Campaign To Kill CAPTCHA Kicks Off 558
Bismillah writes "CAPTCHA may be popular with webmasters and others running different sites, but it's a source of annoyance to blind and partially sighted people — and dyslexic people and older ones — who often end up being locked out of important websites as they can't read wonky, obfuscated letters any more than spambots can. A campaign in Australia has started to rid sites of CAPTCHA to improve accessibility for everyone."
This is a very hard problem (Score:4, Insightful)
Its going to be far harder to make an AI that can create a decent logic puzzle as well as make it accessible and hard for computers to solve than it it to make an image and warp it a bit. I think any such puzzle will probably be worse than the audio captcha button.
Re:stupid (Score:5, Insightful)
Yes it is stupid. I understand that spam is a problem, but if you run a website, it's *YOUR* problem. CAPTCHAs make it *MY* problem and that's just stupid.
Re:stupid (Score:4, Insightful)
Re:stupid (Score:5, Insightful)
I understand that spam is a problem, but if you run a website, it's *YOUR* problem. CAPTCHAs make it *MY* problem and that's just stupid.
If the website you use is overrun by spam to the point of being unusable, then it's your problem as well.
Re:stupid (Score:5, Insightful)
As someone that runs a website, without CAPTCHAs I'd be fucked.
There are bots that can automatically register on a site, then check the email account for the activation link, in order to start spamming, so that's not a solution.
The newer 'flash games' e.g. 'out of 5 objects, put the drinks in the cooler' are an interesting solution, but that probably still won't work for people with accessibility issues.
Moderation can work on sites like slashdot, but on lower traffic sites not so much, and the signal to noise ratio will be awful.
If Australia pass this and actually clamp down on 'offenders' it will do more harm than good as the only recourse webmasters will have is to not allow people to register/interact with the site as the cost of cleaning up spam will be too high.
Re:sounds like a wetware problem (Score:3, Insightful)
there isnt a single thing that everyone will like or approve of.
let's say you change it do you have to answer a simple addition math problem. what you get is someone crying, "i have to answer 5+8?! but i dunno maths you insensitive clod!"
you know that person really exists.
Yes they do. The solution is that they learn simple math so they're a fully functioning member of society. I suggest an intensive period of schooling - say 11-13 years. Oh wait...
Who are you going to cater for next? The guy that can't read the damn form. "But I'm illiterate you insensitive clod"? It's not a question of eliminating all objections, just ones that actually stump your audience. Capture is the worst of the worst. You can have a PhD. and get it wrong a substantial portion of the time.
Oblig. XKCD (Score:4, Insightful)
Re:stupid (Score:5, Insightful)
If taking a couple seconds to answer a CAPTCHA is too much effort, I probably don't really care what you have to say in the comment section.
Or a couple of minutes considering most capchas are illegible.
Re:This is a very hard problem (Score:5, Insightful)
For every task that a computer is unable to handle, there exists a reasonably well-functioning human who cannot do it either.
Re:This is a very hard problem (Score:3, Insightful)
Re:This is a very hard problem (Score:5, Insightful)
It's quite likely that some forums may prefer only letting in people capable of understanding logic, and there aren't any laws against discriminating against those people.
Perhaps, but if you're trying to monetize the site you're running you'd be a fool to do something that prevents a good 80-90% of people from accessing it.
Re:How else do I protect my forms (Score:5, Insightful)
Add some fields which start out as regular text fields but then hide them with Javascript. You can give them labels or default values like "Don't change this" in case someone doesn't have Javascript enabled. Give the real fields in your form random names. For the hidden fields, give them names like "subject" or "comments" or "url" (don't use common names for personal info like "email", "fname" etc that the browser might automatically fill out). When they submit the form, check for values in those hidden fields (either any value at all, or a value different than the default). If they are filled out, reject the form. Hiding the fields with Javascript will work for virtually everyone and it doesn't require real people to do anything extra. This will fail against bots that bother to actually render the page or bots that specifically target your site (which can be remedied if you randomize all field names and store the random names in the session to match them up when the form gets submitted), but those are far less common than bots that just get the HTML and parse it to look for form actions and field names.
