

They Make Apps' slider-based alternative to CAPTCHA - adamhowell
http://www.lukew.com/ff/entry.asp?1138

======
swombat
This is completely useless as a solution to the captcha problem. It's only a
solution if you're not actually tagetted by spammers.

A slider? Really? Yeah, there's no way a script could fake changing the value
of a slider.

~~~
wooster
Spammers are lazy. They like to target lots of sites at once. A post of mine
from a few years ago explains the rationale behind one off schemes such as
this:

<http://www.nextthing.org/archives/2005/07/16/a-few-upgrades>

My own has worked fairly well for me since then.

~~~
Gnolfo
"Spammers are lazy" does kinda work for the multitudes of small-traffic sites
out there. Put together some unique or custom validation to keep out spambots
and odds are that's all you'll ever need.

The thing is, for big sites like Google or Yahoo that won't work. If Google
implemented the slider I'd bet a month's salary that it would be flooded with
spammers overnight. The CAPTCHA's they use have been put through the ringer
and are proven to work against spammers who are focused and resourceful. By
lining the two up like that, the post tries to equivocate big site CAPTCHAs
with user-friendly client-side-only validation, but the latter is not even in
the same league, much less an alternative. It works for the same reasons
"Enter the sum of 3 and 5: ____" would work.

~~~
wooster

      The CAPTCHA's they use have been put through the ringer 
      and are proven to work against spammers who are focused 
      and resourceful.
    

Not really:

\- <http://securitylabs.websense.com/content/Blogs/2919.aspx>

\- <http://www.cs.sfu.ca/~mori/research/gimpy/>

\- [http://www.zdnet.co.uk/news/security-
management/2004/05/06/s...](http://www.zdnet.co.uk/news/security-
management/2004/05/06/spammers-use-free-porn-to-bypass-hotmail-
protection-39153933/)

\- <http://caca.zoy.org/wiki/PWNtcha>

etc. Most of those articles are from several years ago. The state of the art
has improved since then.

~~~
Gnolfo
Sorry, I should have been clearer on what I meant. Google/etc CAPTCHAs don't
work 100% against anti-CAPTCHA. As those articles suggest it's a fluctuating
80% or so, and obviously an ongoing arms race.

My point was more to the fact that the slider solution wouldn't retain
anywhere near the same stats if it were put up against the same level of
effort and sophistication spent towards breaking it. It would get solved and
then bypassed completely.

------
jatenate
That wasn't too tough to break:
javascript:document.getElementById("UserHuman").value="6).%Y.g-";document.getElementById("UserAddForm").submit();

~~~
cfpg
Even simpler:

javascript:updateSlider1(4);

------
alexyim
This (and other creative implementations) works because it's not mainstream.
I'd imagine once it becomes big, spammers will find a way to defeat it.

As far as I know, different CAPTCHAs have different degrees of effectiveness.
Google's is among one of the best.

~~~
karzeem
Am I alone in finding Google's CAPTCHAs unreadable a good 25-50% of the time?

~~~
gojomo
You may already be a robot. And me, too -- I'm sometimes stumped by the Google
CAPTCHAs.

------
nightly
Nice idea. No captcha would be better. How come Facebook doesn't need a
captcha on their create account page?
[http://img.skitch.com/20100702-g2gt6pxcpyug324yhyay4gsj13.jp...](http://img.skitch.com/20100702-g2gt6pxcpyug324yhyay4gsj13.jpg)

~~~
zalew
Because they don't care about a spammer _joining_ fb, they have spam
prevention system on the publishing and friendship actions. I see the re-
captcha very often while publishing stuff (but I'm connected 24/7 to the fb
chat with pigdin), also I've heard that people who try to add too many friends
in a short period of time, get a message from the spam prevention.

also: <http://blog.facebook.com/blog.php?post=403200567130>

------
joegaudet
What might be interesting is to have the position randomly generated somehow.
Or two sliders that you have to line up...

------
what
Someone should make a CAPTCHA that shows an ad and then you have to type in
the name of the product.

~~~
Devilboy
<http://www.adaptcha.com/>

