
Why your captcha isn't working - human armies of spam posters for hire - ck2
http://www.technologyreview.com/computing/39304/
======
codemac
The future of online communication is based around these "filter bubbles". The
more aware may see that this is a bad thing, but most people see this is a
great improvement.

I'll add my friends on diaspora, google+, facebook, etc, and we'll all send
each other stories that make our lifestyles appear worthwhile. If you're
battling captcha, you aren't fighting the battles of the future. Not that it
isn't a worthwhile problem, I just see facebook's auto grouping, g+ circles
and diaspora aspects as things that all make conversation socially verified
ahead of time.

~~~
bravura
This.

Personalization is the right way to combat spam.

~~~
praptak
It's rather "human trust-based networking" than personalization. And it rocks
since the dawn of humanity as a solution to problems ranging from censorship
(good luck censoring gossip), restrictions on trade (good luck stopping
friend-of-a-friend drug deals), shady companies (bad opinions travel fast),
hiring and yes, the good old spam too.

I believe we have not yet realized the full potential of human networking +
computer networking.

------
jasonkester
I've been noticing this type of activity on my user-content sites for a couple
years now. It'll make it past any human-detection script you throw at it, and
it seemingly doesn't care that 99% of it gets blocked by bayesian filters and
would have no-follow links on no-index pages even if it made it through.

The only effective solution to human-powered spam is to flip your user-
generated content from "public by default" to "probably spam unless proven
otherwise by a moderator". Watch your users posting things, approve the non-
spam to be publicly visible, mark consistently good users as "trusted" so that
you don't have to watch them anymore.

It takes more human intervention, but really that's the only way to make a
user-generated content site work these days. (Unless, of course, your userbase
is an army of geeks who are willing to upvote good stuff and flag spam for
you).

More here: [http://expatsoftware.com/articles/2010/03/care-and-
feeding-o...](http://expatsoftware.com/articles/2010/03/care-and-feeding-of-
happy-spammer.html)

------
ck2
Also a good read:

<http://www.technologyreview.com/blog/arxiv/27357/>

------
atirip
What about to ask for Chinese censors to kindly add your forum to the Great
Firewall? Problem solved.

~~~
buro9
It's not just the Chinese. My spam logs suggest it's also the Russians and
Indians in great number and then there's a large gap before reaching the USA
and some European countries.

Besides, do you believe you'll never have _any_ valuable users from those
places?

IP blocking is proving to be the most successful thing I've got going. I do
like to make it forget IPs after a while as they could just be temporary. Most
of my IP blocks I apply for a month, it's an entirely arbitrary time period I
know.

I did do an experiment and captured all registrations and form submissions for
a day and looked at the data. The only pattern that _ALL_ spammers that day
could be identified by was their password.

The password was either '0' or '[a-zA-Z0-9]{10}'.

Unfortunately I can't just block those patterns as I have no idea how many
real users would be affected by such a thing. Obv' I don't have their
passwords and just store hashes, and I don't normally transmit a password
except for noscript graceful degradation. So basically... whilst I was pleased
to find a pattern it's not one I can implement against without doing something
undesirable elsewhere.

------
ericb
What about a captcha system that costs a penny?

~~~
nodata
_Why should I pay to give my excellent and well-reasoned opinion?_

~~~
praptak
Fair point. Moreover, collecting pennies over the internet is a known hard
problem.

------
paulhauggis
If you've ever looked at some of the black hat seo forums, this is a method
they use for "marketing".

