If you have a very keen eye, you may have noticed that I added CAPTCHAs to the comment form. The problem isn’t exactly the volume of spam that I was getting (maybe two or three comments a day), or that the spam was getting through (WordPress has correctly marked almost all of the spam comments for moderation), but that there were very few nuggets of real comments in there to make the whole process worthwhile, and it was getting a bit depressing. I’m too paranoid about false positives to trust the filter to delete them altogether, so captchas seemed like the best option.
For now, I’m using a WordPress plugin called CapCC. However, on and off I’ve been working on my own text distortion doohickey which I’m planning to drop in at some point. It’s a really interesting problem – coming up with a system where you can generate a test in software, then determine in software that whatever completed the test was not software.
One annoying thing is that it there’s currently no vision-impaired option. “Well,” you say, “how many blind people actually read and decide to comment on your blog?”, and the answer is probably zero (only slightly lower than the number of able-sighted people who comment on my blog), but it annoys me on principle. It’s also an interesting addition to the general problem – now it has to be possible for software to read but not answer the test – so it’s sitting there mocking me as a technical challenge. The standard solution is to offer an audio version, but that has its own issues.
I did think of one solution, but it relies on spammers being rational actors, which is not an assumption I’m completely at ease with. Suppose there are two answers to the captcha – one encoded in the image, and one in the image’s alternate text. If you enter the one in the image, your comment is published, no questions asked. If you enter the alt text one, your comment is put in the moderation queue.
The alt text, of course, can be easily read by accessibility software and spambots alike. However, because the comment is going into the moderation queue, it’ll never see the light of day unless I recognise it as legitimate; so there’s no incentive in terms of published spam for a spammer to specifically try to defeat it. So as long as there aren’t any spambots that look at alt text as a matter of course, and as long as no one decides to spam my moderation queue out of spite, it should all work. (And if spambots do look at alt text, then I can put it in body text alongside or whatever.)
I’d really like to ask anyone using accessibility software what they think of this approach, but at the moment you won’t be able to leave a comment unless you find another way to parse the captcha. So if you have any thoughts, send me an email. (I do trust my email spam filter.)1 comment