
 Should I make this open-source? - Jhsto
http://jaudu.net/
======
pyalot2
The purpose of a captcha (as flawed as the concept may be) is to filter out
spam (comments etc.)

The idea behind a traditional captcha is to present a task that is easy for a
human to solve (ha-ha) but hard for a computer.

As far as I can tell, your method does not rely on this principle. Which means
that you use some machine-readable scheme that relies on obfuscation to
provide this function.

While that method may work individually, it does stop working as soon as your
method gains any kind of traction, because then spammer will target exactly
your scheme and any advantage is null, void and gone.

~~~
Jhsto
I'm aware of this, but in my distinct opinion it is at least worth of trying.
Spammers make money out of posting links all over the web and crackers make it
by selling compromised accounts or the personal information attached to them.

Even if it would work only for a brief time it surely would make their job
harder and the overall process much more slower.

But then again, this is just my opinion and I've convinced myself it to work -
for that brief time only if nothing else.

------
stewie2
I can't understand this method. If I want to guess someone's password, I will
hack a web browser code, automatically fill-in username and password and
submit. Why can this method stop it?

~~~
Jhsto
If you would make that to work and the site would not have a timelock or
banning enabled, it would not be stopped.

The problem with spammers and crackers are not people like you, but rather the
ones ho hammer sites using thousands of bots running behind proxies, which
send raw POST data to the action url of the site's form. Even with CAPTCHA the
bots are able to successfully send the POST data using OCR, which
recognization rate varies from all around 10% to high as 80% depending on the
CAPTCHA system used.

For this reason, even if your method would work it is lesser bad for the
website owner.

Every solution has its weaknesses, but it is rather subjective which has the
least of them.

------
the-kenny
Broken with flash-blocker. I'll never come back to a site using this.

~~~
Jhsto
Does it give out any errors? I don't see a reason why would it act so, because
the site has nothing in flash.

~~~
aseidl
The issue may have to do with NoScript or some other JavaScript blocker as the
method appears to rely upon JS. (Tested in Lynx and Firefox with JS disabled.)

Jhsto: you might want to include a noscript tag warning visitors about this.
Of course it might be better to have this done server side as anything client
side will eventually get worked around.

~~~
Jhsto
Thanks, I'll fix this soon enough.

