Hey HN. I am building something which will have user submitted comments. I am wondering if there are any innovative anonymous non-paid ways of preventing spam and bots?<p>Ideal solution won’t require payments, won’t require emails, won’t require identity details, and won’t require things like captcha. Trying to simply ensure that the submissions are being done by a human and not a script.
<i>done by a human and not a script.</i><p>There have been some discussions here in the past about that. It's tricky because the more advanced bots are using headless Chrome. They look and behave just like a human. To verify a human would require something that only a human could do such as a question that requires critical thinking vs. a database lookup and that brings us back to something similar to a captcha. Even that could arguably be defeated by an LLM some of the time if your site was popular enough.<p>In the spirit of <i>perfect being the enemy of good</i> I think a decent balance would just be a open ended question that maybe most of the time a human could solve and less likely that a simple database lookup could not easily answer. Maybe something that has rotating data-sets.<p><i>e.g. Which of the following should you not put in your mouth</i> And then have a dozen emoji's, ${random_count} from the pool of emoji which should not be put in one's mouth. All of the emoji should have the same name to avoid programmatic determination. This might also keep people away that put scissors in their mouth.
In the absence of persistent identity (it's unclear whether this is a feature of your application or not), this is basically an impossible task. With persistent identity, there are a few options.<p>If you can afford invite-only growth, then tracking invite trees like on the other site works remarkably well. When you find a spammer, you can nuke an entire subtree of accounts, because it is rare for bad-faith users to invite good faith ones, and the opposite (good faith users inviting bad faith ones) is rare enough that it cuts down on the number of bad faith users substantially anyways.<p>Another "codification of trust"-type system is having comments by new authors hidden to most users by default, except to a random sample trusted users, who can choose to vouch for the message or actively reject it. Users with abnormally bad taste in vouches/rejections can be removed from the pool of users who randomly get assigned approval duty. I used a web forum that operated like this back in the day.