{"id":531,"date":"2006-08-16T17:09:37","date_gmt":"2006-08-17T00:09:37","guid":{"rendered":"http:\/\/stefangeens.com\/?p=531"},"modified":"2006-08-16T17:09:37","modified_gmt":"2006-08-17T00:09:37","slug":"turing-tests-tinyturing-spammers-and-you","status":"publish","type":"post","link":"https:\/\/stefangeens.com\/2001-2013\/2006\/08\/turing-tests-tinyturing-spammers-and-you\/","title":{"rendered":"Turing tests, TinyTuring, spammers and you"},"content":{"rendered":"

How cool is this? TinyTuring<\/a> by Kevin Shay of STAGGERnation is a plugin for Movable Type that’s inspired by — wait for it — the incredibly hacky (but deadly effective) stopgap antispam measure I threw together back in 2004<\/a> in a fit of pique at the injustice of it all.<\/p>\n

The advantage of using TinyTuring: You no longer have to hack Movable Type’s code. The disadvantage: It’s not really<\/em> a Turing Test. If the plugin takes off, then there are ways in which the dedicated spammer could generate scripts that circumvent TinyTuring’s defences.<\/p>\n

The first weakness is that the answer is a single letter. That’s 26 possible answers. Faced with a brute-force automated script aimed at TinyTuring, one in 26 automated comments would still get through. That’s good, but thousands of automated comment spams per day divided by 26 is still not zero.<\/p>\n

The second weakness is that the answer — the letter — has to be listed as part of the question. An enterprising spammer might reverse social-engineer typical sentences and notice that most people use the default MTTinyTuring tag, which allows a trivial parsing solution, or else he might look for one-letter words and try just those. In any case, a typical sentence uses significantly fewer than 26 unique letters, so the odds can be made better than one in 26 — just by trying all the unique letters used in the sentence. Another very clever strategy would be to compare successive iterations of the question, and latch on to the one element that changes randomly.<\/p>\n

My own original Turing Test questions were indeed of the type “Type the letter F”, but I quickly switched over to questions where the answer does not appear in the text, because spammers did catch on. Now, I use questions such as “How many letters ‘o’ in the word ‘Google’? (Type a digit)” or “Who is the father of evolution? (Hint: Charles ___ . Just his last name, thanks)”. I have found these to be invincible to scripts (and stupid people). They aren’t possible with TinyTuring, because we don’t know beforehand what the (random) answer will be for which we have to ask a question.<\/p>\n

My original hack’s repellent effect is the promise that every time a spammer invests time on my blog to manually answer a one-of-a-kind question that no machine can answer (with a view to hardcoding that answer into a script aimed at just my blog) I will change it. This works because I care about my blog more than the spammer does. Manual spamming just isn’t economical.<\/p>\n

A suggestion for TinyTuring 2.0, then: Make a mini content management system for question\/answer pairs which we individual bloggers write ourselves. If a spammer figures out the current question\/answer pair, we just change it with a new one. A further refinement would be to rotate the question\/answer pair automatically after a random number of accepted comments. That should really infuriate spammers, even on high-traffic sites.<\/p>\n

But in any case, thanks for the thanks, Kevin. I should vanity surf more often:-)<\/p>\n","protected":false},"excerpt":{"rendered":"

How cool is this? TinyTuring by Kevin Shay of STAGGERnation is a plugin for Movable Type that’s inspired by — wait for it — the incredibly hacky (but deadly effective) stopgap antispam measure I threw together back in 2004 in … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-531","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7eNhC-8z","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts\/531","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/comments?post=531"}],"version-history":[{"count":0,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/posts\/531\/revisions"}],"wp:attachment":[{"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/media?parent=531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/categories?post=531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/stefangeens.com\/2001-2013\/wp-json\/wp\/v2\/tags?post=531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}