back to article They don't recognise us as HUMAN: Disability groups want CAPTCHAs killed

The Australian Communications Consumer Action Network (ACCAN), Blind Citizens Australia, Media Access Australia, Able Australia and the Australian Deafblind Council have banded together to campaign for the demise of the CAPTCHA. CAPTCHAs, or Completely Automated Public Turing test to tell Computers and Humans Apart, ask users …

COMMENTS

This topic is closed for new posts.
  1. This post has been deleted by its author

    1. EvanPyle
      Facepalm

      Re: From the Department of The Bleedin Fekkin Obvious Department...

      The problem with a "did you register for this" email is that bots are quite capable of clicking a link in an email.

      1. Nick Ryan Silver badge

        Re: From the Department of The Bleedin Fekkin Obvious Department...

        There are a couple of further problems:

        Abuse of the email verification system to abuse mailboxes - sending thousands of non-wanted "confirmation" emails from your domain is a quick route to be marked as a spam source. Similarly receiving hundreds of these things would quickly annoy any recipient.

        Secondly... what about the case where it's not a registration link? How about where you're just sending a message or reply on a website? Do you really want the hassle of having to check your inbox for a message, that is likely filed under junk, just to send a two line reply to a post or message?

        1. Jamie Kitson

          Re: From the Department of The Bleedin Fekkin Obvious Department...

          > sending thousands of non-wanted "confirmation" emails from your domain...

          So don't send thousands, it should be quite easy to detect when the system is being abused, just restrict the confirmation emails to one a minute.

          > How about where you're just sending a message or reply on a website?

          Why should you have to enter a CAPTCHA once you're registered and logged in?

          1. Malcolm 5

            Re: From the Department of The Bleedin Fekkin Obvious Department...

            > > How about where you're just sending a message or reply on a website?

            > Why should you have to enter a CAPTCHA once you're registered and logged in?

            I think there are times when I should be allowed to interact with a web site without being required to register with it first. (and some of those times I should not be required to supply an email address)

          2. Pascal Monett Silver badge

            Re: "it should be quite easy to detect when the system is being abused"

            I'd think that if it were quite easy to detect when the system is being abused, then we wouldn't need captchas in the first place.

    2. tentimes

      Re: From the Department of The Bleedin Fekkin Obvious Department...

      I totally agree. Even for people with close to normal vision, these things are really difficult - I just find them almost impossible to do and extremely frustrating.

    3. Wibble
      Mushroom

      Re: From the Department of The Bleedin Fekkin Obvious Department...

      And what when I DON'T want to tell the website my email address? Oh, so I have to create a one-off hotmail address...

      A right ballache that they are, Captchas still serve a useful purpose in keeping out bots.

    4. Anonymous Coward
      Anonymous Coward

      Re: From the Department of The Bleedin Fekkin Obvious Department...

      "A simple "Did you register for this?" email is the easiest & most Accessable way to handle the issue, doesn't discriminate against anyone with Disabilities (if they can't read the email, they probably can't read your site, either), and allows for the verification of a person's humanity in a way that doesn't make us want to put a bullet through your face for "proving" otherwise via technology that is, itself, Not Accessable.<br>"

      It's also stupid and can become a wonderful and simple tool to flood people you don't like.

    5. Anonymous Coward
      Anonymous Coward

      Re: From the Department of The Bleedin Fekkin Obvious Department...

      "Any place that uses CAPTCHA's to prove a potential user's humanity, automaticly deserves to be branded "Fuckwad" in big, bold letters across the forehead, shaved bald, & have a lifetime Execution Sentence if they allow their hair to cover the brand, or otherwise allow it to be obscured."

      Ditto for anybody who sticks an apostrophe into a simple plural.

  2. Tim Starling

    Source link

    http://accan.org.au/index.php/access-for-all/media-releases/615-consumer-advocates-unite-to-kill-captcha

  3. asdf

    may I be so bold

    I think I speak for the population without disabilities who also agree FUCK CAPTCHA!!!!!!!!

    1. Dazed and Confused

      Re: may I be so bold

      Even when I had "perfectly good eye sight" I still really struggled with these damn CAPTCHA things. Since hitting the age where reading glasses are necessary I find them even worse.

      I realise that something is needed to stop the SPAMmers but this isn't it.

      I'm sure I remember a story here on El'Reg a while back about SPAMmers getting around CAPTCHA by using porn bate, getting left handed typists to solve the CAPTCHAs for them.

      1. gerryg
        Terminator

        Re: may I be so bold

        I'm a left-handed typist.

        I hold my pen in my left hand. I throw a ball with my left hand and stir my coffee anti-clockwise - how do these skills help?

        1. Anonymous Coward
          Anonymous Coward

          Re: may I be so bold

          > I'm a left-handed typist.

          Left-handed typist is a euphemism describing a porn sites visitor's need to type with his left hand because the right hand is being used for, erm .... other things.

          > how do these skills help?

          Stress relief?

          1. Anonymous Coward
            Anonymous Coward

            Re: may I be so bold

            " Left-handed typist is a euphemism describing a porn sites visitor's need to type with his left hand because the right hand is being used for, erm .... "

            Bloody amateurs. Everyone knows you're supposed to change hands every ten minutes or so.

  4. Adrian 4 Silver badge
    Thumb Down

    They're useless anyway

    Captcha's don't work. The spammers get past them, probably with cheap labour.

    So there's no real point in having them.

    1. Anonymous Coward
      Anonymous Coward

      Re: They're useless anyway

      Totally disagree. I had a form on a site of mine with no captcha...was fine for a while, then the spam attacks started, all sorts of crap ending up in the database. Captcha added, problem went away, no spam for 3 years.

      Until someone can suggest a better solution that isn't completely user-unfriendly (the link-in-an-email doesn't suit our use case at all) then I'll have to keep on using them.

      1. knottedhandkerchief

        Re: They're useless anyway

        Although not perfect, "honeypots" are a good enough alternative. They require CSS and/or Javascript, and assume the spammers are attacking all sites generally, not specifically (e.g. hotmail), and not using cheap labour. For small sites, it's perfect, and what I use.

      2. TsVk!
        Meh

        Re: They're useless anyway

        I've seen a great new captcha type verification that solves this. A simple question like "Which of these are dogs?" and 8 pictures with dogs and cats. Click on the dogs and in you go... Works very well.

        As far as small sites go it's a great solution, but once larger sites start using it it's not random enough to keep out the hackers/spammers though.

    2. DropBear
      Devil

      Re: They're useless anyway

      You might not even need any labor at all. How sure are you that various shady yet widely-used MegaSuperFileStorage & co. type sites never re-serve captchas actually presented by other sites, reusing the provided answers for their own purposes...?

