Three months ago, I ranted in this blog entry about blog comment spam. Well, it appears that the arms race of allowing anonymous blog comments (which I deem highly important) has been steadily escalating, and the latest crop of blog comment spam are pretty clever to the point that I think that anonymous blog comments cannot be allowed to be made unfettered and freely.
For example, the latest algorithms:
The only common thing amongst all of them is that the spam URL is in the username field, but unfortunately, that is also used for Trackback and by legitimate users linking to your blog... so disallowing those links diminish the linkage of the blogosphere.
Now, some have proposed requiring HIP-CAPTCHA and other Turing Tests for Humans before allowing comments to be made... and while I resisted such user restraint earlier because I value my user liberties, a little validation every once in a while can't hurt... or can it?
Anonymous Spam is the very abuse of personal privacy, but chipping away at one's civil liberties in the name of security is just as dangerous and slippery slop towards tyranny. Is there a better choice? Perhaps we can attack/remove the economic incentive to spam, or make it prohibitively expensive to spam than not.