Dumb question: Why don't people just slap a little PHP + MySQL comment section (or similar) onto their site? It takes little skill to do that and has the benefit that you control everything because all requests go to you and you can manage the tables yourself.
I think using Google's implementation winds up being enough, but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets. Any recommendations would be appreciated!
>but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets.
Is it really realistic to expect advanced attacks on CAPTCHAs with visual recognition or Mechanical Turk? I think you'd have to be a very high value target. I wrote a little PHP captcha when I was 15 and I've been using it ever since, and I never got any spam on my (admittedly very low-traffic) sites.
I actually wanted to implement visual perturbations based on perlin noise, but I really never got around to doing that. Would be an exciting little project.
I wonder the same thing. This seems like a solution in search of a problem. For your average blog, a spam filter plus a moderation queue for first-time posters works just fine.
Also, if a site asks me to use someone else's credentials to comment, I probably won't bother. Why should my hobby-coding account on Github, or my spam-catching account on Gmail, be linked to your blog about philately or bird-watching?