Campaign To Kill CAPTCHA Kicks Off 558
Bismillah writes "CAPTCHA may be popular with webmasters and others running different sites, but it's a source of annoyance to blind and partially sighted people — and dyslexic people and older ones — who often end up being locked out of important websites as they can't read wonky, obfuscated letters any more than spambots can. A campaign in Australia has started to rid sites of CAPTCHA to improve accessibility for everyone."
Re:stupid (Score:3, Informative)
I've never used CAPTCHA'S (Score:5, Informative)
I've been developing websites over 10 years and have never needed a captcha system.
This is how I always go about it:
1) Include a form input element labelled as something common, like a telephone number but on a registration form that would never actually require a telephone number. Hide the parent div using CSS in an external CSS file. When the form is submit, check to see if the element is filled out. If it is, simply display a message that you think their registration may be automated and to try again. If it continues, please contact us by other means (phone, email, etc) and we will help them through it.
2) Time the registration from the time the page is loaded to the time it is submit, if its less than 10 seconds, do the same as above, simply display a message saying you think their registration is automated and to try again, etc.
When used in conjunction I feel I've cut out 99.9999% of spam or false registrations. The timing method has to be done server side and stored in a session, and is fairly involved so not easy to do properly if you are new to web development. There is also the issue of someone hitting the back button to try again after a failed submission (if you don't use client-side validation), and them submitting from a cached page, but can be worked around if you know what you are doing.
Obviously its not bullet proof, and if the CSS file doesn't load then someone would see the extra form element. But its a small price to pay for effective protection.
Anyone else have other methods they use?
Re:stupid (Score:4, Informative)
It is possible to train an algorithm to recognize CAPTCHA, even if the success rate isn't 100%, it is high enough to enable bots to register on websites with CAPTCHA. So, Australia is only pushing people to find out better solutions than CAPTCHA. In short term, a large amount of spammers will rely on optical recognition algorithms to decipher CAPTCHA anyway.
True, but I think the OPs point is those smart bots are not that frequently encountered. We know it can be beat, but in everyday life it is still not common to encounter such bots, and even when you do, you end up blocking 98% of the bots.
As those bots become more common, captcha will become less and less useful. Its a self solving problem that probably doesn't need any help from government, because government will invariably impose something more stupid and useless.
Re:stupid (Score:4, Informative)
i've been using minteye on my site. it's a visual captcha, works pretty well. you move a slider back and forth to unscramble an image.
I never heard of it, and upon googling it, their own website wouldn't couldn't get pass my no-script. So right there, a significant and growing number of customers would be turned away.
But, I wonder of that would remain effective, after all, bots already exist to recognize letters in images. (Those bots existed before captcha). So as soon as Minteye becomes popular it will be bot-stormed.
I've also seen the word games, these are fairly unique as well. But I'm not sure they couldn't be attacked as soon as they become popular. It almost seems that obscurity is the best we have these days.
Re:I've never used CAPTCHA'S (Score:5, Informative)
I've done some custom questions. Something simple, like "what is this forum about?" or "what's the name of the game this forum is for?" Something a person would immediately know, but a bot wouldn't.
Re:stupid (Score:5, Informative)
Minteye was very thoroughly broken.
http://translate.google.com/translate?sl=ru&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fhabrahabr.ru%2Fpost%2F167359%2F&act=url [google.com]
Essentially, the guy realized that jpeg pictures with distortions should have a completely different size than the undistorted picture. But all pictures delivered by minteye were of identical length. He figured they were padding the files with zeros, and he was right. By counting the number of zeros at the end of the file, the local maxima/minima was the correct file. He wrote a few lines of javascript, and it was broke.
Re:stupid (Score:4, Informative)
Facebook Connect is not a "better" idea.
Re:stupid (Score:3, Informative)
While people may hate Captcha, webmasters do as well, until we have something that works at least as good, it stays, along with my other levels of fighting spam. It's imperfect, troublesome, and a hassle at times, but it's still one of the more effective anti-spam systems out.
And no, I will not let you login from Twitter or Facebook or any other junk, that opens up a whole new host of issues.
Re:I've never used CAPTCHA'S (Score:5, Informative)
If you are a high-profile site, the spammers will build rules to handle your specific form edge case.