Who else is sick of difficult word verifications on the web?

[superboyac]

Man, I am so sick of the word verification things on all the web pages, forums, etc.  I understand that it helps with security and everything, but they're annoying as hell.  Especially the ones that are pretty darn difficult to figure out, and then you enter your best guess and it tells you it's wrong and you have to do it again.  Too much work for trying to complete a search on a forum!

[mrainey]

Absolutely sick of them.

[Carol Haynes]

Absolutely.

They also discriminate against people with impaired sight and with the increasing use of colour they affect the colour-blind - which is about 7% of men.

OK, some sites that use them have alternatives for accessibility but most don't and it is getting more common to have unintelligible daubs. It is particularly annoying that they are creeping into generic forums that are widely used - surely developers of popular products should be aware of accessibility issues!

[Perry Mowbray]

They are a pain for sure.

On most Captcha you should have a button to re-render the image, which I'm often using to get one that I can read OK.

Of note on Wikipedia are their Critisms of Captcha:

As systems owners make it more difficult for computers to interpret the characters on the CAPTCHA, many humans also find it hard to read the characters and often get stuck in a 'loop' until they enter the correct letters. This has led to three recommendations:

1) The CAPTCHA should be no longer than 6 characters
2) The letter O and the number 0 should not be required (which causes confusion).
3) CAPTCHA surrounds (pixels added arround the numbers or letters to prevent computers from interpreting the characters) should not resemble letters or part-letters.

[Carol Haynes]

Two other criticisms I have:

• They are always western alphabet/number biased
• They often have mixtures of numbers, upper and lower case characters. When you see, for example, 'l' is it the number one, the lower case L or the upper case i ??? Same goes for 'o' ?

[Perry Mowbray]

It is particularly annoying that they are creeping into generic forums that are widely used - surely developers of popular products should be aware of accessibility issues!

-Carol Haynes (March 16, 2008, 08:46 PM)

The balancing act they are walking is trying to allow as easy commenting as possible but exclude the machine generated spam (which can be huge and can cripple sites).

One alternative is to only open your site/forum to members, but this will rule out the casual commenter, which most people don't want to do.

[Perry Mowbray]

Two other criticisms I have:

• They are always western alphabet/number biased
• They often have mixtures of numbers, upper and lower case characters. When you see, for example, 'l' is it the number one, the lower case L or the upper case i ??? Same goes for 'o' ?

-Carol Haynes (March 16, 2008, 09:01 PM)

Both equally valid. I run b2Evolution as my blogging software and its Captcha implementation includes the ability to define the font and characters used. So, if my blog was mainly for non-western people I could choose a corresponding font.

Choosing the characters means that you could simply have A-Z, or A-Z + a-z, etc. Choosing the font makes a big difference when comparing upper case i and lower case l as well.

I'm not sure how much tweeking can be had with the larger blog sites?

[Renegade]

CAPTCHAS are no longer effective. The technology for cracking them is well known and widely available.

The "low-tech" version of cracking them uses low-paid people in 3rd world countries to do it.

Audio versions are no better. The technology for cracking them is out there.

The largest problem is that the technology for cracking these is often BETTER than actual humans. In order to make it harder for spammers to crack things, CAPTCHAS need to be almost IMPOSSIBLE for YOU to solve.

This has been, and always will be, a game of cat & mouse. Unfortunately, the spammers are the cats.

Sick of it? That's an understatement...

[zridling]

They're so bad I keep hitting refresh until I can finally read one of them. Absolutely annoying.

[f0dder]

Hate 'em.

[KenR]

OMG superboy, me me me me me. I despise the damn things. I wish people had never started using them. On several occasions, I have just given up on whatever I was trying to do.

I can't remember the last time I saw a topic that so made me want to bitch! Congratulations?!

Ken

[superboyac]

I can't remember the last time I saw a topic that so made me want to bitch! Congratulations?!

-KenR (March 17, 2008, 01:12 AM)

Hee hee!!  I bring out the best in people, eh?  I was just having a discussion at work about the art of provoking people.

[mitzevo]

I'm sure they're sick of you too! But hey, I too have some trouble with them every now and then (Captcha's).. And there to make it a better place right? Yeah but there are always haters in every thing!

Like you have people complaining about spam, people trying to combat spam, then once they make some steps forward other people bitch about the methods used and how hard they can be some times (Captcha's).. But yeah, there is always at least 2 sides, it's called balance, and it's needed to make the world go around, after all every thing can't be perfect now can it? lol /rant

[justice]

What are the alternatives? I can think of a few but surely the people who implement captcha must have thought of them too?
The problem with any alternatives that if they're used that is rolled out of millions of people then it's very difficult. On your personal site you can stop spam by asking what color grass is, but as soon as yahoo does that then it's worth for people to automate it. I guess if OpenId was more userfriendly then it would be worth using that instead. or Cardspace.

[TucknDar]

Don't mind them, actually

Also it's how I can stop spam yet still let anonymous users  post. Logged in users obviously don't need the captchas. Maybe there's spam technology that's smarter than most captchas, but from my experiences it's like this:
No captcha = Plenty of offers for viagra, used cars, penis enhancements etc.
Captcha = 0 - zero - offers but some perfectly valid anonymous posts.