  5. Wzrd1

    I have lattice degeneration, as well as partial posterior lens capsule opacity and moderate hearing loss and tinnitus secondary to an IED blast, I fucking HATE CAPTCHAs and wish bodily harm on those who insist on their use.

    I'm now at the point where I avoid services that utilize the damned things, as I'd rather masturbate with a cheese grater than screw about with CAPTCHAs.

    1. Anonymous Coward
      Anonymous Coward

      I feel your pain, but wishing bodily harm against someone is a bit like planting an IED yourself

      1. VinceH

        No, wishing it is something that only happens in the mind, while actually planting an IED is something that happens in the real world - as such they are totally different.

        Unless you're with the thought police.

        Are you with the thought police?

        1. LinkOfHyrule
          Joke

          I tried joining the thought police...

          ...I did really well in the exams until we got to the "mind captcha" as they call it - totally failed at that one!

        2. Anonymous Coward
          Anonymous Coward

          be careful what you wish for

    2. Anonymous Coward
      Anonymous Coward

      > I'd rather masturbate with a cheese grater

      What's stopping you?

  6. LateNightLarry

    DUMP CAPTCHAS

    Far too many CAPTCHAs are so "obscured" that I have to repeatedly ask for a different CAPTCHA... sometimes as many as a dozen or more times... either make them more legible for the average person with age related vision problems or get rid of the damn things...

    1. Anonymous Coward
      Anonymous Coward

      Re: DUMP CAPTCHAS

      I've got decent eye sight, but I still struggle with those bloody captchas. Although someone above claimed that spammers can automate the response to verification emails, I'm not convinced. They normally contain multiple links to the confirmation form - a "clever" bot may follow all the links, so the answer could be to include one that cancels the subscription request. Another option is to include a keyword or phrase in the verification email that must be entered into a form on the page the verification link points to.

    2. dogged

      Re: DUMP CAPTCHAS - Just add colour

      My eyesight is better than 20/20 but I suffer from degenerative monochromachia. One problem this causes is that coloured text often becomes illegible.

      When it's been deliberately munged AND coloured on top, it's literally impossible to read.

      I don't have a solution but I really wish that captchas didn't come in so many multicoloured varieties.

      1. The Eye Specialist

        Re: DUMP CAPTCHAS - Just add colour

        I suffer from molluscum Contagiosum, Dacryoadenitis, Thygeson's superficial punctate keratopathy and Keratoconjunctivitis sicca and can't see these frickin CATCHAs. Also these eye diseases names are peeing me off. How am I expected to spell them propelry?

    3. NightFox
      Facepalm

      Re: DUMP CAPTCHAS

      ...which raises an interesting question: can you mount a DDOS attack on CAPTCHA by repeatedly asking for a different phrase? If so, they need to introduce some sort of authentication mechanism to ensure it's an actual person asking for a different CAPTCHA and not a bot...

      1. I ain't Spartacus Gold badge
        Happy

        Re: DUMP CAPTCHAS

        NightFox,

        You an evil, evil man.

      2. Anonymous Coward
        Trollface

        Re: DUMP CAPTCHAS

        How about another captcha to make sure a person is asking for a different captcha and if he/she requests another captcha for the captcha making sure that a person is requesting a captcha for the captcha request?

        1. I ain't Spartacus Gold badge
          Happy

          Re: DUMP CAPTCHAS

          At this point we'd have to rename it from CAPTCHA to KAFKA.

          Working out a suitable backronym for this, I leave as an exercise for the reader...

  7. Cheshire Cat

    Although I hate using catchas....

    Although I hate having to enter captchas, as a support forum admin I have to implement them.

    Before I had captcha on the registration process, the forum was being spammed into oblivion every day. Having email confirmation was next to useless as the spambots could automate it; they would hit the board with hundreds of spams in less than an hour.

    It reached the point where I disabled the board entirely, before enabling a rather vicious captcha. Spam still gets in, thanks to the cheap-labour issue mentioned before, but a mere fraction of what used to hit.

    I can understand that it makes life difficult for people with visual impairment etc, but the fact is that without it, there would be no forum at all for people to register on as I could not contain the levels of spam. Until something appears that works as well (or better) without the disadvantages, then this is the only option.

    1. DropBear
      Holmes

      Re: Although I hate using catchas....

      Have you tried image-based ones (like Photo Captcha)...? I'm pretty sure describing / recognizing the content in a random image is way harder for a machine (for now) than recognizing some letters twisted out of shape too much even for average humans.

      The suggested implementation above could even be expanded upon by bringing in fresh, new images all the time - serve more (2-3) of them, ask the user to describe them with one word - the first one would be an already "trained" photo with a collection of most often suggested answers while the second (third) would be a fresh image in training, gathering suggested keywords until a confidence level is reached and itself becomes a trained one. I think ReCaptcha does something similar, sans the photo angle (and they swear they manage to avoid brute-spamming particular words into something they are not).

      Granted, this might not do much for people with disabilities, but I think the rest of the world would be rather grateful... ;)

      1. Charles 9 Silver badge

        Re: Although I hate using catchas....

        That doesn't solve the cheap labour angle because they're actually HUMAN, meaning anything a genuine user can solve, THEY can solve. Basically, cheap labour end-runs around the CAPTCHA because they're not the type of spammers the thing's intended to block. In fact, cheap labour may be an unsovleable problem in general because you're trying to tell between two humans: one of which is willing to mimic the other well enough to pass any kind of test to tell them apart.

    2. dan1980

      Re: Although I hate using catchas....

      Plus one to you good sir/madam.

      This is the 'brass tacks' of the situation - for some website operators, the option is between a flawed but viable and largely-effective system and shutting down their sites.

  8. dan1980

    CAPTCHAs are annoying and I don't need a better reason than that to want them gone.

    But, taking the argument of ACCAN, their alternative doesn't hold up. They are limiting themselves to registration forms for signing up to websites which is a valid issue but not the only instance where CAPTCHAs are used.

    Thankfully not all websites require you to sign up to use them (yet) and so there are a lot of CAPTCHAs in use where the proposed solution of sending an e-mail just doesn't make any sense.

    To find a real alternative, you have to start by asking what the product does.

    The purpose of those annoying scribbles is to verify that a human rather than a 'bot' is interacting with the website. Further, it is doing that in the website, without the any additional processing from the user OR the site operator. FURTHER, it is a bit of bolt-on code that requires no additional infrastructure, maintenance or support from the website operator.

    Compare that feature-set to 'just send an e-mail'. That 'solution' addresses none of the above points.

    There needs to be a better solution but I think it's naive to just blurt out a 'common sense' answer, without accepting that if a workable alternative was that simple then we would have it already. There is a reason why 'just send an e-mail' isn't on the W3C's list and it's not because they haven't thought of it.

    There's also a reason why none of the proposed alternatives have gained any acceptance, and that is because they are intensive to implement. A small business can very easily add a CAPTCHA to their website. Try adding 'Heuristic checks' to your small business's website!

