I've found this article on digg. Maybe implementing this would be a good way to filter out spam bots on Google Blogoscoped. Unlike captcha the whole process is transparent to the users.

http://www.hackszine.com/blog/archive/2007/02/negative_captcha.html

Basically the idea is to add additional field to the add-thread form (ex. bogus "email" field) and hide it via CSS. Normal users obviously wouldn't fill this field (because they wouldn't see it), but robots would. Then the script on the server side should just drop posts where this filed is not left blank (and present some error message).

Of course this solution isn't ideal. It will not work for the big sites, for which spamers wrote specialized software. But it would be perfectly sutable for sites like Google Blogoscoped.
It could also generate problems for users that use clients that doesn't support CSS (mostly text browsers, maybe some mobile phones), so there should be message "This is a bogus field, don't fill it", also hiden via CSS (and of course error message also should be clear).

Philipp, what do you think?

I think that spammers just have to pre-fill the form, and run their software...

Spammers don't do this manually with every custom written site, really. Those are just web spiders that tries to automatically add posts using various forms.

Why not create 10+ submit buttons all with a different value, with only visual (css) guides to help a user determine the correct one.

On a small site anything out of the ordinary would help. But almost everything is bad for accessibility....

Interesting approach. It does create accessibility problems though as you say. Hmm, I gotta ponder this.

I love Wouter's idea. Three buttons "dont click here – dont click here – CLICK HERE" and only the last one is visible... I should work on that ;)

This is an interesting approach. Even though it may confuse some users, so long as the field is labeled properly and a clear error message is shown, I don't think it creates a serious accessibility issue.

However, would this approach cause problems for people who use autofill features of toolbars? I had a problem recently where I was triggering something "onchange" that never got triggered because someone was using autofill.

On a related note, I've been seeing quite a lot of Chinese spam being posted to my blog recently (they seem to focus on Google posts) even though I'm using Blogger captchas. Could someone have cracked the Blogger captcha algorithm or are they really hiring humans to do this?

> However, would this approach cause problems
> for people who use autofill features of toolbars?

Good point. That's exactly the kind of exotic accessibility problem you may create when you start "abusing" HTML. Another example: the mobile phone browser doesn't support CSS.

> Could someone have cracked the Blogger captcha
> algorithm or are they really hiring humans to do this?

From personal experience, Blogger's captcha's are some of the hardest out there. It usually takes me 3-4 times to submit a comment to Ionut's blog :)

<< Another example: the mobile phone browser doesn't support CSS. >>

Well, if the field was labeled with "Leave this field blank" (or something) it might be confusing but at least it's not a really serious accessibility problem.

<< It usually takes me 3-4 times to submit a comment to Ionut's blog :) >>

Heh. Same here – which is why I hate having them on my blog but I'd dread to imagine the number of spam comments I'd get if I didn't have them enabled...

> Could someone have cracked the Blogger captcha algorithm
> or are they really hiring humans to do this?

HIRING humans? Just make a game and kids around the world will do it for free.

I assume the following is a proof of concept only, but it's very nicely done.
http://www.jambav.com/
Jambav redirects deep links, so you need to click "More" in the "Fun for toddlers" section, then scroll down to "Jambav Captcha".

I do this on one of my forums – it works like a charm. The field for homepage and signature for new signups is marked with "please leave this field empty" and any signups with those fields filled out are discarded. The "manual spammers" who notice are too lazy to sign up without a free link :).

> I assume the following is a proof of
> concept only, but it's very nicely done.

Yeah, this doesn't look look like captchas from real sites and the application already knows the answers. But some porn sites ask you to fill captcha to enter the site/gallery/whatever. Every user that does this generates one more spam on captcha-protected sites.