On 2 Aug 2013, at 12:17, Rich Kulawiec <rsk(_at_)gsp(_dot_)org> wrote:
On Tue, Jul 30, 2013 at 04:40:42PM +0200, Arturo Servin wrote:
Captchas? Recaptchas?
Captchas et.al. are completely worthless. They're defeated at will by
the first adversary who comes along that's willing to expend the minimal
resources required to overcome them.
Yes, indeed, and in the meantime it excludes many people with limited or no
vision, including me. There's a rant here, but you don't want to hear it right
now. :)
FYI I use the service from http://www.skipinput.com/ for my CAPTCHA-solving
needs. Works very well, though you need to be aware that it uses a browser
extension.
The best methods for blog comment abuse control seem to be combinations
of network/domain blocks and moderation. Both have their downsides,
though; the former needs to be custom-crafted for each particular
application and the latter can be time-intensive. The "trick", if
there is one, is to use layers of these so that each is conservative
about what it blocks (thus keeping the FP rate down) but that each
leaves less work for successive layers to handle (thus keeping the
FN rate down).
Without wishing to kill morale, it's not clear to me how important the IETF is
to our friendly cockroach neighbourhood. I'll bet that a simple question and
answer (whose answer is trivial to find on Google) is all that we really need
to kill comment spam. There is the authentication database at Tools too, of
course, and the IETF is quite versed in sending challenge emails, so at worst
the combination of a Q&A and a valid email address should scare off the worst,
while leaving guests the honour of commenting and leaving familiars almost no
work to do at all.
Cheers,
Sabahattin