Turning on captchas didn't even help, because these spams are apparently all entered by actual humans, who are making an effort to appear to be on topic if you don't read the URLs.
At this point, with the useless lack of tools provided by Livejournal to address this problem, my only choices are to disallow commenting from non-friends (in which case I might as well stop using LJ) or moderate comments from non-friends (which is even more work than deleting spam).
The only thing that has so far prevented me from giving up on LJ and hosting this blog myself is that I think I would get less comments. Maybe that's not even true any more, with all the tumbleweeds blowing through this site.
Mostly the spam happens on posts that are months old, presumably because they have more google juice. I'd be ok with just turning off comments on old posts -- except that when you turn off comments on an LJ post, all the existing comments disappear.
I think the first time I submitted a support request to LJ to make it possible to turn off new comments without hiding old ones was in 2003. Apparently adding new "valentine's day gift" logos has remained a higher priority than spam fighting.
So if you know anybody who still works at Livejournal, please stab them in the face.
Looks like you are in luck, they put in your request on Tuesday: http://news.livejournal.com/123520.html?nc=610&style=mine
So would you like those of us who are actual non-spamming humans to simply put in the link without hiding it in an HREF, as did the above commenter?
I guess building V-day banners is easier than mobile app integration or any of the other things that are causing people to leave in droves for Facebook. I actually like LJ and I'd love to see it make a resurgence, but until they quit focusing their efforts on silliness like "Frank and Meme" and actually develop their tools, they're going to keep losing market share.
FWIW, you can auto-screen comments from non-friends *with links*.
Yes, I know. I didn't mention it because that sucks only imperceptibly less.
I'm getting the feeling that the spam industry has started to co-opt sweatshop practices, employing scant-paid humans in digital piecework to create faux accounts, author fake comments to blogs or news articles, send contrived text messages, etc. Add to this the fact that a lot of businesses are trying less to fight or prevent spam, and instead are trying to figure out how work it into their business model and fraudulent content looks here to stay.
Back in the early 90's I got my first piece of e-mail with an advertisement inserted at the bottom. At that moment I made two critical errors of judgement: I was convinced that this free e-mail fad would fizzle, because people surely wouldn't put up with advertisements residing in their personal correspondence; and I figured that this would finally put some steam behind the work necessary to quash the then nascent spam industry once and for all.
Oh, how very wrong I was. My wrongness wasn't about the appeal of free mail or the cleverness of our spammy friends. It was that I vastly underestimated the level of tolerance for fraudulent dross among the human species. This kind of crap – animated GIFs of dancing ladies advertising mortgage scams, notifications of accidentally winning the Bulgarian lottery, the omni-present high pressure sales of hard-on meds – will persist not because there's no way to stop it, but because the general population simply doesn't care.
Grim meathook future, quod erat non demonstrandum.
In the dot-com days, I worked for a company that had a free email service that inserted ads at the bottom of outbound emails. If your recipient clicked/acted on the ad, you received a bounty.
I have since repented for my sins.
Actually it persists because spammers are making money at it. Which I guess ties into in being tolerated, but not really.
> I'm getting the feeling that the spam industry has started to co-opt sweatshop practices, employing scant-paid humans in digital piecework to create faux accounts, author fake comments to blogs or news articles, send contrived text messages, etc.
Go with that feeling, man.
Because others have.
Lately I've been getting spam obviously generated through services like this, and I'm not the only one. There's no point in hiring a Chinese or Indian sweatshop to do this stuff when random people with decent language skills are willing to do it out of their own homes, on their own computers, for pocket change.
I wonder if there's a market in countering this via MechTurk or similar - have people screen comments for you for some nominal fee, but do so on a scale that you can sell the service on. Of course, quality control becomes an issue.
That would open you to sabotage, wouldn't it? Spammers would hire people to approve comments the spammers sent. Participants get to be paid by you and the spammers to approve spammers' comments, so being bad becomes a lot more rewarding than being good.
I was convinced that this free e-mail fad would fizzle, because people surely wouldn't put up with advertisements residing in their personal correspondence...
Even with newspapers and network/cable TV?
As a side note, a good friend of mine (gomeza)just announced his intention to abandon LJ over (what appear to be) newly intrusive ad practices. I've been on the fence for a while -- as a "permanent" account holder, I have a bit of inertia here, but I'm considering moving my journal over to personally hosted stuff as well. These just may be the pushes that do it.
This same thing is happening on my taskboy.com blog. It's annoying. If you host your own blog, you probably will have fewer commenters AND you'll still have comment spam.
It must be a good gig being a comment spammer.
Also, blogs are fading into the past like IM, IRC and BBSs. It's all forums, facebook and twitter these days.
Boo.
You can't run away from the comment spam, but you can at least switch to somewhere with better tools to fight the spam. LJ's tools are crap if you have any sort of volume and want to let non-friends post.
You might check out Tumblr. Comments there are powered by Disqus:
"We've all been bitten before. As valuable as comments can be, dealing with them can be a chore. Disqus Comments lets you enjoy the benefits without the need to babysit your site. We use our own proprietary anti-spam that was built and trained to handle the junk some people try to pass off as comments."
