Freedom is Slavery

by Timothy Appnel

In the past couple of weeks, the blog tools community has been abuzz about a rash of mass comment spamming and how to cope with it. The Movable Type community I am quite active in was hard hit because of its popularity and a couple of existing of bugs that launched resource intensive rebuilds even though they had been blocked or put into moderation. (A fix was just released.)

I've watched the discussion by many well meaning people as to how to stop this attack on open communication this past week or so with a certain sadness.

Initially that sadness was from the realization that many talented, well-meaning and intelligent people were putting a lot of thought and effort into handling this issue instead of doing what they do best. As I've read many of the view points and ideas to combating spam floods of their personal online property, it has shifted to the realization that freedom in open spontaneous communication means being enslaved to the constant clean-up and defense of spam and the side effects of those measures.

Open communication through comments/forums and effective sustained protection from this type of abuse are in direct conflict with each other making an ideal solution unobtainable.

A lot of ideas have been floated to confuse and trick spambot from finding their targets or making automated posts through various HTML trickery. They will all fail eventually.

The truth of the matter is whatever your browser can read, and thereby you and your readers, so can a spambot. It's all a matter of them programming in the logic to interpret what is there. Some of these measures may work for a short period of time, but eventually they will be thwarted once the spambot developer catches on, another flare up and then a new trick(s) will be needed – back to the beginning.

It's also worth noting that a spammer does not mind making mistakes. If they guess wrong what you may have done to trick their bots, they get to try again until they do. Once they figure out the latest tricks in vogue they can set their bots off to make thousands upon thousands of bogus posts while the community figures out what to do next. These unscrupulous folks are a desperate lot after all.

The most difficult road block for them to work around are ones that require human intervention and intelligence to make a post. The side effect of this being that it also requires legitimate commenters to be inconvienced stepping through this same process.

In a sense repeating the content of a skewed graphic (CAPCHAs) or answering a question like what is my last name? is along the lines of human intervention and intelligence, but not to the extent that these can't be worked around eventually since they don't match to a specific identity. Spammers have already identified a way around these test through free porn as Boing Boing reported nearly a year ago.

I thought Six Apart's attempt on marginalizing the issue of comment spam earlier this year with their TypeKey authentication service and API was laudable because it put a few of those hard to program steps in place without requiring separate accounts on each weblog or installation of additional software. It also struck a balance between distributed and localized control. Sadly it was panned by many before launch and the community at-large hasn't entirely warmed to the idea. I have to wonder if that is about to change somewhat.

I've seen the comments against implementing any authentication and login systems that say it inhibits the conversation and turns some away. I can understand that point. However I have to wonder what effect all of these automated measures in addition to new and more aggressive strains of attack are having on inhibiting those same conversations. Are these varied alternatives really any better? I think not, but admittedly I choose long ago not to enable comments on my weblog for personal reasons more then spamming concerns.

This whole matter reminds me of something Clay Shirky said during his 2003 ETech keynote A Group Is Its Own Worst Enemy that is highly relevant to the circumstances the weblog community is currently facing. (Transcribed and lightly edited here. A long, but worthwhile read if you have yet to do so.) Under the heading of things to design for he stated:

…you need barriers to participation. This is one of the things that killed Usenet. You have to have some cost to either join or participate, if not at the lowest level, then at higher levels. There needs to be some kind of segmentation of capabilities.

He continued:

It has to be hard to do at least some things on the system for some users, or the core group will not have the tools that they need to defend themselves.

Now, this pulls against the cardinal virtue of ease of use. But ease of use is wrong. Ease of use is the wrong way to look at the situation, because you've got the Necker cube flipped in the wrong direction. The user of social software is the group, not the individual.

I think we've all been to meetings where everyone had a really good time, we're all talking to one another and telling jokes and laughing, and it was a great meeting, except we got nothing done. Everyone was amusing themselves so much that the group's goal was defeated by the individual interventions.

The user of social software is the group, and ease of use should be for the group. If the ease of use is only calculated from the user's point of view, it will be difficult to defend the group from the group is its own worst enemy style attacks from within.

So, the weblog community is reaching a cross-roads. Gone are the days of open spontaneous communication through comments. It can now take measures to better defend itself from itself or watch history repeat as its cherished comments wither away under the weight of a past ideal.


2004-12-21 15:05:19
An awkward adolescence
You're absolutely right, Tim, and I too am saddened by the state of affairs. Over the past few years, we've become happily accustomed to having our own little "private" sandbox to play in which allowed us immediate and easy interaction between other members of our little community. It was a large part of the attractiveness of the medium.

Over the last year and a half, the world has awakened to blogging thanks to scores of articles in mainstream media as well as first-hand by the not-quite-so-early-adopter crowd. The unfortunate side-affect of popularity is the arrival of those who wish to profit from it but have no sense of attachment or ownership to the medium. Spammers are, in essence, the pestilence which invariably follows the masses.

So is this development necessarily the harbinger of the death of interaction in the blogging community? Absolutely not. The adjustments that we must make in light of this issue is nothing more than an awkward adolescense for weblogs.

When a small community grows up and finds it necessary to put locks on their doors to stop the would-be robbers from coming in, human nature tends to view this as the end of an era -- as the death of simplicity and trust. In the end, however, locks have never prevented neighbors from dropping by the house to say hi.

So too will it be for weblogs.

We need to accept the fact that these unwanted elements are present and wish to do our community harm through their opportunism. Once we let go of the emotional attachment to the good old days, we can gird our systems against them and get back to focusing on the reasons that we do this crazy web thing to begin with.

In the end, life in the weblog world will go on, people with still interact and the web will continue to be one of the most fascinating experiments man has ever created.

As an aside, there is no one in the entire blogosphere who will be happier than I when the omnipresent "Comment spam" weblog post has dwindled into obscurity.

Maybe in a year or two, we'll all be knocking back a few beers remembering when we used to worry about comment spam? There's some nostalgia I'd like to fast forward to experience...

2004-12-23 20:13:05
Thoughts on thwarting spammers: act, don't react
See my thoughts on the issue.

Just reacting to what spammers do is an evidently failed model, and it probably was clear from the beginning to everyone that it cannot work.