[Perry Mowbray]

Also it's how I can stop spam yet still let anonymous users  post. Logged in users obviously don't need the captchas. Maybe there's spam technology that's smarter than most captchas, but from my experiences it's like this:
No captcha = Plenty of offers for viagra, used cars, penis enhancements etc.
Captcha = 0 - zero - offers but some perfectly valid anonymous posts.

-TucknDar (March 17, 2008, 05:34 AM)

That's my experience too. After reading Renegade's Post I felt a little depressed, but thankfully that level of sophistication is not everywhere (Captcha still works for me).

I wondered about OpenID too, but is that moving toward everyone having a verified on-line identity?

[nudone]

i look on them as being a little mini game to play or puzzle to solve, so they are fun.

perhaps i've just not had to deal with them as much as everyone else that is complaining.

[Renegade]

After reading Renegade's Post I felt a little depressed, but thankfully that level of sophistication is not everywhere (Captcha still works for me).

I wondered about OpenID too, but is that moving toward everyone having a verified on-line identity?

-Perry Mowbray (March 17, 2008, 06:10 AM)

The level of sophistication only gets worse...

OCR works quite well, but for a lot of old writings/books, it gets more difficult. There is a project (I forget the name at the moment) that is continually scanning and putting books into the public domain or at least making them available. They have a CAPTCHA API where you can use things that don't OCR well (i.e. They are OCR/CAPTCHA crack resistant) on your own site. The benefit is obvious. Put humans to work solving REAL problems that machines can't.

This same general technique is used by spammers though...

OpenID isn't a real solution to this problem. The spammers would simply attack OpenID providers in the same way they attack everything else.

[f0dder]

Renegade: would that be Project Gutenberg? Can't find any reference to captcha on their site with a "I'm mega lazy" search, though...

[KenR]

What are the alternatives? I can think of a few but surely the people who implement captcha must have thought of them too?
The problem with any alternatives that if they're used that is rolled out of millions of people then it's very difficult. On your personal site you can stop spam by asking what color grass is, but as soon as yahoo does that then it's worth for people to automate it. I guess if OpenId was more userfriendly then it would be worth using that instead. or Cardspace.

-justice (March 17, 2008, 05:05 AM)

Justice:
I hate having to buy and use security products too. I'm not saying they are not important or that there is not a need for them, I'm just saying that I dislike them.

Ken

[Renegade]

Renegade: would that be Project Gutenberg? Can't find any reference to captcha on their site with a "I'm mega lazy" search, though...

-f0dder (March 17, 2008, 09:15 AM)

I think it's a university thing, or a Google thing, or... I just don't remember. But if it was PG, I think I would have remembered it.

[Perry Mowbray]

Renegade: would that be Project Gutenberg? Can't find any reference to captcha on their site with a "I'm mega lazy" search, though...

-f0dder (March 17, 2008, 09:15 AM)

Renegade: is it ReCaptcha?

Use reCAPTCHA on Your Site!

reCAPTCHA helps prevent automated abuse of your site (such as comment spam or bogus registrations) by using a CAPTCHA to ensure that only humans perform certain actions.

• It's Free! Yep, reCAPTCHA is free. The only reason we might charge is if you require special services from us.
• It's Useful. Why waste the effort of your users? By using reCAPTCHA instead of other CAPTCHA implementations, you are helping to digitize books.
• It's Easy. reCAPTCHA is a Web service. As such, adopting it is as simple as adding 4 lines of code on your site. For many applications and programming languages such as Wordpress and PHP we also have easy-to-install plugins available. We generate and check the distorted images, so you don't need to run costly image generation programs.
• It's Accessible. Most other implementations of CAPTCHAs block visually impaired individuals, who cannot read images of distorted text. reCAPTCHA, on the other hand, has an audio test that allows blind people to freely navigate your site.
• It's Secure. reCAPTCHA is run by the original creators of CAPTCHA and has the highest security standards. Many other implementations of CAPTCHAs can be easily broken.

[Renegade]

Renegade: is it ReCaptcha?

-Perry Mowbray (March 18, 2008, 07:22 AM)

YES! THAT'S IT!

Check the credits at the bottom of the page:
Carnegie Mellon University

[Perry Mowbray]

Renegade: is it ReCaptcha?

-Perry Mowbray (March 18, 2008, 07:22 AM)

YES! THAT'S IT!

Check the credits at the bottom of the page:
Carnegie Mellon University

-Renegade (March 18, 2008, 07:27 AM)

Cool: I saw that too (just didn't paste it in)...

[Nod5]

I share the resentment towards having to go through so many of these. Worst of all are forums that both have really hard captchas (often rotated similar letters like lL1i oO0) and that reset ALL entered information when there is some minor error when clicking submit.

But I still see them as necessary in many cases. Better (less bad) alternatives are hard to find.

Here's an excellent Wired piece on the captcha pioneer Von Ahn: http://www.wired.com...ancomp?currentPage=1  Now you have an individual to mentally direct all your captcha frustration towards . The articles covers not only recaptcha but also many other examples where everyday necessary human task could be tapped into as a productive resource. That's what I love about the recaptcha project - you know that the captcha itself has some purpose (apart from blocking spammers) and that makes it less irritating.