Tumblr don't support comments at all, because, well, the founders seem to think that comments are always idiotic. The fact that everyone on Tumblr who wants them uses Disqus is probably due to the fact that
a) they're the most obvious provider (there's another called JSKit/Echo, but they seem to rebrand fairly often)
b) theme authors make it easy to hook Disqus up
On the other hand, Tumblr does have an increasing number of ways to hang a form off a post. There's replies, image replies, ask a question, and post submission forms. Oh, and of course there's reblogging, which is a whole other can of worms.
That's amusing, because from what I've seen tumblr blogs are only a step above ytmnd pages.
Yes, you will lose most of your (human) commenter traffic if you switch to a standalone blog. I left LJ about a year ago, and while I'm much happier from an "author" standpoint, comments went from 3-4 per post in LJ (mostly regulars) to approximately 0 on a standalone blog. I even went as far as adding OpenID commenting so LJers could comment with minimal fuss, but no dice.
Standalone blogs are essentially a one-way street: you post, people read. If a post gets enough google juice, eventually random people will show up and comment occasionally, but there is really no community aspect to it.
And, I'd estimate, most people read via RSS feeds of the blogs. It's a real PITA to actually go to other sites and comment there.
What, one extra click? What a lazy culture. I read most blogs from LJ feeds and I make the ctrl-click to open up the entry and comment. The only thing that pisses me off are the tumblr/disqus blogs, because they pretend you can log in with Twitter, and that doesn't work.
One click to open the post page, one click to post a comment, one click to tell your browser that yes, you want the popup window for the comments page, one click (and typing) to log in because the motherfucker never remembers your login info, one click (and more typing) to realize you haven't actually commented on this blogging platform before and you need to register because they don't have OpenID/Google/Facebook logins, one click to close the window/tab and never see that post again because nobody will ever reply to it again and even if they do you will never get any kind of activity notification about the post.
So yeah, one extra click.
You're right for most users, but jwz has enough of an audience that I'm not sure it's true for him.
I used to use LJ extensively, but I read most blogs now through an RSS aggregator (Google Reader, in my case). (I don't read LJ there because LJ has friends-locked posts which don't show -- not relevant for jwz.)
For external self-hosted blogs, there's usually the option to subscribe to the comments feed. This keeps me just as (if not more) engaged as on LJ. It's only on "news" sites (gawker etc) that I don't read or comment because that's like reading/commenting on YouTube.
True, there is a certain popularity threshold where people would comment anyway, and jwz is probably above that. I still believe comments would go down for him, but not necessarily to zero.
And on your last note, I keep threatening myself to start a project where an AdBlock filter subscription source is maintained that blocks out comments displayed directly on news sites' stories, because most of them are unbearable, even if you just happen to glance at them. For the moment I maintain a personal collection of Stylish filters for news sites I frequent (the local paper, SFGate, MSNBC, etc).
I used to have a filter in place for YouTube until I found FeynTube, a Greasemonkey filter that replaces YouTube comments with Richard Feynman quotes.
I used to have a filter in place for YouTube until I found FeynTube, a Greasemonkey filter that replaces YouTube comments with Richard Feynman quotes.
Love it.
shutup.css is a custom user stylesheet that can be applied to your browser to hide comments on many popular web sites without user intervention.
You're right for most users, but jwz has enough of an audience that I'm not sure it's true for him.
That's what Howard Stern thought.
In some spheres there's a community angle if you get syndicated. E.g. planet.debian.org, or in jwz's case, planet debian upstream (updo.debian.net). However, you might then get a lot of readers but all from a narrow perspective.
captcha: "The insecure"
Did we all really switch to facebook?
Or all we all just totally fed up with LJ?
I'm bummed out that this seems to be a death spiral, at least for me. I get less comments so I post less, and so other people do too, and on and on. And then there's the ads. If I don't log in fast enough, I have to watch best buy videos?
Anyway, I'm sure that if you have a standalone blog people will follow you and your fancy pants over there. I wouldn't worry about it. I think it's more people like me (I know all my interwebs friends irl) who wouldn't have a community anymore.
I believe it's an age thing. All the teenagers who filled up LJ back in the aughts have grown up and abandoned journals, and there's no wave of new youngins to replace them - so it's just us boring old people left.
Which, ironically, is why I stick around. There is generally a better quality of content from said old people.
But even my old people friends don't post anymore.....ANd I'm including myself.
Sad.
Well, old people have lives and jobs. That's why I stopped posting, mostly.
As for Facebook, I'm there, but find it difficult to really get engaged with my friends on it. It's all passive updates, not really much in the way of community.
I'm pretty sure jwz et al were neither a teenagers or seeking the attention of teenagers during the zilches. That's why things like virtual "Valentine's Day Gifts" have fallen extremely far off the mark, and things like enabling comments without dedicating your life to removing spam are important.
Who says I'm not seeking the attention of teenagers?
I just laughed extremely loudly in a public place and got some stares.
scullin said "during the zilches". nothing about your current attention-seeking.
that said, you just made me snort my coffee.
I never doubted!
