jsNoSpam – make it harder for bots to find your email address

March 6, 2016

If you want to put an email address on a web page, and have it human readable and easy to click on to open up in a mail client you run the risk of exposing yourself to one of the sleazier sides of the internet. Spam email. There are bots out there which relentlessly hunt down email addresses so their masters can deluge you with unsolicited commercial email (or worse, virus infections).

The best solution is to never show the email address – get your users to use a “Contact Us” form or similar so that there’s nothing for the bots to find. But sometimes you can’t do that, either because of how the pages are hosted or your client simply doesn’t want you to.

So… jsNoSpam was born. 100% javascript, so all client side and easy to insert anywhere that allows you to edit raw HTML and include javascript.

The script works by doing a number of things…

  • Requires you to encode the email addresses so they never appear in a recognizable form in the script or HTML source.
  • Supports decoding the email address back to a usable format
  • Allows you to display the de-coded address on the page, or to require a user action (mouse over, click, keyboard navigation etc) before revealing the address.

Because the email address which is inserted into the page via the script is clickable and usable like any regular mailto: link would be user inconvenience is reduced to a minimum, but the effort for a bot to scrape the address is increased and hopefully as there are enough potential variants in how the script can be applied it will keep it ahead of the game.

Here is a live demo of the code in action.

The code is hosted on GitHub, and is open source and unrestricted license (though it would be great if you find it useful if you comment here). It’s been tested in as many browsers as I can and also with assistive technologies (eg NVDA) but if you do find an issue please comment (or better yet fire off a pull request for me to incorporate your fix).

On their own, the techniques used (encoding the address, requiring user intervention etc) are not new, but hopefully combined they will produce a robust enough solution for people who need this workaround.

Security of individual accounts matters (but not to Starbucks)

June 22, 2015

There has been a lot written recently about major system compromises, where banks, Government departments, Healthcare, and other companies are targeted and huge collections of personal information get harvested. Often lasting for months before discovered these attacks reveal PII (Personally Identifiable Information) such as social security numbers, dates of birth, addresses, email addresses and, in too many cases, passwords.

Defending against these attacks is an on-going challenge, but storing information in a way that it can be harvested has a significant impact on users of the service – ranging from identity theft to direct financial loss.

But it is not just servers where the risks lie. Poor information security on the end user experiences compromise individual accounts and can be hard to detect, easy to overlook because of how it’s reported.

Starbucks original logoEarlier this year Starbucks was mentioned as a possible victim of one of these attacks as users accounts mysteriously were being accessed. To remedy this Starbucks rolled out an update to their iOS app and presumably their Android app. This may or may not have improved things for their website or for 3rd party apps running on other platforms. Most of their response appeared to have been PR and damage limitation rather than really beefing up security.

Recently I experienced one of these mysterious losses. While I was in Australia on business someone in Ontario Canada was apparently using my card. And thanks to the convenient auto-reload facility on my account the system kept merrily making more funds available to the thief.

Read the rest of this entry »

Roaming. Why is it such a ripoff?

August 28, 2014

Before I get into it, I get that Telco infrastructure is expensive. All those towers and cables and spectrum licenses and staying ahead of the technology curve doesn’t come cheap. However a lot of that is their own fault. Refusing to share infrastructure and trying to push proprietary technology to create customer lock-in and creating more and more complex plans to lock consumers in just makes the problems worse. Read the rest of this entry »

Lane Filtering

July 4, 2014

There is nothing more frustrating for a motorcyclist than being stuck in stationary or slow moving traffic, especially when there is ample room either against the shoulder or between lanes to safely filter to the front of the queue.

Sadly in the US lane filtering (or splitting) is only legal in California, and even the splitting rules for the Californians largely recommend something closer to filtering.

Every motorcyclist probably has a different view of what’s safe – no matter what the outcome it’s always your fault – I personally err on the side of caution and would be happy to see it only allowed if traffic is moving at less than 25 mph and the motorcycle was allowed to go no more than 20 mph above the speed of the queue. Riders need to consider many factors – not just the size of their bike and the size of the gap!

Statistics from Europe on motorcycle accidents have shown a 2.8% chance of harm coming to a stationary motorcycle in traffic but it drops to a 0.4% chance when riders can filter forward. So not only does it help create more space on the road for motorists it actually keeps the rider safer. Read the rest of this entry »

Why, after 8 years, do my vaccinations suddenly matter?

July 1, 2014

As anyone who has jumped through the migration hoops to get a US Green Card there are many parts of the process that don’t actually hold up to inspection by the Socratic method. Or for that matter any other measure of common sense.

The one that baffles me today (while I wait for the totally opaque PERM process to complete) is vaccination. Read the rest of this entry »

Connected Cars and Smarter Smartphones

June 25, 2014

As smartphones get smarter, and cars more connected it seems to me that there is a huge untapped market. Not everyone will replace their car along with their phone (or vice versa) so an opportunity exists to create a flexible, standards based solution both for new vehicles and aftermarket retro fit scenarios.

Luckily many of the standards needed to deliver this already exist. Bluetooth, NFC, wireless charging, ODB-II can all combine to present a seamless experience – if only the software was available to tie it all together… Read the rest of this entry »

Could Skype be the one communications client to rule them all?

June 23, 2014

Google has Google Voice (soon to be part of Hangouts, expanding their footprint for the ailing – or morphing – Google+ by forcing users to switch), Facebook has their Messenger client, there’s Viber and Line in the Voice space and WhatsApp and SnapChat delivering text and image messaging. The iPhone has Visual Voicemail and iMessage. Where is Microsoft fit in all of this? Read the rest of this entry »

Why can’t I have one number, but two SIMs?

June 10, 2014

In this age of smartphones with big delicate pieces of glass and a non-swappable battery that dies in the middle of the afternoon I often need to carry a second phone. For active folks with a 5″ phablet with glass front and rear they might want a beater phone to take when they run or hit the trails.

The simple solution used to be just swap your SIM. But in these days of regular, Micro, Nano who knows what else sized SIM that’s not always practical, even with the variety of trays available to help convert. Read the rest of this entry »

Indicate. Help me keep rule #2

June 4, 2014

The first rule of riding a motorcycle is simple – don’t fall off. The second is it’s always your fault. Some people put them the other way around but I like to think that if you’ve managed to follow #1 then #2 should take care of itself.

There was gravel; they turned into me; he wasn’t looking; the light was green. They don’t cut much ice when the rubber meets the road. I’m in my 40s now, and that means I’ve had a bike license for over half my life and that hasn’t changed in all those years.

What has changed is how crowded the roads are and that leads to more moving pieces to keep track of. The road surfaces seem to be worse (maybe I am getting old), everyone is in much more of a hurry and drivers (and riders) are more easily distracted by an ever broader range of technology to fiddle with at 60 miles per hour. Read the rest of this entry »

Will work for Internet Points!

February 3, 2014

For a year and a half I’ve been helping solve problems, write samples and clarifying questions to make them easier to answer. It’s not my day job and it doesn’t even pay peanuts. It pays me in something even less tangible … internet points! Read the rest of this entry »