    I agree with ACCAN - they are difficult for even the most sharp-sighted of people to use so it is evident they would pose problems for others, less able users (including the elderly). I just think they need to recognise that the solution isn't that simple.

    1. I ain't Spartacus Gold badge

      dan1980,

      That post is far too reasonable and thought through. How the hell did you get access to these forums?

      I've always hated CAPTCHAs. It's a rare time that I can get the buggers on the first go. I have very severe sight problems. Sadly the audio ones are even harder to decipher, and I've got pretty good hearing. So I just merrily go through a few (swearily if I'm being honest), until I get one right, like house drumpBty or somesuch. The nonsense words are particularly hard for me, because there's no context, so if there's one letter I can't read, then it's impossible to guess. Whereas if the u in house is unclear, I can get it from context.

      Unfortunately the same problem applies to OCR. If it's unclear about one letter, it can go to word tables, and come up with a probability for what word it'll be. Hence making it easier for me, is probably going to do the same for the bots.

      Actually I think this is the first time I've properly thought about the bloody things, and despite the fact that they're hateful, annoying and discriminatory - they're also quite hard to replace. Email confirmation isn't going to stop a well-written spam-bot. Anything that's commonly used, and available for people to just bolt-on to their site is going to be worth the spammers writing a counter to. And there's always the problem of paying peanuts to people in web cafes.

      Someone suggested a simple astronomy question for their local astronomy site. Which works by security through obscurity. As soon as that solution became commonplace, bots would be written with a database of easy astronomy questions. Anything that a test can get me to look up, the spammers can also do.

      Anything I can think of that's more human is even harder to make accessible. Things like cartoons, or puzzles are going to be much harder to bung through a screen-reader - and I'd have thought any questions can be looked up as easily by the spammers as the customers. Or at least put onto the spammers database, as fast as they go on the questioners database.

      Perhaps the answer to spam is identity confirmation before you're allowed to register a domain, and then vigilantes with baseball bats? There are more of us than there are of them...

  9. Anonymous Coward
    Anonymous Coward

    I use CAPTCHAS

    I hate CAPTCHAS

    If we don't use them we get spammed to the bejesus!

    A necessary evil?

    I'd love to see some effective alternatives.

    1. Yet Another Commentard

      Re: I use CAPTCHAS

      Can bots get around pictures?

      So, for example rather than an obscured word I get a picture of a herd of cows and am asked to type in, in English, the singular of the animal/object in the picture. There could be quite a lot of pictures to pick from, and not necessarily animals.

      Just a suggestion.

      1. I ain't Spartacus Gold badge

        Re: I use CAPTCHAS

        Two words: Screen reader. Or if you want different ones: Visual impairment. Which was rather the point of the article. Pictures resolve a small amount of annoyance for people who can already solve CAPTCHAs, but do nothing to solve the problems for many of the people who struggle with them.

        Also, if it's a limited database of pictures, implemented by a commonly used piece of CAPTCHA software, then yes, the bots can solve it. By having access to the same list of pictures and answers. So the arms race would continue and the pictures would have to start being obscured and buggered around with, to stop the bots recognising them...

      2. Charles 9 Silver badge

        Re: I use CAPTCHAS

        But going to pictures means you inconvenience the blind, which means you create accessibility problems. Pictures are the bane of screenreaders, and anything you do to make it more accessible to a screenreader instantly makes it easier for a bot to read (because both improve when you make things machine-readable).

        1. RW
          Devil

          Re: I use CAPTCHAS

          But computers today are fundamentally devices with a visual-tactile interface. If you are blind and fingerless, you really need to find some other hobby than responding to comments on El-Reg (for example).

          1. I ain't Spartacus Gold badge

            Re: I use CAPTCHAS

            RW,

            Firstly I'd like to disagree with the sentiment involved in your post. So long as we don't greatly have to inconvenience society in order to be inclusive, we should do so. There's obviously a trade-off once things become more difficult and expensive - and that's where a process realistic of negotiation needs to take place - which is hopefully the role of politics.

            There's no excuse, or reason, for marginalising large sectors of society. Particularly as computer aren't a hobby. They're a vital in many jobs, as well as being a medium of access to various services.

            Secondly I'd like to point out your error of fact. Computers aren't fundamentally devices with visual-tactile interfaces. The ones you use might be, but many others aren't. For example look up the Braille-note, which is a 'laptop' with braille keyboard and output device. Which has a tactile interface, with optional spoken output.

            Complete speech interfaces have been commonplace for years now, and are getting to be rather good. Plus you've got Microsoft's Kinect and equivalents - which can track gestures or eye movements.

            Now I'm happy to admit that the internet has a lot of content that's visual, either video or pictures. But a great deal of it is also text, plus big chunks of audio - and various other formats. For example El Reg. There are pictures and video all over this site, but apart from an odd video podcast, none of it is vital to the articles, so someone could perfectly happily get 99% of the sense of this site by screen reader or braille display.

            Now if we return to the topic of the article, we find that CAPTCHAs are extremely unpopular even for people without visual impairments. Thus a discussion of alternatives seems like a pretty reasonable idea, and while we're doing it, considering the convenience of as many users as possible makes sense.

  10. pierce

    on the site I built most recently (a site for a regional amateur astronomy group), I ask a couple questions that anyone with even a remote knowlege of astronomy and who is local should be able to answer easily. this site has been active a year, I have several 100 registered users and.... NOT A SINGLE SPAM.

    on a forum site I built that uses a conventional captcha (because its engine doesn't have any other options), I'm getting 100 bogus signups per DAY from stupid bots that fill in the same random garbage into various fields.

    since I'm doing both these sites for gratis ('you couldn't pay me enough to do this for a living'), this situtation has remained as is for awhile.

    1. Peter Mount

      I've had the same problem

      When I setup a forum I started almost immediately getting spam, so I briefly added a captcha. I then got some of my users complaining that they couldn't use them for these reasons, so I removed it.

      In the end the spam outweighed the number of comments so as it's UK based I ended up using GeoIP restricting it to UK only IP's.

      Although the free GeoIP database is not accurate it's cut the spam down to 0 (every spammer's IP I had traced to India, South Korea or China).

    2. Anonymous Coward
      Anonymous Coward

      on the site I built most recently (a site for a regional amateur astronomy group), I ask a couple questions that anyone with even a remote knowlege of astronomy and who is local should be able to answer easily

      I've seen this on a couple of fairly niche forums that I'm subscribed to, and it works well. The only way around it for the spammer is to use low paid folk to subscribe by Googling the answers. For something with a limited subscriber list, this probably isn't worth their while.

    3. Cucumber C Face
      Facepalm

      Form radio buttons - I am a spammer=default

      If one is looking to reduce post spam - a radio/options array on the HTML form with 'I am a human being' not the default option foxes 99.9% of the script kiddies.

