Andrew Pollock: [code] Obfuscating email addresses with JavaScript
So I got pet
peeved by Carlos Laviola in relation to by recent pondering about how
MacOS X's
SSH agent starts up on login.
Perfectly reasonable grounds for complaint. I have had people contact me in
relation to blog posts in the past, so it's obviously not impossible.
People know I'm a Debian developer and can put two and two together and wind
up at db.debian.org.
Anyway, I'm the first to admit that my blog probably has too many of the
Weblog Usability Top
Ten Design Mistakes (something for me to work on). To date, I've been
avoiding plastering my email address on my website because I didn't want to
get it harvested. I try and use a per-list email address for this reason as
well, and I haven't enabled blog comments because of comment spam, and
because I haven't been clever enough to implement comments with Blosxom full
stop.
So I started getting an idea for reversibly encrypting my email address on
my blog after reading about Hashcash for Wordpress the
other day.
I first started playing around with the Vernam cipher in High
School, when I wanted to easily reversibly obfuscate some data for
something. I'd read about this cipher in a magazine or something and seen it
implemented in Pascal (it's not exactly hard).
So I happened upon the idea of encrypting my email address with the Vernam
cipher. Turns out another chap's already got a page for encrypting and
decrypting on the fly with JavaScript. It even generates the JavaScript
for putting in your own web pages. I had to use a different key to avoid
getting dollar signs in the encrypted string, as this confused the tripe out
of Blosxom (and me for a while when I tried to figure out what was going
wrong).
Then I thought it'd be nice to explain to people who had JavaScript
disabled what they might be missing out on, so I fiddled around with some
DOM stuff, and had some text get displayed if JavaScript was disabled. When
JavaScript is enabled, this text is replaced by the decrypted text.
So of course, like the Wordpress Hashcash, this is largely relying on
the inability of spam bots to grok JavaScript. Once they can, this
obfuscation technique is all for naught. Meanwhile, you can email me bit
more easily now if you get the urge.
View the source of my blog for an example of the implementation.