The CAPTCHA war is starting to get old.
Unfortunately, it seems that the fundamental flaw in a CAPTCHA, that makes it different from the proper Turing test, is that it’s administered by a computer, not a human. If I had a chance to hold a brief conversation with the comment-leaving entity, I’d be able to tell the difference between a human and a spambot trivially. But the webserver is the one holding the conversation with commenters, not me.
Right there is an interesting point though: This is a blog. Someone leaving a comment is participating in a conversation that started at the top of the page. Shouldn’t I be able to lean on that somehow, to only allow comments that move the conversation in a human-like direction?
I suppose that’s achieved by turning moderation on. And I do delete spam comments afterwards. The problem isn’t quite that I’m not in a position to judge who’s human, it’s that I want the comment to appear on the site as soon as it’s entered, without my interaction. Hmm.
Now, suppose that, instead of a CAPTCHA, each post had some kind of comprehension test. To enter a comment, you need to provide a short answer to a question that will be obvious if you’ve read the post. Not only will this prove difficult for spambots, but it will also filter out human spammers and people who don’t read the post before commenting.
Gosh, where do I start on the problems with this plan. It means that I have to put a bit of extra thought into each post to come up with a question – it has to be unambiguous, but ideally not just a single word gleaned from the post, because that would be vulnerable to a spambot just trying every word. It can’t be so tricksy that it blocks legitimate commenters (a problem it shares with CAPTCHAs, but along a different axis).
Then there’s the problem of what to do with all my old posts that don’t already have a question – especially since they’re the ones attracting all the spam (presumably the ones that rank high on Google or something). In fact, I might need to regularly change old questions, because unlike the current CAPTCHA system which has a (semi-)unique challenge each time you load the page, the comprehension question always stays the same, so someone can throw an indefinite amount of spam at an abnormally popular post by just answering the question once. I don’t know enough about the mechanics and motivations of spamming to know whether that’s something anyone would want to do, but it seems like a big hole.
Encouragingly, though, there are some upsides. I already mentioned that it’s also an obstacle to human spammers of various kinds. It also doesn’t have the accessibility problems that CAPTCHAs have (for visually impaired readers and such). And it might actually be interesting to embed information in every post – it’d be like a whole series of mini-puzzle-making exercises. Not for everyone, but I might enjoy it. Maybe.
Some of you will presumably wonder why I don’t just turn Akismet on. That’s not the point. The point is… okay I’m not entirely sure what the point is, but at the moment this is more interesting to me as a problem-solving exercise than a spam-blocking exercise. So much so that I’m thinking I might actually try this. It’ll be a fun gimmick at any rate.
The comprehension test for this post, if and when I implement it, will be: What is the acrostic formed by this post? This is a bad question to use too often, because a spambot can just look for the word “acrostic” in the question and work it out easily, but the idea is that the space of possible questions is big enough that they can’t solve them in general. (And if they do, then maybe makers of spambots will contribute to the next major breakthrough in AI.)4 comments