I was commenting at a friend's site the other day and I had to make multiple attempts because I was wrestling with CAPTCHAs like these:
It took me the longest time to even realize that there is a tiny letter j in the bottom right corner. I kept entering "p2rgf" and failing the test. It was actually when my
roommate looked over my shoulder that he discovered the errant bastard j in the corner. How was I supposed to spot that?
At the very least there could be a little note off to the side actually telling users how many characters they should expect to enter, but the truth about CAPTCHAs is that machines can be smarter than people. I don't have the powers of visual discernment that a good computer algorithm has. I know CAPTCHAs are intended to prevent computers from getting into user systems while allowing users, but CAPTCHAs have gotten to the point where they are so complicated that neither can get in (God forbid I should have poor vision, in which case I wouldn't be able to pass the simplest of CAPTCHAs).
Now I know it's cool to be able to implement CAPTCHAs and show off your prowess with funky image-processing functions, but my honest opinion about CAPTCHAs is that they should no longer be used. There are two far better spam preventions on the web today that do not cause the user frustration that CAPTCHAs are known for. One would be Akismet, which maintains a centralized database of known spammers and validates all accesses to that database. The other would be localized systems such as the one described by Ned Batchelder ("Stopping spambots with hashes and honeypots") which catches spambots in their own game by tricking them into committing the typical actions spambots are known for that humans won't do. Either system is highly effective and neither presents any extra work to the user; they are systems that target the spambots and make them identify themselves rather than force users to prove they are human. I think developers en masse need to drop CAPTCHAs altogether and put their effort into implementing systems like the alternatives I've mentioned. If that happens, I think the web as a whole will take a turn back towards usability, which is really what this whole "read-write revolution" is supposed to be about.