      If the bot can get through that and/or there's anything more precious you're protecting - captcha's probably aren't going to buy you much more.

      1. Robert Helpmann??
        Childcatcher

        Re: Form radio buttons - I am a spammer=default

        I have seen this used on a number of sites. I suspect that this method will not hold up very well if it becomes more widespread. Given four choices, a bot that chooses randomly will get through 25% of the time, which will add up pretty fast stacked up against an automated attack. Perhaps if used in conjunction with another method, this might have some value.

  11. Amorous Cowherder
    Pint

    I have pretty much 20/20 vision and love logic puzzles but I've lost count of the number times I've failed these bloody things, I think it took me 7 attempts to sign up for a Skryim game news site, in the end I gave up as each one seemed harder to decipher than the last. You need a degree ciphers and cryptography to work out some of these CPATCHAs!

  12. Richard 81

    I've seen "what colour is the text?"*, or "what is this a picture of?". Ridiculously easy for a human. Not impossible for a computer, but difficult if you change the image and wording of the question each time.

    *That one might catch a colour-blind person, of course.

    1. dogged
      Holmes

      *That one might catch a colour-blind person, of course.

      Tell me about it.

    2. Richard 12 Silver badge
      Joke

      What colour?

      Is it Mauve? Puce?

      Which puce? French, English, American or Pantone?

      I reckon it's Surprise Peach! (The surprise is that it's not a peach)

    3. I ain't Spartacus Gold badge

      I've seen "what colour is the text?"*, or "what is this a picture of?". Ridiculously easy for a human.

      Richard 81,

      CAPTCHAs are already pretty easy for a human, so long as they can see properly. The whole point of this article was that if you can't see properly, they're ridiculously hard. And the audio versions are even harder.

      Screen-readers tell you what text says, they aren't designed to tell you what colour the background is. Anything they can identify, is going to be equally easy for the spammers to spot.

      Admittedly it might make things easier for someone like me, who has usable vision, but struggles with the text in CAPTCHAs.

  13. BongoJoe
    Unhappy

    Once upon a time the images used were scans from old books and docuemnts which were unresolved and then used the community to decipher them.

    I didn't mind them as they were a form of community service and helped us get archived documents onto the internet. Plus they seemed easier to read than Captcha.

    But these no longer seem to be in use which is a shame and the images they use seem to be impossible most of the time. I simply don't use sites which have them.

    1. dan1980

      Those tests aren't in use anymore because OCR is a very mature technology. (Except when I need it to work, apparently.)

      That's why these CAPTCHAs obscure the text so eye-buggeringly much.

      The thing is, though, that these types of decypher-the-text tests are not the only form of CAPTCHAs. It is the type used in Google's implementation and therefore quite popular, but most of the alternatives given here - like equations, questions, logic puzzles, etc... - are also deemed 'CAPTCHAs'.

      The problem with many of the alternative CAPTCHAs is that they are not as strong as the obscured text variety. It's true that on a small site, implementing a simple question-answer database or math problem may well work better but the question is what would happen if all the sites currently using obscured-text tests switched to maths problems or trivia questions? Once there are enough sites using such tests, it becomes viable for spammers to devote resources to defeat them. And defeat them they will.

      This is the dilemma and it's why there isn't a better solution yet. Some options may work for individual sites but as a standard that can be used widely, this is it at the moment.

      Of course, that's without even considering that a move to test cognitive faculties over eyesight would in turn affect another subset of users, such as those with learning disabilities.

      1. I ain't Spartacus Gold badge
        Happy

        How's about just asking the question, "are you a spamming bastard?" I'm sure they wouldn't lie, because that would be naughty. After all, it works on visa forms, where they ask if you were a member of the Nazi party...

        1. dan1980

          Ha.

          As always, it's a question of who has something to gain or lose.

          http://xkcd.com/970/

          Dan.

    2. Havin_it
      Trollface

      @BongoJoe

      >Once upon a time the images used were scans from old books and docuemnts which were unresolved and then used the community to decipher them.

      reCAPTCHA are still doing this. Recent testing shows that the squiggled/warped word is the actual test, and you can put whatever you like for the blurred word.

      What you charitably call "using the community" I call "cynically exploiting a huge and unwitting free labour pool", but this is personal inclination I suppose. My own is to make a point of getting that part wrong as humorously (or just profanely, more often than not) as possible.

      Also I assume the spammers must also be aware of this, so half of what's on screen is bugger-all use in combating them anyway.

      I do notice that on some sites the word that you're teaching them has been replaced by photographs of house numbers. As this is presumably reCAPTCHA's Choccy Factory overlords crowdsourcing enhancement of their Street View data, I now take even greater delight in utterly mangling my answers to these ones.

      Ethics footnote: Yes, I'm probably a bit of a dick for doing this when the fruits of said exploitation are generally given back to the world for free (ads notwithstanding), but the secrecy (or keeping it pretty quiet, at any rate) about what they're up to left a bad taste. I like to at least KNOW when I'm being exploited, and it's also a form of security by obscurity, which I know how most folk round these parts feel about! (And of course it's Google, who really do bring out the juvenile troll in me.)

      1. Quando
        FAIL

        Re: @BongoJoe

        They kept is so quiet el Reg did an article on it:

        http://www.theregister.co.uk/2012/04/04/google_recaptcha_street_view/

        1. Havin_it
          Black Helicopters

          Re: @BongoJoe

          Ooooookay, I'll bite.

          The Reg did an article about it thanks to "Reg reader Jim Allen" (says TFlinkedA). It's because of this rag's rather specialised readership that it can cover stories that otherwise it, or any well-read news outlets for that matter, probably wouldn't know (or, more often I suspect, care) about. El Reg found out about it != Google voluntarily announced it.

          And if you don't agree on that last point, here's how much the News had to say about it. By my count, one unrelated article and one that's not in English. Not exactly shouting it from the rooftops, were they?

          They can commission a bloody comic and get every known news outlet braying about it when they bring out a browser, but this one (which many would still consider altruistic enough to be acceptable as long as Google Maps remains free, I reckon) they for some reason can't cobble together as much as a 50-word press release?

          (Sidenote: I used Google News because it's the only news search engine I know of at this moment. If you know others, it would be both interesting and pertinent to see what results they give.)

          You need to understand that what's occurring here is they know they are big enough now to have irrational and destructive detractors (uh, like me I guess) so they are very careful about what activities they go out of their way to publicise. I'm not suggesting the Black Helicopter squad were at work, just normal PR behaviour: don't start trumpeting any news that some vocal people will find questionable. But by all means, carry on with your point-scoring if it makes you feel better.

