A Single Article

Read it, comment, and share it with your friends

CAPTCHAs are getting out of hand

Posted February 12 in Technology.

I was commenting at a friend’s site the other day and I had to make multiple attempts because I was wrestling with CAPTCHAs like these:

captcha-example.jpg

It took me the longest time to even realize that there is a tiny letter j in the bottom right corner. I kept entering “p2rgf” and failing the test. It was actually when my roommate classmate looked over my shoulder that he discovered the errant bastard j in the corner. How was I supposed to spot that?

At the very least there could be a little note off to the side actually telling users how many characters they should expect to enter, but the truth about CAPTCHAs is that machines can be smarter than people. I don’t have the powers of visual discernment that a good computer algorithm has. I know CAPTCHAs are intended to prevent computers from getting into user systems while allowing users, but CAPTCHAs have gotten to the point where they are so complicated that neither can get in (God forbid I should have poor vision, in which case I wouldn’t be able to pass the simplest of CAPTCHAs).

Now I know it’s cool to be able to implement CAPTCHAs and show off your prowess with funky image-processing functions, but my honest opinion about CAPTCHAs is that they should no longer be used. There are two far better spam preventions on the web today that do not cause the user frustration that CAPTCHAs are known for. One would be Akismet, which maintains a centralized database of known spammers and validates all accesses to that database. The other would be localized systems such as the one described by Ned Batchelder (”Stopping spambots with hashes and honeypots“) which catches spambots in their own game by tricking them into committing the typical actions spambots are known for that humans won’t do. Either system is highly effective and neither presents any extra work to the user; they are systems that target the spambots and make them identify themselves rather than force users to prove they are human. I think developers en masse need to drop CAPTCHAs altogether and put their effort into implementing systems like the alternatives I’ve mentioned. If that happens, I think the web as a whole will take a turn back towards usability, which is really what this whole “read-write revolution” is supposed to be about.

Meta

Useful things

Related Articles

These just might ring a bell

Get a Trackback link

11 Comments

Responses to my article
  1. Andrew Ingram February 12, 2007

    My favourite approach is to use a Question/Answer CAPTCHA (probably the wrong acronym for this actually) along with a centralised blacklist if anything gets though.

    The Question/Answer approach requires that users answer a very simple question such as “How do you spell Cow?”, once spambots learn the answer you simply change the question. It’s completely accessible as it uses text rather than an image and is as sophisticated as the questions you choose.

  2. Kyle Korleski February 12, 2007

    I hate those kinda captchas.

  3. Dean Strelau February 12, 2007

    Umm…it was me who looked over your shoulder.

  4. Christian Montoya February 12, 2007

    Oh yeah, I remember now! Thanks for the correction Dean.

  5. Hamish M February 12, 2007

    Yes. CAPTCHAs are one of the web’s deadly sins… that and those annoying “Snap” popups.

  6. Phil Renaud February 13, 2007

    This post has convinced me to ditch them, actually. Thanks, Christian!

  7. Christian Montoya February 13, 2007

    Your welcome Phil, and let me know if you manage to implement something like Akismet or a honeypot technique.

  8. Rob Beagrie February 13, 2007

    I have seen some interesting alternatives recently, including a small checkbox that says “tick if this is not spam”. Unfortunately none of these sorts of things will ever stop humans, and almost all of them would be useless if they became too widespread. I think originality is the key.

  9. Jem February 15, 2007

    I think you put too much faith in Akismet - I know of a couple of people using it who’re still having problems with spam. That said, I completely agree that there are other methods of spam protection that mean you shouldn’t have to resort to using a CAPTCHA. Since implementing my scoring system I’ve had very little spam (and none of it gets through to my blog anyway).. my only problem is finding the perfect ‘max score’ that gets rid of that last 1-2 spam comments but doesn’t hinder the progress of a real commenter.

  10. sigurd at silverstripe dot com February 22, 2007

    I say go akismet; the ease given to the user is the most important aspect. I totally agree with captchas; I fill out dozens and I cringe every time I bump into them.

    The small portions of spam that do get through is much more tolerable than captchas, or quizzes. Plus, if you integrate with akismet properly, you can notify akismet of spam that has got in, so that it refines the system.

    We use it on our open source blog system (see http://demo.silverstripe.com) and on our website, to great success :)

  11. Auron February 26, 2007

    Have you seen the captchas on rapidshare lately? I swear those things have done the impossible and made 30point font text and above next to unreadable.

    :: shudders ::

Leave a comment

Share your thoughts with the world

You can use Markdown, or you can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Please keep comments respectful and on topic.

This form is guarded by Akismet, so don't waste your time trying to submit spam. It won't work. Ever.





Stay on top of new updates at this site: Subscribe to the Feed!