srican: Word Verification and its Usability

Tuesday, October 04, 2005

Word Verification and its Usability

Great post! By the way, I have a blog on california home loan mortgage refinance and related stuff that you may be interested in :-) Do visit it!
- A comment on one of my posts

Most blogs are being plagued by the nuisance of spam comments. Apart from giving one the pain of going and deleting them, they also mess up the whole comment section:

9 Comments:

This post has been removed by a blog administrator.
By Anonymous, at 3:59 PM

This post has been removed by a blog administrator.
By Mike, at 7:18 PM

This post has been removed by a blog administrator.
By jon, at 11:45 PM

Actually [...].
That aside....looks like you're being spammed, and i'd recommend turning on word verification (from the template).
By Sunil Laxman, at 2:47 AM

This post has been removed by a blog administrator.
By TS, at 11:04 AM

Hi Sunil
[...] Yes, I am getting spammed. Maybe I do the word verification thing but for now I just delete, delete, delete.
By 7:56 PM

[...]
By Charu, at 10:19 AM

This post has been removed by a blog administrator.
By Admin, at 3:14 PM

Hi Charu
Yes, Indeed. [...]
By Michael Higgins, at 5:26 PM

Now, Blogger provides a mechanism to prevent these auto-posted comments: Word Verification. There is a price to be paid for this though: by the genuine commenter, having to fill in one more field. If the pain of doing so is too much, it is likely to dissuade him (or her) from commenting, or annoy him even if he does comment.

While the Blogger Word Verification is a good idea, I feel it has made it a little to bad for the commenters by giving a random sequence of letters (RSL) to type. Why:

People type on their keyboard in one of two ways:

1. Type by sight: Look at the keyboard while hitting the keys.
2. Touch-type.

If you belong to category 2, you can read the RSL and simultaneously type it. No issues. However, the general user is not a touch-typist. Which means, he has to read one letter of the RSL, lower gaze to type it... repeating the process for every letter. A pain in the neck -- literally.

There is a simple solution to this: Instead of the random sequence of letters, use a (random) word from the dictionary. One can read the word in one go and type the whole thing out. Alternatively, let the blog owner choose his word of choice, that can be used every time -- as in Sepia Mutiny. I know I need to type "mutiny" and don't even have to spend time reading it.

I had word verification on for a brief while, but no longer do. I just delete the spam. But some popular bloggers are flooded with too much spam to afford to do this.

Usability is an important consideration for any software or website. Wonder how Blogger/Google overlooked this aspect of it.

8 comments :

Michael Higgins said...: Hi Srikanth
Yes, the spam steadily increased until I had to do the word verification thing. It was getting out of control.

I was not aware that the spammers had some program that allowed them to insert spam directly into the comments without typing anything. Well, it makes sense, since otherwise it would be too expensive to post spam.

I agree, it should be possible to just have a random word or something. I hate typing in all of those letters and often I make a mistake. That is why I was reluctant to go with word verification.; October 05, 2005 12:44 AM
Srikanth said...: Hi Michael,

Thanks! I do feel the random letters are an overkill.

The probability of the spam programs getting the right word from the thousands in the dictionary is very low.

In my opinion, even using the same word for all comments on a blog (akin to Sepia) should do.

Maybe I should mail this to Blogger.; October 05, 2005 11:09 AM
Vijay said...: Srikanth,

Your argument is very reasonable : especially I almost agree with a random word from dictionary.

But I can also see why they use random words for word verification.

You must have observed that they actually use images (and not text) to show the random word. Also you must have noticed that the images of letters are in strange (arbitrary) shapes. The reason is the following: even if the spammer has sophisticated tools to read the text from images he is less likely to be succesfull if the images are arbitrary.

Now let us come to the point: Suppose we use words from dictionary and suppose the spammer has figured out some letters of the word,(he has a good tool to read images) then it becomes that much easier for him to figure out the rest of the letters. (he can consult the dictionary!!).

To put it more formally, if there is a probabilty 'p' of the spammer tool to figure out a letter, total probability of
figuring out letter = p^n (n = length of word). But if we use a dictionary this will be in the order of p^2 or p^3. (For most english words if we figure out 2 or 3 letters it is easy to figure out the word).; October 05, 2005 11:52 PM
Srikanth said...: Hi Vijayanand,

Thanks a lot for the detailed comment!

First of all, I agree that the random letters provide a greater protection from spam. Which, taken in isolation, is a Good Thing.

However, here there is a trade-off between security (from spam) and usability. The functionality sought to be protected, comments, is one that is used frequently. So usability carries a high priority.

My opinion is that using random word (though it might provide a slightly lesser protection) helps improve the usability by a great degree. In addition, blogging is not a security-critical app and even if a rare stray spam seeps through, nothing much is lost.

In contrast, in the case of opening an email account, using random letter word verification makes sense. Because one does not open an account everyday and so the delta additional inconvenience does not matter here. Plus, it is also desirable to avoid even the rare stray spamming here.; October 06, 2005 9:34 PM
Srikanth said...: In last part of my comment, instead of the expression "opening" an account, I should have used "creating" an account.; October 06, 2005 9:46 PM
Iyer the Great said...: Hi Srikanth.

I agree with you - usability must have the greatest priority. I have not turned on the word verification on for the convinience of the few visitors who trickle onto my blog.

Hope Google does something about it - soon.

Rahul; October 07, 2005 11:40 PM
Vijay said...: Srikanth,
I agree , usability , may be more important here.; October 08, 2005 2:32 AM
Srikanth said...: Hi Rahul,
Thanks! I hope so too.

Hi Vijayanand,
Thanks!; October 10, 2005 10:47 AM