  14. wowfood

    Can't stand Captchas. I'm registered partially sighted, but on a bad day that can easily lower my vision to the levels of legally blind. (I have nystagmus, my visual ability varies greatly based on stress or how tired I am.)

    I can agree whole heartedly that Captchas suck monkey nuts. I've seen a few very good alternatives to Captcha which work rather well. Here's a few of them just to give options.

    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

    4+7

    Complete the sum. (or the rarer, reverse the symbol and complete the sum)

    DELETE THIS MESSAGE!

    (delete everything in the box)

    Are you a bot? ( yes / no )

    Get out of check. (a chess board where you're in check and only one move will get you out. A bit of a pain for those who aren't too bright... Therefore it should be used everywhere on the internet)

    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

    Those are just a few, I'd disagree that the email activation link is a good way of authentication, too easy to make a bot that'll activate the email.

    1. This post has been deleted by its author

    2. tomban
      Terminator

      Users have problems entering first name, last name and email address, and you want them to do that?

    3. dan1980

      "A bit of a pain for those who aren't too bright... Therefore it should be used everywhere on the internet"

      That made me chuckle a bit but seriously, if we're talking about not discriminating against people with disabilities, we have to accept that people with cognitive disabilities are just as vulnerable (if not more so) to discrimination as those with visual impairment.

      1. wowfood

        True as that may be. I think people who have genuine mental problems are still probably brighter than a lot of people you see online. At least if they get stuck they're smart enough to grab a calculator.

        1. Rukario
          Joke

          Following on from John Walker's <a href="http://www.fourmilab.ch/webtools/feedbackform/?Feedback Form</a>, I think it would be a good idea to replace the CAPTCHA with a quadratic Diophantine equation to solve.

    4. I ain't Spartacus Gold badge
      Happy

      wowfood,

      Don't know if you've got any other condition, besides nystagmus. But I recommend alcohol. I did try to get my doctor to prescribe it last time I visited...

      It's a side-effect of my eye condition, not the main problem. But I can see better after one glass of life-giving booze than before, as it's a muscle relaxant. Of course after ten...

      The problem with most of those puzzles is that they're machine-solvable. So if they go into common use, the spam bots will simply be re-programmed to defeat them. I was trying to think of some way of working with jokes, but everything I can think of requires a database of questions for the CAPTCHA, at which point the spamming bastards just need to replicate (or steal) it and they're good to go.

      1. wowfood

        Actually I have noticed alcohol makes a mile improvement before. Especially when playing pool. Start off okay, first couple pints my game improves amazingly. Then it gets worse, and then I can't get teh pool queue on my hand.

        I have noticed there's a tipping point however, between my eyes slowing down, and my brain failing to compensate any more.

        And yeah, nystagmus isn't the only problem. Occular Albenism, comes with all the bells and whistles, Myopia, photophobia, nystagmus, I'm always convinced there's a fourth one, but can never remember what it is.

  15. WibbleMe

    As the author of many websites I have to say that Capatch does not work all the time, normally because of very cheap labor. I would suggest to anyone looking for a solution that to trap normal spam bots hidden input boxes work nicely and combined with a layer of bot protection from a cloud service such as Coudflare you only have to worry about Humans inputting

    Cant we have simpler verifications setup by the sites user such as "what color is the sun" or a more regional question for local websites such as "how may stars are in the American flag?" , "what state is this store in?" things that would take time for a Human spammer to solve.

    1. wowfood

      You can't ask them what colour the sun is. You'd be taken to court after one dumb user blinds himself.

      1. Bilby

        It is a bad choice of question anyway; most people incorrectly believe the answer is 'Yellow'; but in fact the sun is white. Indeed, the sun defines white. This is easy to test; take a white piece of paper and shine a coloured light on it, and it appears to be the colour of the light you exposed it to. Now, take it out into the sunshine. What colour does it look?

        1. Charles 9 Silver badge

          White with a touch of yellow in it. While the light from the sun trends yellow, our atmosphere tends to deflect longer wavelengths of light (thus why we see a blue sky: shorter wavelengths are passing through). Trouble is that it's such a high intensity that we're kind of experiencing a sensory overload. Plus there are a ton of other factors that can affect the outcome, such as whether or not the paper is truly white, is the image being seen through something like a camera, etc.

          The sun doesn't define white; our eyes do, through the distinct range of electromagnetic frequencies they are able to perceive. White for us is an even spread of EM radiation, of at least moderate intensity, throughout the visible light segment of the spectrum. We can define it that way by means of something like a spectrophotometer, which can measure the levels of light throughout the spectrum, regard of how our eyes perceive it.

  16. Paul_Murphy

    Other ideas

    Let anyone onto a forum, but if more than n number of current forum members mark a users post as spam their account is locked and their posts deleted.

    Send an SMS message? gets to be expensive but if there is a service where the reciever pays rather than the sender then any spammer will end up broke.

    Forums have a voting system for other forum users to score a user - any unworthy poster gets blocked.

    err - magic?

    1. Anonymous Coward
      Anonymous Coward

      Re: Other ideas

      Send an SMS message? gets to be expensive but if there is a service where the reciever pays rather than the sender then any spammer will end up broke.

      Would work if everyone paid to receive an SMS like they do in the US, but in Europe at least it's the sender who pays.

    2. Anonymous Coward
      Anonymous Coward

      Re: Other ideas

      If you have to vote a user to mark them as spam then this is only good for regular trolls. Spammers aim to get a flash of a few messages across different boards and would expect to be blocked very quickly. That's why they register lots of accounts or come back again and again with different accounts.

      SMS, so now you can only use the site when you also have a mobile signal? Can't see any issues with that ...

    3. dogged

      Re: Other ideas

      "Send an SMS message" would be setting yourself up to get pantsed via premium rate numbers.

  17. Anonymous Coward
    Anonymous Coward

    More websites requiring your email then...

    1. Intractable Potsherd Silver badge

      That was my first thought. Not a bright idea ...

      As partially disabled myself, I should have more sympathy with the campaigners, but I don't. Stop trying to bring the whole world down to the level of the least able, FFS!

  18. dan1980

    Not just registering

    I am all for the removal of those things but what about all the places they are used where people are NOT registering for anything? Things like payment forms, commenting forms, etc...

    Thankfully not all sites on the Internet requires users to register to use them but many of these still use CAPTCHAs to prevent spam.

  19. Anonymous Coward
    Anonymous Coward

    Slow down

    Many captcha protected response forms offer voice spoken captcha for those with vision issues.

    1. I ain't Spartacus Gold badge

      Re: Slow down

      They are truly rubbish. There's obscuring noise, otherwise the bots would just use speech recognition, which is nearly as good as OCR nowadays.

      I can barely read visual CAPTCHAs but the voice ones are worse. And I've got above-average hearing, and experience mixing live music, so I was quite surprised by that.

      1. Anonymous Coward
        Anonymous Coward

        'so I was quite surprised by that.'

