

Best CAPTCHA ever - olalonde
http://qntm.org/edit_comments.php?slug=responsibility

======
batterseapower
Note a very good CAPTCHA, since as a spammer I can get the answer by just
feeding the question to Google:

<http://www.google.com/search?q=square+root+of+minus+one>

This should also work on those CAPTHCAs that ask the user to solve a simple
math question.

~~~
paulgb
You'd be surprised how many spam scripts are stopped by this anyway. Most of
them follow a shotgun strategy: crawl the web and submit their spam to every
form they see. I think the logic is that if someone is vigilant enough to
install a CAPTCHA in the first place (especially a custom one), they'll be
vigilant enough to quickly delete the small amount of spam that they do see.

I did some experiments on a WordPress blog monitoring what the bots were
doing. A surprising number didn't even seem to parse the form, they just had
standard POST data that they sent when they found an article with comments.
These must have been WordPress-specific spam bots, but even the other bots
were not much smarter.

~~~
mike-cardwell
If that's the type of bot you're targetting, then there are better, simpler
methods which don't involve having to make the user jump through hoops.
Example:

[https://secure.grepular.com/Blocking_Comment_Spam_Using_ModS...](https://secure.grepular.com/Blocking_Comment_Spam_Using_ModSecurity_and_Hidden_Fields)

That trick blocks bots from posting comment spam on my blog every single day,
and it hasn't failed once since I started using it months ago.

~~~
paulgb
Very true. I used a similar method after my experiments, using JavaScript to
fill in a textbox (and degrading gracefully to a simple CAPTCHA for users
without JS). The CSS/mod_security trick wouldn't have been as effective with
WordPress since some of the bots don't actually parse the form and would
submit the form without the confirm_email field.

------
RiderOfGiraffes
Actually it has several answers, some of which include +i, -i, +j, -j, +k, -k,
if you're working in the quaternions, for example.

It also means otherwise intelligent and erudite people who aren't
mathematically inclined won't be able to comment, which seems a shame.

------
est
the answer is wrong. It's either -i or i.

~~~
Tobu
Yeah, sqrt is only for non-negative reals. The question should be worded “what
numbers in C have squares equal to minus one?”

------
hackermom
I suppose the "best" part of this CAPTCHA is that it always asks the same
question? i.

