http://derekallard.com/blog/post/not-so-useless-image-to-text-as-a-captcha/

Personally, on my (smaller sites), I’ve made a CAPTCHA system a la “tell us what day of month it is today”. It’s easy. Both for the users, but also for me to change it to something similar simple when somebody eventually circumvents it.

My point is: Diversity is one of the best ways to prevent spam. The more sites that is using e.g. reCAPTCHA, the larger is the incentive for spammers to circumvent that specific system.

I’ve read the story behind the Times poll, which after the reCAPTCHA implentation was all manual labour. Something no CAPTCHA can protect itself from.

Remember to allow for disabled users who may find that such Captchas are difficult to use. This could lead to legal action against you for discrimination.

http://www.acomputerportal.com/advertising_methods/captchas.html

I still think image rotation is too easy to crack. A single symbol in a standard CAPTCHA has 62 possibilities (if you use numbers, lower and uppercase English characters). A single rotational image with a 16 degree angle of error has 22.5 possibilities. How can that be better?

CAPTCHAs are a necessary evil in some situations, but they’re probably overused and certainly used in dumb ways. There are lots of factors you can check before resorting to a CAPTCHA.

Let’s assume software can analyze the image and get it right 1 in 10 times. You’re then down to 1 success every 1,000 attempts. And the software will improve…

 
In which case, so will the code that rejects easily guessable images. In theory, eventually both packages will improve to the point where Google declares all images easily guessable, and the CAPTCHA will be defeated. But, that’s theory — nobody has actually tried to break this yet. All of this is just as you wrote — assumption. Let’s give it a chance before we both make up numbers and scenarios to make judgments ;-)
 
Presumably, if/when it is broken, we’ll be in the same place that we are now, and someone will come up with something new. It’s a game of cat and mouse, much like the malware industry. Hence,
 

The End is Nigh for CAPTCHAs as we know them, but they will always be around in some form.

 
Logic tells us that this reverse Turing test can never be successful on this medium (at least not without some sort of global system which would render the final blow to privacy and free speech), so all we can do is keep trying new tests. In fact, anyone who has played a serious video game recently (that doesn’t include you, Flash game and Wii Sports players) will know that a similar battle against cheaters has been going on for over a decade. There is no single solution. We can’t win, but if we keep mixing up the field, we can’t lose either. The only way to lose is to give up and declare all CAPTCHAs worthless.