Comments on: Captchas suck

By: DrLex

DrLex — Thu, 15 Mar 2007 00:31:33 +0000

I also loathe captchas. The captchas on digg are horrible, they look simple yet I fail about 50% of them. We have reached a point where it’s not just hard for bots to post on forums, but also for humans. And I have very good eyes, I can’t even imagine what a horror it must be if your vision is even a little bit impaired.
Captchas also suck because it suffices to write an algorithm to crack one type of captcha, in order to spam all the sites that use that kind of standard captcha.

The best alternative to captchas is a customized protection that’s unique to your site, and that’s easy to modify in case a bot would be programmed to enter the correct answer. On my site I used a very simple trick: a field with a very attractive name in the HTML code, which must be left empty. A mouse trap, in other words. Combined with some other simple tests (like respecting of the maxlength and so on), it works incredibly well.

However, It’s nice to post ideas here, but it’s much nicer to use your own custom thing than try to make one of these ideas a new standard. Making a protection standard is a sure way to kill it.

Anything based on images is both harder to make and hard for people with vision disabilities. Simple text-based things work just as well. For instance, you can just ask “Enter the sixth word in this very sentence.” Or “I have a banana, a ballpoint and a car. Which is the largest?” Once bots can interpret and solve these kind of arbitrary problems, I guess they’ll also try to kill us and take over the world.

By: Devin

Devin — Thu, 11 Jan 2007 19:37:33 +0000

Wow, these are all great solutions. Good to see some creativity.

I try to pronounce them, too, Emma. Klemthreeyouareseven is my favorite.

By: Emma

Emma — Wed, 10 Jan 2007 00:21:41 +0000

I like when it’s “smenita” or “kablammo” or something like that. I find that if I try to pronounce the word during the time-wasting period you mentioned it not only passes the time, but also puts me in a jovial mood when a vowel-less captcha thingy produces comical sound effects. I think that’s the most effective way to solve this problem.

By: Tim

Tim — Tue, 09 Jan 2007 17:50:12 +0000

For one of my sites, a phpBB-powered forum, I painted five fruits and ask the user to pick the cucumber. It stopped all those annoying spam-bots, but I suppose it won’t be long until they start recognising images.

By: Oli

Oli — Tue, 09 Jan 2007 17:15:25 +0000

I’ve done a lot on this over the last year… You may (or may not) have heard of something called KittenAuth… That’s mine. It’s a pretty fresh (well it was when I came up with it) approach to the whole thing and it makes things a lot easier on the user.

In a block: the user picks 3-n pictures that belong to the same group out of a batch of photos. Analysing and comparing a large database is much harder for a computer than it is for a human, especially if you have thousands of images in your source batch.

Come and play with it.

Here are the relevant URLs:
Current project page: http://www.thepcspy.com/kittenauth
Test it (and send me an email): http://www.thepcspy.com/contact

As for releasing it.. *sigh* it keeps getting further and further behind… Mainly because the working version is the ASPNET copy and the PHP one is just an ass to get working with various CMSs… If anyone would like to help I’ll put some determined effort it and get source out to people.

By: zzap

zzap — Sun, 07 Jan 2007 07:33:28 +0000

Hmm; there seems to be many different concepts on how to stop the spambots… but how many actually work is the real question. Dave’s idea was good, though.

By: karmatosed

karmatosed — Sun, 07 Jan 2007 01:06:37 +0000

I hate them and seldom get them right. I was told it was because I was dyslexic but I’m not too sure, a fair non-dyslexic still seem to fail.

By: Devin

Devin — Fri, 05 Jan 2007 16:08:23 +0000

Very clever, Dave. I like that idea…

By: Dave

Dave — Fri, 05 Jan 2007 16:05:08 +0000

Hi,

i’m testing my personal Captcha on one of my site, it’s pretty simple and i had never receive any complain/robots since.

- i made a code that add a random X caracters word (from 4 to 10)
- Paste the word and ask to tell me the X caracter (random too).
- The field is only 1 caracter and is easily tested.

Example:
To validate your post, enter the second letter of the word ’scxrd’

Respondse:
‘c’

By: Devin

Devin — Fri, 05 Jan 2007 04:45:18 +0000

Ralph – you’re saying the action you’re doing has to be described case-sensitively? What’s an example of that?

zzap – Interesting concept. As you mention it still violates the fundamental issue here, a computer could still (easily) get past it by doing that math. I’m sure it definitely does slow them down, though!

I just want someone to make money off the idea and to make it easier for me. ;-)