a relatively very simple CAPTCHA algorithm, with a plain text six digit code superimposed over a random pattern. It would likely be easy to defeat, but should be adequate for blog comments. Contrast this to what they use at Yahoo! (I doubt it's an actual CAPTCHA, as the code is likely not public), where the image is so distorted, that sometimes humans can't even read it correctly.
When will we meet that "
Deep Blue" moment, when the machines can resolve Turing codes better than humans?
But, as far as blogs are concerned, that seems to be a moot point these days, as almost all the spammers have switched to trackbacks, to get around regular comment spam blockers.
Anyway, to deal with trackback spam, I found
this WordPress plug-in from the Computer Security Lab at Rice University. It checks to assure the page in the trackback link actually contains a link to the targeted site. This seems to be a simple and effective block to me. But it works on the assumption that no spammer would produce a custom page, containing a link to the targeted site. It would seem that an automated defeat to this could be engineered as well.
With the spam war, as with every war, for any measure, there exists a countermeasure.
As well, I like the idea of allowing regular commenters to register, so their comments always bypass moderation. But unregistered readers should still be allowed to comment (Blogger doesn't appear to offer this). Orin Kerr (from
The Volokh Conspiracy) is doing this on
his new solo blog. Orin is only allowing registration by invitation. I'd rather allow open registration, so long as it can't be done by a bot.