        Dead on. Even giant players like Google's don't work!

  20. Anonymous Coward
    Anonymous Coward

    I'm all for choice...

    Always have trouble with Audio Captchas i.e. Google. They never work for me and always sound scrambled. Yes, email activation can work but its not the best option as not all Captchas do require or should require email addresses. Plus, as stated Bots can activate links... So what are the alternatives.. Here's 3 quick suggestions I've seen sites use :-

    A: Simple Math 14*4 = ?...

    B: A general Knowledge question about a popular song, film, sports star or news story...

    C. A question that utilizes simple shapes or colors to quiz for a human 'user'...

    1. Nick Ryan Silver badge

      Re: I'm all for choice...

      These are standard alternatives, however do have problems:

      * Math's questions can be bot-automated. It only takes a simple parser and they'll have the answer

      * General knowledge questions are very region and language specific. Want to have an international website? Then forget it.

      * Shapes and colours don't work for the visually impaired or just the colour blind.

      I wish I could think of a proper solution to the captcha problem but, the best solutions will be multi-layered and will need to adapt regularly in a kind of "arms race" with the spam bot engines... very much like viruses and anti-virus software. That's not a fun prospect.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm all for choice...

        Sorry I didn't make explain better. What I'd like to see is a menu of captcha choices offered to the user instead of just one highly obscured take it or leave it captcha which is a PITA!

        * Math's questions can be bot-automated. It only takes a simple parser...

        Not so, you still have to pass them through an OCR phase. There are math puzzles that do a good job of overlaying puzzles onto detailed color photographs. That's not easy to OCR, especially if you use people to make up the numerals in the puzzle and there are foreground and background objects in-between.

        * General knowledge questions are very region and language specific

        Fair Point! But there are already a number of alphabets on the planet with widely varying character sets, Japanese, Chinese, Cyrillic, Arabic etc. So an international site won't be able to prosper with a one size fits all captcha approach anyway, there's no escaping that!

        * Shapes and colours don't work for the visually impaired or just the colour blind.

        I have no better solution than Audio. What I can't understand is why Google's Audio captcha doesn't work based on personal experience and complaints from the community mentioned in the article...

        1. Charles 9 Silver badge

          Re: I'm all for choice...

          "I have no better solution than Audio. What I can't understand is why Google's Audio captcha doesn't work based on personal experience and complaints from the community mentioned in the article..."

          Because Google ALSO keeps a voice recognition system. Modern Android phones can use it in their searches. They probably first tune the system so that their voice recognizer balks at it and go from there.

        2. This post has been deleted by its author

    2. Wize

      Re: I'm all for choice...

      No one has mentioned KittenAuth yet

      http://www.theregister.co.uk/2006/04/12/kittenauth/

      Need an audio equivalent for the blind/partially sighted.

      1. Anonymous Coward
        Anonymous Coward

        Re: I'm all for choice...

        Upvoted for good example, but I followed the link and there were no working samples I could see.

      2. Anonymous Coward
        Anonymous Coward

        Re: I'm all for choice...

        "KittenAuth - Need an audio equivalent for the blind/partially sighted."

        It should be easy to add and identify animal sounds, even kids can do it! But I can still see some thug spammer building a neural net to get through...

        P.S. Reg staff. The indenting on this new look Reg website isnt working IMHO...

    3. dan1980

      Re: I'm all for choice...

      The problem with these alternatives is that B & C really must be implemented with a static database.

      That kind of things works at the small scale and can result in less spam than implementing something like ReCAPTCHA. But it ONLY works at the small scale. Imagine such a system replacing EVERY use of ReCAPTCHA through every website. Again, it is easily defeated by mass labour - having people record all the question-answer pairs. Indeed it's easier because there is very little on-going work - just keep the lookup tables up-to-date and most challenges can be passed with a simple DB query.

      We could of course obscure the challenge but then we'd be back where we started.

      Option A is slightly better as you can generate the challenges automatically, without requiring a pre-populated database. But then, this is no different to the existing ReCAPTCHA solution: a block of text must be read, understood and then answered. Mathematical problems give no no more trouble to bots than do the text recognition so again you have to obscure the text (equation) for it to work.

      The strength of ReCAPTCHA comes from the strength of the underlying algorithm, which is made public to ensure it is as good as possible. The other options, save possibly the equation, rely on hiding the question-answer lists. Real security and strength comes when you actually EXPOSE your code to the world and it STILL works.

      So while ReCAPTCHA is not be a perfect solution, it is an amazing achievement and allows webmasters the world over to add some exceptionally effective (all things taken into account) anti-spam technology to their site without much effort.

      Alternative challenges are certainly worthwhile and your users will thank you if implement a solution that cuts down on spam without requiring users to click refresh 20 times, but know that the more people that implement a similar system of question/answer (whatever the subject matter), the more insecure your own, similar solution will be.

      Dan.

  21. This post has been deleted by its author

  22. dougal83

    http://areyouahuman.com/ = better than capcha!

    1. Otto von Humpenstumpf

      Very nice, I like it a lot. Doesn't look like they've got an accessible alternative though. :(

    2. Intractable Potsherd Silver badge

      "better than capcha!" Not from the point of view of the complainers, I'm afraid. It is still highly visual, and, on the demo I just took, it adds movement to the problem of very small graphics. There is no way I can see to make an audio version, for instance. And the amount of permissions I had to give to enable it to work was scary,

      Personally, I find it worse than Capcha, but then I only rarely (perhaps only twice in the last 5 years) have any problems with the wobbly-text ones.

      1. I ain't Spartacus Gold badge

        If you click on the wheelchair symbol, you get an audio CAPTCHA. I've no idea what it said, or whether they were even numbers of letters. The sound was so distorted I didn't even know when it started or finished.

        The visual game was good. For most people, but then most people can already do CAPTCHAs. However it added some relatively fine motor-control to being very hard to see, so added a few more people with disabilities into the mix of people who won't be able to make it work. Back to the drawing-board I'm afraid. Next time, hopefully with less scripts and crap required to run it?

        Plus, I might like the taste of a remote control on my sundae? Or hate cherries?

    3. dougal83
      FAIL

      Omg just tried the wheelchair option... I take it back! Well it's easier for me to use the graphics on areyouhuman. Basically the solution is to hunt down and torture spammers and the world will be a better place!

  23. thosrtanner

    There's a lot of alternatives to capcha which require a small amount of intelligence on the part of the user. One of the better ones I came across (for a maths enthusiast group) required you to solve a rather complex piece of maths. Solution for the non-mathematically literate was to paste it into Wolfram Alpha and paste the result back.

    That sort of thing is more-or-less soluble for spammers who use the low paid of course, but using domain-specific knowledge for your group seems quite an acceptable way of keeping away spammers and trolls.

