[Updated 10/23/05: Elisa has updated her post to make a few additional points, so I’ve updated the URL to her post here.]
Elisa Camahort and Sour Duck have both recently had trouble with comment spam, but responded in very different ways. First, Elisa in “Bloggers getting more and more restrictive with comments…And it’s definitely not good for blogging business“:
I recently implemented the word verification tool on this blog after a weekend spam attack (over 400 comment spams within 24 hours.) When I encounter such a tool I consider it to be a minor inconvenience, but a small price to pay for posts free of comment spam. […] It seems like most spam-fighting tactics focus on creating barriers that impact spammers and non-spammers alike.
Commenter Angel followed up:
On the word verification, I don’t mind it as much. However, a recent study by the American Foundation for the Blind found that obstacles like word verification create a hindrance to people who are visually impaired since tools like JAWS cannot cope with the squiggly words. It was something I had not even thought about when I turned on my word verification after the spam was getting unbearable. However, I am not planning on turning the word verification off.
Elisa replied:
I did think about that. I’ve noticed that when you buy tickets online, for example, there’s always a link to click in case you can’t “read” the verification word. I’m sure we’re not meeting the requirements of the Americans with Disabilities Act by not providing an alternate. (But since were not government contractors I don’t think it matters.)
Sour Duck reacted differently to her comment spam:
I’m turning off the comments facility until I figure out a way to filter spam comments. (I don’t like to use the word verification option that Blogger offers, because blind people and others with vision difficulties can’t join in.)
However, she has now turned comments back on and is using the word verification option.
This “word verification” option they are discussing is what’s called a CAPTCHA. Six Apart describes CAPTCHAs like this:
Perhaps the most famous Turing-style test in use as an anti-spam technique is the CAPTCHA (a cutesy acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”). CAPTCHAs frequently come in the form of images of fuzzy or distorted letters and numbers, which humans can read and parrot into a text field, but which automated optical character recognition software has trouble identifying.
[…] an image-based CAPTCHA is impossible to solve for people with impaired vision, those with reading difficulties (e.g. dyslexia), or those using text-only web browsers. If the only way to comment on your site is by solving an image-based CAPTCHA, you have a serious accessibility problem.
Anyone who knows me well would expect me to start yelling when I read Elisa’s comment that she doesn’t think it matters whether users with disabilities can comment on her site, or when Angel and Sour Duck recognized the problem but decided to use the CAPTCHA. But since I’m trying to grow as a person, I’m more interested in this question:
WHY CAN’T THE GENIUSES WHO MAKE THIS SOFTWARE FIGURE OUT A BETTER SOLUTION?
Elisa’s Worker Bees blog is hosted on Blogger. Blogger’s commenting CAPTCHA, unlike the ticket purchasing sites Elisa mentioned she has used, has no alternative. If you can’t see, you can’t comment. The American Federation for the Blind has put out a few articles on blogging (see end of post for details), and they commented on the process of setting up a blog on Blogger:
Unfortunately, a blind user cannot get past the “name your blog” stage because they are confronted with a message that instructs them to complete their registration by “entering the words they see in the picture.” Below these difficult to follow instructions for a screen reader user is an alternate option, which has been labeled “advanced setup.” This option allows an individual to host their blog elsewhere.
As far as I can tell, Blogger has eliminated users with vision or reading problems from either hosting their blogs with the company or commenting on any blogs hosted by the company where the author needs a tool to fight comment spam. Six Apart, despite describing CAPTCHAs as a serious accessibility problem, uses a CAPTCHA once as part of the TypeKey account creation process. The only alternative they offer is to change the CAPTCHA image until you find one you can discern. So Six Apart has eliminated these users from commenting on blogs that require TypeKey authentication (though Movable Type offers a wider range of options than Blogger on managing comment spam – one does not have to simply require TypeKey or go without).
This baffles me. Comment spam is a huge issue, and this is the best you can do? Exclude people who can’t see, which will include more and more people as they get older, and people with reading difficulties? It’s too hard, so we’ll throw those folks overboard as our solution?
I know Elisa wouldn’t hold BlogHer in a building with no wheelchair access, so why don’t you give her some reasonable tools so she can offer the same level of access to her blog without getting crushed under comment spam?
The American Foundation for the Blind articles on blogging have been kind of a mess. They make a lot of good points, but they aren’t very well organized. For example, they don’t distinguish between the purposes of Blogger and Bloglines when reviewing them, and even recommend Bloglines for starting a blog – even though the “my blog” functionality seems from the outside to only allow clippings from other blogs. Also, their “tips” for bloggers would have been a lot more useful if they’d done an inventory of the default behaviors of the most popular blogging software rather than instructing bloggers to pick through their sites. My favorite part: they ask bloggers to choose an accessible service, but don’t give a list.
