I’ve always allowed comments on this blog, and even allow people to disagree. I rarely moderate comments except when they’re inappropriate. But one of the issues I have to deal with is comment spam. I moderated the comments by hand for well over a decade but it gradually turned into hours of work each week.
So, I installed Akismet. It costs $120/year to auto-filter spam. Well worth it. Well, recently I went over the limit–this site gets 14,000 spam checks per month. That puts me on the Enterprise plan, bringing the cost to at least $2,400/year. But I’m just one guy running a personal blog!
I have absolutely avoided captchas. I can’t imagine inflicting on visitors the pain of trying to identify the letters, find all the bicycles on rotating images, or solve a puzzle. Captcha’s have a real cost to humanity:
“Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.
This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.”
https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/
Wasting human capital is evil. I don’t want to be responsible for wasting 500 human years a day.
So I switched to Cloudflare Turnstile. It takes a different approach. Instead of filtering spam, it filters bots. Since most spammers are bots this works pretty well. First off–we have to ask when do I care that a visitor is a human vs a bot. I don’t care that a bot reads the content. That can be good. For the purposes of spam, I generally care to stop bots from entering comments. So there’s no degradation of experience at all to both bots and humans if they’re not leaving a comment–bots are welcome.
But as soon as you want to leave a comment, that’s a different story:
Turnstile will run a few tests to see if you’re a human. If Turnstile can determine that you’re human behind the scenes, it’s not even going to make you solve a puzzle. No human capital wasted. You will see nothing at all and can just leave a comment. But if your IP address or behavior looks somewhat suspicious (more likely if you’re using a VPN or using TOR) then it will display a checkbox. Click the checkbox to prove you’re a human–which I think is very minimal cost to leave a comment.
After using Turnstile for a few months–it works really well and I’m going to keep it. Now I do think Akismet is better. Akisment blocks spam, Turnstile merely blocks bots. It so happens that most spam is from bots, but not all. Turnstile has let some non-automated spam through. 2 spam comments total were held in moderation out of 30,000. So I have a 0.000067% failure rate–I’m pretty sure they were left by a human. But to manually delete 2 spam comments every couple months I’ll take the $2,400!