

Man I hate captchas!  - jamongkad

Do you guys think captchas are necessary? I think they just ruin the whole look of the website + they annoy users to high hell. Is there any way around the implementing of captchas? 
======
dpapathanasiou
SeekSift uses a reverse captch/honeypot (explained here:
<http://www.nedbatchelder.com/text/stopbots.html>) and it works really well,
w/o the annoying user interface problem you've described.

~~~
willarson
Interesting, and good, ideas. I think they could be defeated by a well
designed spam bot, but most (if not all) currently used techniques could as
well.

I haven't used a screen reader, nor have I looked at their source code, but it
did make me wonder if such a setup (with user invisible fields) might still be
read by the screen readers (depending on how they convert the raw html into
content for the listener).

If I ever get around to fixing my comment system on my blog (I don't really
like comments... and thats probably why my current commenting system is
passive-aggressive), I'll try implementing these ideas. Good link.

------
willarson
Although often not considered, the greatest flaw of captchas is they make some
functionality unavailable for disabled web users (audio captcha for the deaf,
standard distortion captchas for those with poor eyesight, flash captchas will
also be impervious to screen readers).

I have played with captchas a bit and I think its important to make captchas
which rely on thinking and comprehending, not on some facet where human senses
are still more acute than electronic sensors (this is a deadend, as computer
cycles get cheaper and algorithms improve I don't really believe that human
senses will be superior to dedicated electronic ones in well... anything).

My favorite captcha (perhaps my own idea, not quite sure though) is to have
something like this "Please enter the missing item: 532 533 534 535 536". This
satisfies my requires for a 'fair' captcha: 1. it is delivery neutral (a
screen reader, a blind individual, or a fully healthy individual can all
understand this captcha), and 2. It is relatively resistant to brute force
because the question doesn't contain the answer.

As is stands, the vast majority of captcha implementations are discriminatory
(you need to, at minimum, have a choice between an audio and a visual captcha,
or use a captcha that is delivery neutral).

The best way to avoid needing a captcha is to build a non-consistent UI (which
is to say, to differentiate yourself, hopefully by making it better) that the
existing spam algorithms won't recognize. Much like diverse genetics give
species resistance to disease, diverse design and UIs give the internet
resistance to spam.

~~~
Tichy
I think there are algorithms that solve simple IQ tests like that. And how
would the non-consistent UI work? Not use http Post anymore, just do
everything with AJAX?

~~~
willarson
Solving that test is indeed pretty simple, I think its O(n^2) give or take.
Even if it was n^3 the value of n is so low it isn't restrictive. The benefit
is that it is relatively uncommon (not being targeted), and it is more
difficult than the average captcha (less likely to be targeted). It is also
resistant to brute force (many captchas have the answer to them included in
the question, this one requires some parsing and solving, not simply trying
words near the captcha randomly). This captcha is not perfect, but I think it
is better than most current captchas, and it is deliver neutral (doesn't
penalize the impaired). Thus it seems like a step in the right direction, but
is not a final destination by any means.

By non-consistent UI I mean breaking the "Name, Email, Webpage, Body"
paradigm. I think a good (although certainly harder to implement) example of
this is <http://www.djangobook.com/en/beta/chapter01/> . If you click on the
little tabs/indexes on the side of the page a little comment box pops up that
is relevant to the specific position. This UI is sufficiently different from a
standard commenting system that a standard form filling spambot would be
clueless. This is only an example, but perhaps it helps explain my idea of
diversifying a bit. Other types of spam bots would not be affected, but
perhaps similar changes would make them less effective as well (your example
of using Ajax is a good possible example).

------
whacked_new
IMHO captchas still have their place. Any type of turing test would require
intervention by the user. I dunno how low the threshold of annoyance is for
most users, but I tend to think that "reproduce this text" produces a lower
cognitive load than, for example, "what is 4 + 3." If your text is extremely
jarbled that's a different matter... note to self.

Picture matching is a viable alternative and can reduce cog load, but it also
increases the time between captcha and the intended action. I use a
3-character captcha. We'll see how that holds.

------
tomh
Could be worse things than typing words. Brad Fitzpatrick call this the best
CAPTCHA ever: <http://brad.livejournal.com/2331278.html>

------
coffeeaddicted
I had good results with doing an own small modification to our forum software.
I had never done anything with PHP before, but knowing enough c programming
that was still done below an hour (finding the right place to modify was the
only hard part).

I think the point is not which modification I made - nothing that was much
different from some other usual spam-prevention mods which are in use. The
trick is that no spammer cares about a single site enough to work around a
custom solution.

------
daniel-cussen
I've noticed these things get harder and harder all the time. In the end it
will be like a test to block humans out.

Of course, the only thing you really care about when someone/thing does a
captcha is that the, uh, thing won't spam and that it will give you money.
This problem might go away if someone succeeds in designing a system for
making micropayments with a much smaller granularity than Paypal.

------
daniel-cussen
I'm OK with captchas being difficult and even annoying. However, I leave the
site if I have to try more than twice.

------
ivankirigin
Transparent human detection could be achieved with face-detection in a webcam
with controls to ensure the stream is live.

Face detection is a solved problem, and accessing webcams from a browser is
solved. <http://www.merl.com/projects/FaceRecognition/>
<http://youtube.com/my_videos_upload>

If I weren't busy with another idea, I would suggest someone work on this. It
could also be used for a secure login if done with face recognition, which is
fast maturing.

~~~
ivankirigin
I'm curious: why was I modded down? I'd love to hear what is wrong with this
idea.

~~~
jamongkad
Dunno either so I upmodded you :-)

~~~
ivankirigin
ha!

~~~
jamongkad
But for the record I wasn't the one who downmodded you.

------
jamongkad
I've been looking at honeypots and I'm learning how to implement them on my
app. Basically I'm building (well for the mean time until a better idea comes
up.) is a "classified ad" site that doesn't suck and is a beauty to look at.
And the problem I see with apps like these(or rather a subset of the main
problem) is the amount of spam that gets fed into them everyday. Alot of
interesting ideas flowing from this discussion.

------
StStartup
Ofcourse some sort of captcha is necessary. If you are bothered about the
looks, then the real question is what kind of captcha should you implement.
You can go for the audio only captcha , or perhaps even a flash based visual
one.

Repetitive captcha tests can be avoided if your application limits the
frequenzy of submissions made . But this in turn is a larger annoyance for
commenting systems.

~~~
tedhaile
how about a captcha that records the movement of the mouse. for example, trace
this image or make five circles in a row.

~~~
StStartup
Its still a captcha.

------
randallsquared
One way to be transparent to normal users, as long as your site uses
javascript anyway, is to do a javascript (or flash, I suppose) hashcash
implementation. If javascript on a typical browser takes 45 seconds to work
out a solution, then that's enough to prevent spambots from just implementing
it without driving the amount of spam they can send out way down.

------
mynameishere
Which of the following would you prefer:

1\. A flower from your sweetheart?

2\. A warm puppy?

3\. A properly formatted data file?

ANSWER!

------
abhijit
simple arithmetic ones' loaded through ajax. Using it for one of the projects
that I am working with. Don't think its great, but works for me.

[http://oltsm.blogspot.com/2007/06/ra-captcha-idea-for-
ajax-b...](http://oltsm.blogspot.com/2007/06/ra-captcha-idea-for-ajax-based-
captcha.html)

------
aquafina
captcha's can be necessary and definitely reduce spam, but some of them are so
cryptic i can't even read them.

------
ivan
Sound captchas