It’s like they know their accessibility stuff, but haven’t quite caught on to this new system. On the good side, I’d like to highlight one of their tips:
Coding your links so that they automatically open up a new window can be very disorienting for a visually impaired user. Only the most recent versions of screen readers give blind users any indication that a new window has been opened. Popping open a new window also resets the back button, effectively “breaking” it. Avoid the use of target=”new” in your links.
This software is not free, people. JAWS costs $900, and you pay for upgrades. [Edited to add: unless you can get it from a government agency, which some folks can.] So there are a good number of folks out there who will be using the older versions for many years to come. Opening links in new windows is just bad manners.
Here are the AFB articles:
Hi there. I’d like to clarify that when I said it “didn’t matter” I meant that from a legal perspective. Yes, I’m not following the ADA requirements, but no, I can’t get in trouble for it. That’s all I was meaning to say…however badly.
I do think it matters that we don’t have better solutions to combat spam while still allowing those with vision problems to participate. It sucks.
I am also interested in your section on new windows. As a user I hate when links open in the same window. I hate having to remember to option-click, and I hate having to go back and forth, so I’m totally guilty of adding the ‘new’ tag. I had no idea it was a problem for the visually impaired. I guess I’ll stop!
So, consider yourself to have educated one person today and made a change in the world :)
I was about to praise Google for doing something different, using text messages to cell phones to authenticate new accounts on GMail, but I just found out I was wrong. Their new account form is using scrambled text to prevent people from spamming the sign-up form. Grrr.
Of course, even without the visual CAPTCHA, you’d also need accessible SMS. That’s still mainly a research area right now; there have been some efforts, mainly in Europe, but it’s not yet mainstream.
“This baffles me. Comment spam is a huge issue, and this is the best you can do? Exclude people who can’t see, which will include more and more people as they get older, and people with reading difficulties? It’s too hard, so we’ll throw those folks overboard as our solution?”
*applause*
You’re right, it’s not good enough and Blogger needs to address this ASAP.
I regretted turning on the CAPTCHA option on my blog. It still puts my back up to have to use it; I tried an alternative “trick” first, but it didn’t work (the spam kept coming), so I resorted to the CAPTCHA.
I’m not sure what to do. One commenter said I was disenfranchising *everyone* by turning the comments off.
Someone else emailed me that Haloscan has a comment filter, but I don’t want to use a third party solution for something Blogger *should* be addressing.
Good post, thank you for writing it.
Hi: I updated the post, and that means Blogger changed the URL to the following:
http://workerbeesblog.blogspot.com/2005/10/updated-bloggers-getting-more-and-more.html
Sorry.
I was looking at the Austin Freenet site, and just found that their DeWitty lab has two machines with the JAWS screen reader installed. Details at http://www.austinfree.net/locations/dewittylabs.html If you’re here in Austin and want to get experience with that kind of software to better understand its limitations, this seems like an excellent resource.
My first reaction to the problem was also along the lines of “Huh, well, that sucks, but at least we can partially solve the problem.” But the wheelchair-access analogy is a compelling one.
The challenge for this kind of approach is maintaining the ability to cheaply generate something that is difficult to read back in. CAPTCHA and its brethren mostly work by virtue of having access to a big word dictionary (or just generating random numbers) so creating the “puzzles” is easy.
You could imagine extending CAPTCHA into other sense domains — a “messy” audio file for example, that attempts to foils voice recognition software by introducing pathological problems in the source stream. Braille seems like a tougher nut to crack, though — it’s kind of inherently high signal to noise, so not a lot of places to make it messy.
TypeKey seems like the most obvious solution. Prove you’re human once and carry those credentials with you. Make it easy to sign up but difficult enough that the spammers can’t make up the volume of identities to be worth their time. (I say that even as I type up a comment that The Princess will have to manually approve, for I am too lazy to sign up for TypeKey on this one blog I read that uses it.)
Beyond that, we get into the realm of more elaborate tests, like logic puzzles or reading comprehension puzzles, but this is still variations on a theme of “some signal too noisy for an algorithm to efficiently/correctly recognize,” which is why the CAPTCHA stuff is so appealing — it already does that, and is easy to generate and test against. Except for those pesky blind people. Can’t we just change the requirements!? (KIDDING)
I use Radio, and it has absolutely no provision for comment spam at all. I don’t control the comment server, so I can’t even delete spam. This makes me sad.
(My attempts to submit this comment keep timing out — my apologies if it’s secretly going through and I’m just making extra work.)
I just read this post on lj_dev at http://www.livejournal.com/community/lj_dev/700222.html. It looks like the CAPTCHA used on LiveJournal supports an accessible option — the text around it says to enter “AUDIO” if you are visually impaired, and it will use an alternate mecahnism with playback of an audio file for “despamming”. Cool!