Chad Perrin: SOB

12 September 2006

false positives: the devil’s onion ring

Filed under: Geek,Metalog — apotheon @ 06:01

When you’re talking about lines of communication, such as email, blogging comments, and your telephone, you’re talking about a medium that is open to abuse. To make a means of communication immune to abuse is to make it useless as a means of communication. This doesn’t mean you cannot reduce the incidence of abuse through clever tricks, careful use, and whatever jumping-through of hoops may come to mind. It just means that the vulnerability still exists. The key is not to believe we can eliminate abuse of a means of communication entirely, but to minimize it so that the abuse is manageable.

You may not have caught the full implications of something I said in that last paragraph. I explained that truly eliminating all vulnerability to abuse communication also eliminates the ability to communicate. That’s a key point for anyone working on solutions for the abuse problem, whether the abuse problem in question is email spam, spambacks, or telemarketer calls during dinner. The first mandate for solving a communications abuse problem is to avoid interfering with communication itself. In the case of systems like spam filtering, this means that one should avoid false positives first and foremost.

Perhaps you recall (if you’ve been reading SOB for a little while) a previous entry in which I lamented the fact that Blogger effectively prevents some people from commenting legitimately. This problem arises because of a failure of the anti-spambot measures it uses. I’ve run across another weblog that has the same problem, in a way that manifests slightly differently. Specifically, the Nutrun weblog gives this response when I try to comment:

Invalid security code. Press your browsers back button and try again.

Every. Freakin’. Time.

This time, it’s a WordPress weblog that’s broken — and it is for the reasons illustrated here that I don’t use those character-recognition measures here. I don’t want to run the risk of preventing people from commenting due to technical issues.


  1. Is it in mine where it is broken? If so, you could always sign up for an account at my blog. Registered users don’t have to jump through that hoop. If not, I’ll think about removing it (it really has cut down on the need for me to use akismet).

    Comment by Alex — 12 September 2006 @ 02:03

  2. I was referring to Nutrun. Sorry if I wasn’t clear.

    Comment by apotheon — 12 September 2006 @ 04:18

  3. I particularly hate web logs that use a security code that changes by time. I take quite a while to type out responses, I’ve never a particularly quick writer. Invariably I’ll finish, type in the code, hit submit and have it give me an error screen because it now expects the new code.

    Fortunatly I’ve gotten into the habit of saving everything before I submit it.

    Comment by Mina — 13 September 2006 @ 08:46

  4. I, too, sometimes take a while to post — usually because I tend to post comments when I have something thoughtful to say, and because I tend to make long posts (lots of typing). Thus, in a time-sensitive security code situation, the fact that I sometimes type faster than 100wpm doesn’t help if I’m spending time thinking and typing a comment that can be characterized primarily by length and depth.

    Thanks for the comments at SOB by the way, Mina.

    Comment by apotheon — 13 September 2006 @ 03:39

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

All original content Copyright Chad Perrin: Distributed under the terms of the Open Works License