Re:stupid (Score:4, Insightful)
I'd be curious about what "technical measures" you are talking about. There are some "universal IDs" that help to filter out some of the spam, but it still can slip through in a way that Captchas help prevent. There is also something philosophically wrong with trusting in some huge 3rd party vendor like Facebook, Microsoft, or Google to be processing authentication on your website, not to mention concerns about the NSA tracking everybody who is logging into your website as well.
Again, I'd be curious about what technical measures you are talking about.
Re:stupid (Score:5, Insightful)
If taking a couple seconds to answer a CAPTCHA is too much effort, I probably don't really care what you have to say in the comment section.
It's not longer just a couple of seconds when one has to hit the reload button a dozen or so times before they get a CAPTCHA that's remotely readable.
And half the sites bit-bucket at least some of the data you've entered just as further punishment. So you have to type that in again.
Show me the captcha before I enter any data please. That alone would confuse half the bots out there. (For a while).
CAPTCHA is dead! Long live CAPTCHA! (Score:5, Insightful)
People seem to forget that the term "CAPTCHA" (Completely Automated Public Turing test to tell Computers and Humans Apart) applies to a much broader set of tests than just those obfuscated text-based things that most of us loathe. Banning CAPTCHAs is a silly notion that would adversely affect every site currently using them, as they become swarmed by spammers. Instead of banning them, they should be asking people to use sane, simple CAPTCHAs.
For instance, on a forum I run for a group in a game, I use a form of CAPTCHA that has people drag words into categories. As an example, if our group name was "Guild X of Y", I might make the categories "Words in our group's name" and "Words not in our group's name", then ask them to categorize the words "Guild", "Elephants", "X", "Tree", "Honor", "Plus", and "Ocean". I have about two dozen sets of categories and words configured, and so far it's had a 100% success rate at stopping spammers from registering. It's also made it easier for people to register, since the number of e-mails and other off-forum messages I've received complaining about the difficulty of the CAPTCHA has dropped to 0 while registrations have actually picked up.
Such a system would obviously not work for Google or someone that large, since a spammer would just train the bot to know all of the answers, but for smaller sites, there are plenty of solutions that work just fine, and I'm sure we can find more systems that are simple for a human but complicated for a computer. No need to make something that's so complicated for a human to solve.
Alternatively, go with xkcd's approach to solving the problem of spam [xkcd.com].
Re:stupid (Score:2, Insightful)
Because we all know computers are terrible at doing arithmetic and solving simple equations
But they are. It's out of context, and it's much harder to make programs that are flexible like that. They're bringing a regular expression to an arithmetic party.
Easier technology to circumvent captcha (Score:5, Insightful)
Re:This is a very hard problem (Score:5, Insightful)
Whatever you use, you need to be able to generate an arbitrary amount of it without significant repetition, without structure that can be automated towards, and with a large "answer space" (number of possible answers) to make the percentage of 'lucky guess' answers extremely low. Oh, and it needs to be easy for humans but difficult for computers.
Generating distorted text is perfect - random characters, random distortions, nothing about the form of the puzzle that can be used as a shortcut to the answer, guessing strings at random is fruitless, and it hits computers right in the vision, where they (used to) suck and we're really good. Unfortunately that gap is narrowing, and humans on the lower end of visual acuity are getting locked out.
Generating an endless stream of simple trivia questions is going to require a significant bank of facts, then you're going to hit the problem that if the generation method is known it can be reversed and used against you (e.g. if the answer aways appears as a word in the question, just guess a randomly chosen word from the question and you get a trivially easy 10% or so success rate). Automating the question generation is almost as hard as automating the answers...
Re:Easier technology to circumvent captcha (Score:4, Insightful)
I have never seen any evidence whatsoever that this actually happens.
It has been suggested many times that it could be done, but not once have I seen anyone point to it actually happening in the wild.
Re:stupid (Score:4, Insightful)
Yes! God yes! I've walked away from a few sites that expected me to re-enter a whack of data because the CAPTCHA borfed. Including some where I had intended to spend money.
It always seemed stunningly obvious that you carry over the form contents in situations like this.
Re:How else do I protect my forms (Score:4, Insightful)
You cannot stop a social problem with a technological measure.
Maybe you can't stop it but you can often reduce it to more manageable levels.