Three months ago, I ranted in this blog entry about blog comment spam. Well, it appears that the arms race of allowing anonymous blog comments (which I deem highly important) has been steadily escalating, and the latest crop of blog comment spam are pretty clever to the point that I think that anonymous blog comments cannot be allowed to be made unfettered and freely.

For example, the latest algorithms:

  • One takes snippets of existing blog comments from the same blog entry, injects its URL into the username field, and repost that as blog comment
  • One takes snippets of text from novels, emails, etc from other sources, injects its URL into the comment text and/or username field, and reposts that as blog comment
  • One uses short congratulatory phrases like "good to know", "I like your site a lot", "keep up the good work", etc, injects its URL into the username field, and reposts that as blog comment

The only common thing amongst all of them is that the spam URL is in the username field, but unfortunately, that is also used for Trackback and by legitimate users linking to your blog... so disallowing those links diminish the linkage of the blogosphere.

Now, some have proposed requiring HIP-CAPTCHA and other Turing Tests for Humans before allowing comments to be made... and while I resisted such user restraint earlier because I value my user liberties, a little validation every once in a while can't hurt... or can it?

Anonymous Spam is the very abuse of personal privacy, but chipping away at one's civil liberties in the name of security is just as dangerous and slippery slop towards tyranny. Is there a better choice? Perhaps we can attack/remove the economic incentive to spam, or make it prohibitively expensive to spam than not.