[EM] Electorama wiki requires login to view????

Michael Allan mike at zelea.com
Thu Jun 13 09:37:35 PDT 2013 

Jameson said:
> I think we could have plenty of question captchas of the form:
>
>   * What letters are missing in "E_ecto_ama" (in order, no spaces)?
>   * What letters are missing in "Gibba_d-Satterth_aite
>     <http://wiki.electorama.com/wiki/Gibbard-Satterthwaite_theorem>"
>     (in order, no spaces)?
>
> etc. (Note the link in the second question)

The current question I have set is:

  Please locate the captcha password on the main page.  What is the
  captcha password?

On the main page it says:

  Captcha password: ballyhoo

This suffices to stop the spambots.  QuestyCaptcha can also take an
array of multiple questions and present them at random, but I prefer a
single question; then I know when it needs changing.


Kristofer said:
> I think that one should try using a general-purpose captcha (like
> Recaptcha) first. If the spammers are just "drive-by spammers", as
> it were, they'll pick another target. But if the spammers have
> decided to spam Electorama, and so using a general-purpose captcha
> doesn't work, then we can try using a more special one.

Yes, because it's easy to install a different captcha implementation.
And if captchas are the only front-line defence (as I recommend), then
you'll know when it's been breached and needs strengthening.

But I think the spammers are almost entirely bots.  I believe the more
sophisticated ones defeat conventional captchas by crowd sourcing the
challenge to high traffic sites (porno, gambling, etc.) and replaying
the responses.  The programmer need only understand the general form
of the captcha (text, image, whatnot) in order to handle any content.
But this approach is defeated by QuestyCaptcha provided the content of
the question depends on the site context and is therefore incomplete
in itself.  This is the crucial thing.

Another good defence (but expensive) would be to use an unconventional
*form* of captcha.  Then the bots couldn't read the content at all.

Mike


Kristofer Munsterhjelm said:
> On 06/12/2013 05:29 PM, Jameson Quinn wrote:
> > I think we could have plenty of question captchas of the form:
> >
> >   * What letters are missing in "E_ecto_ama" (in order, no spaces)?
> >   * What letters are missing in "Gibba_d-Satterth_aite
> >     <http://wiki.electorama.com/wiki/Gibbard-Satterthwaite_theorem>" (in
> >     order, no spaces)?
> >
> > etc. (Note the link in the second question)
> >
> > Obviously a programmer could figure out how to defeat this pretty
> > easily, but it would discourage a "just answer all the questions
> > exhaustively" strategy.
> >
> > If you'd like me to make a program that gives a long list of such
> > questions (including links), I would be happy to do so.
> 
> I think that one should try using a general-purpose captcha (like 
> Recaptcha) first. If the spammers are just "drive-by spammers", as it 
> were, they'll pick another target. But if the spammers have decided to 
> spam Electorama, and so using a general-purpose captcha doesn't work, 
> then we can try using a more special one.
> 
> The advantage of using a general-purpose one is that most users are 
> familiar with it. Thus, there would be a lower barrier non-robots.

More information about the Election-Methods mailing list