  24. JDX Gold badge

    SMS?

    Several banks use this - send you a text message with a code you have to enter to confirm the operation. Similar to the email version really but presumably a little more secure? Although whether SMS is accessible to the disabled, I have no idea.

    1. dajames Silver badge
      Facepalm

      Re: SMS?

      SMS is good as a secondary authntication path for confirming the identity of a known user. The SMS is sent to a number that the site server already knows, so there's little opportunity to spoof the result. (Though there are some possible attacks, such as phone malware that automatically confirms without the user's intervention)

      This is a different problem from the one that captchas are suppose to solve: determining whether the entity trying to gain access to a site is a human or a bot. Captchas are difficult for bots to complete for the same reason that they are difficult for humans (but, ideally, less so). Responding to an SMS can easily be automated, so doesn't solve the problem.

      The use of SMS would not be universally acceptable as it would also require every user to have an SMS-capable phone, and to be prepared to disclose its number.

  25. Anonymous Coward
    Anonymous Coward

    Javascript

    I often use javascript to capture the submit on a form and change the target address on submit. If a bot just submits ignoring the javascript it won't process the form.

    Crude? Yes, but used it on loads of websites and found it very effective - I'm sure there are many bots that could defeat it, especially if targeted directly, but in general very effective.

    For the Javascript haters? We see a greater return using this method than we had people dropping out from the difficulties of using captchas.

    1. knottedhandkerchief

      Re: Javascript

      Does it work with screen-readers for the blind?

      1. Anonymous Coward
        Anonymous Coward

        Re: Javascript

        Yes, I believe it does. It only uses simple javascript to create the facility, and as far as I know most (all?) screen readers do support at least basic javascript. There's no hidden form fields to be revealed or unrevealed.

        Quick google returns this:

        http://a11yproject.com/posts/myth-screen-readers-dont-use-javascript/

  26. knottedhandkerchief

    Honeypots

    Anyone used honeypots, and do they work with screen readers?

    A honeypot is a form field that is hidden by CSS or JavaScript. If a bot fills it in, it's dead. Suitable for small sites, not where expecting dedicated, customised attacks. Nothing extra for humans to fill.

    1. Tom 7 Silver badge

      Re: Honeypots

      If you can find the field using javascript you can find the state of the field and extract the css info on it so you can find out if a field is hidden or very faint or on a similar background without too much difficulty.

      As with most things on the web its a constantly changing attack vectors and inaccurate defences.

      1. Charles 9 Silver badge

        Re: Honeypots

        How about a field that's visible but covered up by another element, say an identical real form that's misidentified in the source?

  27. Fihart

    Passwords and Security gone MAD !!

    The other day I was trying to link my phone to laptop and was faced with entering a seven digit pairing code on a tiny keyboard within seconds, assuming I'd clicked okay on the phone first (which I failed to do the first time so ran out of time).

    Goddammit, I'm in my own home with little possibility that my neighbours will also be Bluetoothing with their phones pressed against the party-wall hoping to hack into my boring files.

    I've given up networking computers with different versions of Windows because they seem to have been deliberately hampered by each evolution of the OS in order to force you to upgrade every machine.

    CAPTCHA is less annoying for me (as an able bodied person) but much of this security malarky is to do with product liability concerns rather than any real-world necessity.

    When security sabotages what one is legitimately trying to do, it has gone too far. Would you shop at a place which regularly searched your bags ? In many circumstances an option which said "Thank you for your concern for my security but I'll pass on this occasion" would not compromise security a jot..

    1. I ain't Spartacus Gold badge

      Re: Passwords and Security gone MAD !!

      I don't think you understand the problem that CAPTCHA is trying to solve. Which is spammers spamming legitimate forums to buggery.

      I'm on a forum run by my favourite science fiction author, with probably 50 regular posters, and I'm sure many more lurkers/occasional posters like me. She had 100 bots apply for accounts in one weekend this month. She doesn't use CAPTCHAs. That's an absolute load of work for a forum admin on a small forum to get through, and I don't want her nixing bots, I want her to hurry up and write more books.

      1. Fihart

        Re: Passwords and Security gone MAD !! @ I ain't Spartacus

        I've done a turn as a Mod on Tom's Guide forum and spam postings were a problem, but many ordinary members took pleasure in reporting it, so it was just a routine chore deleting nonsense ads for fake trainers etc. I suspect the volume of crap has increased since.

        My complaint is more about completely irrelevant security measures which sabotage one's efforts even when working on a home network.

  28. RonWheeler

    Which two are the lions?

    Images on the screen - 18 domestic moggies and two lions. You have to click on the lions to be a valid human.

    Hard for computers, easy for humans.

    Do it twice and still quicker and easier than sodding captchas.

    1. I ain't Spartacus Gold badge

      Re: Which two are the lions?

      The article is about people with visual/hearing impairments struggling to deal with CAPTCHAs? If your screen-reading software can tell a lion from a cat, so can the bot.

      1. Roland6 Silver badge

        Re: Which two are the lions? I ain't Spartacus

        >If your screen-reading software can tell a lion from a cat, so can the bot.

        This really gets to the heart of the problem, most 'security', where the website doesn't know anything about the user, does rely on the user being able to clearly see/hear the CAPTCHA or similar and so successfully navigate the human-bot trap.

        The fundamental reason why image and audio based security mechanisms such as CAPTCHA are favoured is because these represent hard knowledge-based AI problems for computers to solve and hence make it very difficult to create programs capable of solving them and that's before we begin to worry about the processing demands of such programs.

        In some respects a person who has problems with CAPTCHA's probably needs a trusted man-in-the-middle who can satisfy the CAPTCHA test as and when needed...

  29. Anonymous Coward
    Anonymous Coward

    We can't win, captchas...

    Must be VERY easy, say grade 4 level education.

    Must be accessible to AA standards

    Must be secure to protect our data

    Must work seemlessly on all major browsers

    Must be responsive for mobiles

    Must be REALLY REALLY easy.....

    1. RonWheeler

      Re: We can't win, captchas...

      ..but CAPTCHAs are not easy.

  30. Player One

    A tip for solving them

    I hate captcha puzzles but find if i zoom in with ctrl and + and then out with ctrl and 0, the process is much easier. This is using firefox, i have no idea what the hotkeys are for other browsers.

  31. Jamie Kitson

    My Campaign

    Ever since I realised that people were using CAPTCHAs to digitise books I have been adding swear words instead of the word from the book. It's quite easy to tell, one word will be a real English word, unscrambled, that word you can substitute for some witty replacement, the other word, usually a random series of letters/numbers scrambled, you have to enter properly.

  32. This post has been deleted by a moderator

    1. Anonymous Coward
      Anonymous Coward

      a joke?

      Some claver AC subtly pointing out that the Reg has no captcha..? Or did this slip in for real?

