Diary of a geek

November 2005
Mon Tue Wed Thu Fri Sat Sun

Andrew Pollock


Other people's blogs


RSS feed

Contact me

JavaScript required

Sunday, 06 November 2005


Greg Kroah-Hartman did say:
If you have a problem with the way Debian handles udev, I'll point you to the proper place to complain about that. Debian is slowly sinking into the muck and it's fun watching it happen.

That hurts.

[19:31] [debian] [permalink]

Obfuscating email addresses with JavaScript

So I got pet peeved by Carlos Laviola in relation to by recent pondering about how MacOS X's SSH agent starts up on login.

Perfectly reasonable grounds for complaint. I have had people contact me in relation to blog posts in the past, so it's obviously not impossible. People know I'm a Debian developer and can put two and two together and wind up at db.debian.org.

Anyway, I'm the first to admit that my blog probably has too many of the Weblog Usability Top Ten Design Mistakes (something for me to work on). To date, I've been avoiding plastering my email address on my website because I didn't want to get it harvested. I try and use a per-list email address for this reason as well, and I haven't enabled blog comments because of comment spam, and because I haven't been clever enough to implement comments with Blosxom full stop.

So I started getting an idea for reversibly encrypting my email address on my blog after reading about Hashcash for Wordpress the other day.

I first started playing around with the Vernam cipher in High School, when I wanted to easily reversibly obfuscate some data for something. I'd read about this cipher in a magazine or something and seen it implemented in Pascal (it's not exactly hard).

So I happened upon the idea of encrypting my email address with the Vernam cipher. Turns out another chap's already got a page for encrypting and decrypting on the fly with JavaScript. It even generates the JavaScript for putting in your own web pages. I had to use a different key to avoid getting dollar signs in the encrypted string, as this confused the tripe out of Blosxom (and me for a while when I tried to figure out what was going wrong).

Then I thought it'd be nice to explain to people who had JavaScript disabled what they might be missing out on, so I fiddled around with some DOM stuff, and had some text get displayed if JavaScript was disabled. When JavaScript is enabled, this text is replaced by the decrypted text.

So of course, like the Wordpress Hashcash, this is largely relying on the inability of spam bots to grok JavaScript. Once they can, this obfuscation technique is all for naught. Meanwhile, you can email me bit more easily now if you get the urge.

View the source of my blog for an example of the implementation.

[03:56] [code] [permalink]