You know those little things on web sites where it shows you two distorted words and you have to type them in to prove that you're a human and not a spambot?
I *hate* those things!
Sometimes I can't even read the two words.
I'm sure you hate them as much as I do.
But those things–which are called "captchas"–play a role in keeping spambots out, which is important for all of us. Spambots are *EEEEEEvil."
Of course, now many spammers are hiring humans in third world countries to do their spamming by hand, thus making captchas less useful.
I have to delete spam supplied by such humans all the time.
So the captchas are now somewhat less effective for their annoyance factor.
I've been trying to find a better solution, and I recently discovered that TypePad has an option that will let me get rid of the captcha without flinging the doors of the combox open to every spambot on the planet.
That option is to require an email address instead of a captcha, and I've decided to experiment with this option.
I hope the experiment pays off, because I want to provide as comment-friendly an environment as I can, which means finding a balance between preventing combox spam, which is no fun for anyone, and making it as easy for readers to comment as possible.
The email address solution may do that better than the captcha solution at this point.
When I posted a comment earlier tonight, as soon as I put my cursor in the email field, my browser recognized it as an email field and gave me a dropdown menu of some of my email addresses, so all I'd need to do is click one if I wanted to use it.
I don't know whether your browser will do that. The first time you might have to type the email address out, and then it might recognize it in the future.
Worst case scenario, typing an email address is easier than squinting to figure out two distorted nonsense words and then typing them out, so it looks like this should make it easier for folks to comment.
BTW, the email addresses are TOTALLY PRIVATE. Only I see them, and then only if I go looking for them, which I only do for a special reason. You can, of course, put in a phony email address, but I hope you won't because there are times I need to get ahold of someone who has commented.
I hope you'll try the new system out and let me know what you think!
Of course, if we get overrun by spambots, I may have to go back to the captcha, but I'm optimistic that won't be necessary.
Here's hoping!
I noticed this earlier. It seems to me that automated filling out of email address fields (or filling in by hired human spammers, etc.) would be easier than captcha reading, so I don’t see the advantage from a spam-prevention point of view, but let’s see how it goes.
The feature I would really like to see is the thing that you can have automatically email you when someone else comments on a post you commented on – though I don’t think I’ve seen any TypePad blogs that offer this, so it might not be available.
Pachy: Have you seen this feature on any WordPress blogs?
http://antispam.typepad.com/
🙂
Vox Nova is a WordPress blog that has it.
Also, how come I had to enter a captcha before posting the above comment?
They also trick people into filling out captcha for other sites.
How it works.
1) Have evil website with content people want (like a pdf or mp3 file.)
2) Evil site query victim site to attack to get their captcha.
3) Evil site asks user to fill out stolen captcha in order for user to get desired file.
4) Evil site takes answer person filled out and submits it to victim site.
5) Evil site then automatically puts in garbage in victim site at a rate equal to the number of rubes they can get to fill out the bogus captchas.
More of this to come in the future.
What’s to stop a spambot inserting a fake email?
Alternatively try another captcha like Recaptcha http://www.captcha.net/ whcih uses text which google books optical character recognition can’t read. At least it helps book and newspaper digitization.
Am trying this out.
I’m not sure how much you can customize your site, but I have experimented with some comment-spam-fighting techniques that are either entirely transparent to the user, or that require no effort on the user’s part, and I have found them effective.
For instance, one such technique includes an empty text input field, with the following instruction to the user: “Leave this box blank.”
Spam bots tend to fill in every available text field, even if it means filling them with gibberish, so if you see that someone has filled out the text box that was supposed to be left blank, you can assume it was a spam bot and reject the comment.
A slightly more complicated technique uses Javascript to fill in a hidden input field. For instance, you might set up a Javascript function that copies the contents of the “name” field, replaces all e’s with 3’s, and puts the new string into a hidden field.
Only the most sophisticated spam bots would be able to generate the correct string for the hidden field, so you can safely assume that if the string validates against your function, it’s a human, not a bot.
Of course, these techniques only guard against automated spam; if an actual human being is coming to your site and filling out the form as directed, you’re stuck.
But then again … the same goes for a captcha.
Excellent news. I’ve been looking to comment here more, especially now that I’ve discovered Dr. Who.
[Tune of, “Home, Home on the Range”]
Gone, gone are the days,
when the evil Captchas played.
Now, seldom is heard
a discouraging word,
since the e-mails have chased them away.
Do not use a fake e-mail address, yet! This might violate the Terms of Service and get one kicked off of Typepad. There was a court case about this a few years, ago. I haven’t looked at the TOS, but with the growing trend towards away from pseudonymity (Google+, for instance), until this matter has been examined, I would wait. Could some kind soul find and read the TOS just to make sure that I can use TheChicken@thecoup.org without fear of Men in Black raiding my home, er, coup?
Here is a link to the TOS for Typepad. http://www.typepad.com/legal/terms-of-service.html
“2.1 When you register to use the TypePad Service, you must provide true, accurate, current and complete information about yourself and maintain and promptly update your account information to keep it true, accurate, current and complete.”
And further on: “5.4 If your Payment Source is invalid, if charges billed to your Payment Source are declined or not paid or if you fail to pay charges for a paid version of the TypePad Service when due, your account may be downgraded, suspended or cancelled, at TypePad’s discretion. If your account is suspended, TypePad may, but is not obligated to, maintain your account and/or related content and information, in order to allow you pay the past-due charges and restore your account. If the charges are not paid, your account may be cancelled.”
I didn’t see anything serious enough to take to court, but then again, with all the stupid things brought to court today, what do I know?
Not sure if this is what you were looking for, but hope it helps. 🙂
-Agnes
+JMJ+ BTW, when/if you do go to our e-mails, Jimmy, our real names will be known, (which is fine with me) but is it considered “fake info” to use a fake name, if they are so strict with real e-mails?
They aren’t strict w fake emails in the combox. The TOS passages quoted apply to the bloggers who use them, not blog readers leaving comments. That’s why it talks about payment & keeping your info (eg billing address) up to date. They dont want bloggers signing up w fraudulent information to scam them out if money. They couldn’t care less about comboxers using aliases, fake email addresses, etc.
Typepad should hire humans in third world countries to screen posts for spam.
+JMJ+ OK, thanks Jimmy. That makes sense.
OpenID and blogspot sign-ins don’t work. LiveJournal, obviously, does….
-Foxfier