      1. I ain't Spartacus Gold badge

        Re: a joke?

        El Reg mod all new posters for a certain number of posts, before allowing them real-time posting. So either some spammer is patient, or a moderator just hit the wrong button...

        Weirdly their report post button seems to have disappeared.

      2. diodesign Silver badge

        Re: a joke?

        Oh, hm. Was that a joke? Erp. It looked like spam. Oops O:)

        C.

        1. I ain't Spartacus Gold badge

          Re: a joke?

          I don't think it was. The post about it being a joke may have been a joke though...

          The sure way to check would be to follow the link, but I hate those link shortening services that won't let you see where you're going until you've got there - it's too late, and the drive-by exploit is taking over your 'pooter. So I don't click on them. Looked pretty spammy though.

          1. lemmac
            FAIL

            Re: a joke?

            it was a joke, either not funny enough or i didn't make enough grammatical errors to make it obvious, but a joke all the same...

            1. I ain't Spartacus Gold badge
              FAIL

              Re: a joke?

              Oops! Sorry!

              Still hate link-shorteners though... And too paranoid to click on them.

  33. caffeine addict

    Why listen to a group this clueless...?

    Take a look at the ACCAN website - they've managed to hide their "Contact Us" in plain sight.

    http://accan.org.au/index.php/about/contact

    When you find it, they've obscured the email addresses for human visitors (badly, using the cunning trick of replacing @ signs with (at) ) but left the addresses machine readable in the source - so it's deliberately harder for humans than computers.

  34. Irongut Silver badge

    Proud to be non-human!

    CAPTCHAs don't recognise me as a human either but I don't have much problem with that when I look at the dregs of humanity that surround me. A better solution is required but email verification links are not the answer, writing a bot to monitor the email address and follow any links is trivial.

  35. Mainframeguy

    Akismet works for me

    I get zero spam using this system to block, and it means you can completely sidestep the need for Captcha or any other authentication.

    http://akismet.com/

    1. Anonymous Coward
      Anonymous Coward

      Re: Akismet works for me

      OK, but a little detail on how Akismet works would be nice, as I found their front page had little useful information...

      1. gazthejourno (Written by Reg staff)

        Re: Re: Akismet works for me

        The Wordpress plugin is excellent at reducing comment spam. You install the plugin and register with Akismet for an API key. And that's it. The plugin automatically screens comments and only lets through genuine ones. I had it on my old news website (around 7-10k uniques per month, not huge but had a decent commenter community) and I never had any instances of genuine comments going astray.

  36. nutsontheroad

    how about using micropayments? 20p to comment on my blog, spammers welcome.

    1. Charles 9 Silver badge

      Until they start spamming again using stolen bank/credit account details.

  37. John Bryan

    Trying to sum up... and suggestion

    Much of the below has been said here and there but a few points to start:-

    1: The root cause is NOT Captcha, it is the nature of humanity that is the problem. If we were not a species of "nest foulers", defecating on the very things that we try to construct for ourselves, then in most cases we would not need any such protection as Captcha tries to provide. Nobody wants Captcha to need to exist.

    2: Captcha is not necessarily unfit, as a general concept, it is the implementation that has short-comings. Most of the alternatives suggested have been Captchas in concept, just with different tests.

    3: Email verification is NOT an adequate solution by itself, for many reasons mentioned already. It is an excellent 2nd or 3rd line of defence during initial registration.

    4: Whilst some sites can be overly paranoid with putting a visitor through repeated Captchas there are good reasons for Captchas after logon E.g. defending against visitors that unknowingly having bots (viruses) that use un-closed sessions when there has been no user activity for a while. Also defends against cheap human labour registering and/or logging in and then running an automated system.

    5: There is no single solution that will suit all, as the various suggestions have shown. All of them will fail if a visitor is not 80%+ able at least one of sight, sound, mental abilities, memory, dexterity etc.

    On a sites I maintain, using off-the-free-shelf plug-ins, they usually ask random Captcha test type from a range of installed ones including some along the lines already mentioned and usually requiring a small degree of human logic (depending on the nature of the expected site visitor). That is not perfect but does address some of the perhaps less thought through objections.

    SUGGESTION

    Taking that Captcha, or an equivalent gate-keeper needs to exist. And that the gate-keeper needs to cope with the abilities and limitations of any visitor...

    - When a user registers they select the types of Captcha tests they wish to avoid e.g. (_) Visual, (_) Colour, (_) Audio, (_) Literary, (_) Mathematical, (_) Intellectual

    - Captcha mechanism to operate from a pool tests that are classified by the above styles so that excluded types are not displayed for that user. If you are impaired in sight or vision then you will be given tests that avoid your specific limitation(s).

    - As new or updated tests are released in to that pool the site will make uses of them i.e. the site, and visitor's profile, are NOT configured to use any specific Captcha test.

    - In addition general quality of Captcha tests need improving, use of standards, review process etc. for new added tests.

    This would need to be a free community system available as plug-ins for all major website systems such as Joomla, Drupal etc.

    1. Brian Miller

      Re: Trying to sum up... and suggestion

      There's a gap between weeding out bots and weeding out spammers. I'm on a forum which has CAPTCHAs on user registration, and posting for the first 50 or so posts. The new user registration also includes email verification. This has been effective at removing bots, but has been completely ineffective at removing human spammers.

      Here's a way to remove bots: have an image map with a randomly mapped areas with random names. The user can click on the appropriate spot, but the bot will be confused. For audio, ask the user to differentiate between different sounds.

      But if someone wants to stop *spam*, then you just have to wait until the bot or person actually posts something.

  38. sena.akada

    FUCK CAPTCHAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  39. Anonymous Coward
    Anonymous Coward

    I work in online marketing/web dev. Here's how I see it.

    - CAPTCHA's are a massive pain in the 'aris for anyone who has to fill them in.

    - The number of man hours wasted on them is a disgrace.

    - They *do* work, filtering out older spamming programs and those unable to automate

    - There are captcha solvers "as a service" that cost next to nothing

    - At the very least, CAPTCHA's slow the rate of spam.

    Hashcash is actually an interesting concept that I think would be more effective at limiting spam.

    Rather than eating up man hours though, it'll eat up CPU cycles and power.

  40. Anonymous Coward
    Anonymous Coward

    I've been using the Honeypot method on my sites for a while. Works a treat, without any impact to the end user.

  41. Dave Bell

    I am seeing CAPTCHAs which are being used to run an advertising video before any test text is presented.

    That doesn't change the bad points of the test. But it does substantially increase the annoyance.

  42. kain preacher

    CAPTCHA hell.

    I've had captacha ask me to enter H20 in sub script, put the word upside down and backwards and foreign letters. stuff like ᴐᴑᴐᴑᴐ ᶥᶭ ᶥΦ. How is the average person type that in ?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022