I still really like LJ and don't want to see people leave en masse. I get fewer comments on personal posts and it makes me sad. And I miss reading about friends' lives (yes this means you N because I love your face!!) But I really value the community even as it thins out. Facebook is no kind of replacement for me.
I follow standalone blogs... via LJ. :D
(I just stay logged in plus I use Firefox and Ad Blocker so ads aren't an issue for me but I take my laptop everywhere so I'm not having to switch machines a lot.)
If you do go stand alone blog, there are non-free commenting tool kits you can use. JS-Kit, for example, allows commenters to authenticate using what ever back end they want (facebook, twitter, openid, so on) and even does some LJ-style threading. There's also a suite of moderation tools, which may or may not make comment spam more reasonable to filter.
We use it at work and it's made comment spam (which at one time took down the site) a non-issue.
We should locate the mechanical turks the spammers are utilizing and outbid them with requests for drawings of sheep.
drawings of sheepmanually filtering the spam out of my inbox.Oh, jeez, don't give Amazon any ideas or we'll have a turk-bubble on our hands.
The technical solution that worked for me was to replace the machine-generated image captcha with a simple question that only people who have some vague familiarity with the topic could get.
For example, on my ioquake3 forums I had a serious spam problem. No image-based captcha would solve it once they had switched to humans doing the spamming. After getting spam for 2012 (mayans predict...) I got particularly annoyed and switched captchas to text questions about Quake 3's characters. Not one complaint since I switched, and not one piece of spam.
geek-obscurity for the win! that's a great idea.
Great for a specific blog, but JWZ's interests and reader base is wide enough that I assume this would probably lead to decreased comments from not passing the text questions, or to some spammers passing through anyway, depending on the question.
I think the simplest questions like "What does the J stand for in jwz" could be enough to weed out undesirables. Anyone who cares to render an opinion or discuss an issue would probably either decide it is worth the time to figure that (the answer) out or not. If not then I guess it wasn't important enough in the first place. Or they might not have even put up with the simple image-based captcha in-use now.
If that question is too difficult or too easy, there are bound to be others that could be asked in it's place, and it should be relatively easy to choose one based on experience over time. Right now I'm not aware of a better solution, not that the one I've considered is even available on LJ. So the point is kind of moot.
If jwz were to change to something more extensible and modern like WordPress, this or Akismet would become an option and either would provide adequate coverage.
I believe this is a direct result of all the Boingboing love you've been getting recently.
well, I have noticed the tumbleweeds and the suck. However, when people blog on other blog sites, I hardly ever get over there to read them. I really value your posts - I find them interesting/diverting/disturbing and almost never boring, so I would be sad if you went somewhere else.
I've said it before, I think the "no comments" thing isn't much of a worry for someone who's well-known (i.e. you). If you self-host with an OpenID equipped blog people can use sane logins.
I will say that serendipity + askimet seems to pretty much keep my blog from getting any spam (I have no comments, but that's because I'm not Internet Famous). I assume askimet would have similar success for other software.
I dare you to switch to just video blogging on youtube.
Turning on captchas didn't even help, because these spams are apparently all entered by actual humans, who are making an effort to appear to be on topic if you don't read the URLs.
When I lived in Nigeria, I once paid for "night browsing" in an Internet cafe. For $3, they lock you in at 10pm and don't open the doors until 6 or 7 the next morning, and you have Internet access for the entire night (I had some server maintenance to do, and needed the uninterrupted hours to get it done).
The cafe had about 60-70 computers. Every seat was full. When I got up to go to the bathroom, I walked through some of the aisles to see what people were doing. Every single one of them was manually copying-and-pasting 419 emails in Yahoo mail. All night long.
That was my first-hand education about how captchas were useless.
The captchas aren't /useless/ in this scenario, a workforce of a few million Nigerian spammers working the night shift (my Nigerian friends indeed assure me this is commonplace) is nothing compared to the deluge that would be possible if a botnet were able to post spam without the restraint of captchas.
But, you have found the key problem in JWZ's situation. He wants to allow everyone to post except the spammers. This is a blacklist, and we know those are basically unworkable. A lot of us can manage with a whitelist, either an explicit one (this list of named people may comment) or an implicit one (people in this fuzzy "Friends" group may comment). A bunch more would be happy with a social graph trick (?a foaf:knows [ foaf:knows me ]). But for JWZ that won't do, and that means he's stuffed.
The thing I'm waiting for is the point where someone starts identifying target audiences for spam which are so valuable that it's worth directly paying their actual social neighbours to spam them. Imagine, not just some unknown Turker sat in front of their PC a thousand miles away, but someone you met at a party yesterday, or maybe even someone in your extended family, sends you email, writes on your Facebook wall, comments on your LJ. And they're just trying to sell you something. On the other hand, finally the loop is closed. If you are spammed by your own cousin you can drive over there and punch him in the face.
I could be wrong, but it seems to me that with some work up front over the first few posts to approve the routine commenters, a whitelist would end up being the least amount of work over time.
How about moving over to DW. Responsive dev team, OpenID, LJ cross-posting, etc.
I can't imagine that DW will ever be anything but a small subset of former LJ users. (That is, exclusively former LJ users, but a small number of them.)