Results 1 to 25 of 28
Thread: Time to Kill CAPTCHA?
Aug 5, 2013, 13:51 #1
- Join Date
- Sep 2005
- Sydney, NSW, Australia
- 24 Post(s)
- 1 Thread(s)
Time to Kill CAPTCHA?
What do you think of the current campaign to kill off CAPTCHA? Here are my thoughts:
The not so obvious answer to that question is a very definite NO. Without CAPTCHA there would be no more web because the spambots would destroy it.
The reason why anyone would be considering the killing off of CAPTCHA is that they are confusing the idea of attempting to distinguish real people from spambots with one or two particular types of CAPTCHA. What they probably mean when they are referring to CAPTCHA is those obnoxious hard to read images that many sites have been using for several years now as their way of attempting to use a Completely Automated Public Turing test to tell Computers and Humans Apart. Now that particular type of CAPTCHA is close to if not already past its use by date. CAPTCHAs like that are now so common that at least some spambots are able to do a better job of interpreting the content of the image than real people are.
The time for using such obtrusive CAPTCHAs is past as in order to make those images unreadable to spambots they make them unreadable to too big a group of real people as well. If that were the only type of CAPTCHA that exists then yes it would be time to kill CAPTCHA and let the web die with it.
Fortunately that is not the only type of CAPTCHA and a few dozen of the millions of alternative CAPTCHAs are gradually replacing those annoying in your face obtrusive ones that block many real people from access. By using a different sort of CAPTCHA that is easier for real people to use and which currently fools the spambots sites are able to stay online and useful to those real people instead of being swamped by spambots and having to shut down.
One issue that all CAPTCHAs have is accessibility and that no matter which one you use you are going to discriminate against a small number of real people in order to block most of the spambots. Until a perfect CAPTCHA that can distinguish 100% accurately between responses from real people and responses from computers there will always be some that get put in the wrong group. In fact as computers get more powerful this task will become harder rather than easier and a perfect CAPTCHA will be less and less likely.
Any CAPTCHA that you choose is going to be a tradeoff between the amount of spam that floods the site and the number of people that the CAPTCHA incorrectly blocks. Unfortunately the choice is between blocking a small group of people from accessing the site and taking the site down completely. Removing all CAPTCHAs so as to allow everyone easy access usually means that the site will be so flooded with spam as to be unuseable by anyone. Until such time as your site is discovered by the spambots there is no reason to implement a CAPTCHA.
Now there are several basic ways in which we can attempt to distinguish between real people and computers. Those horrible image CAPTCHAs are of the visual type where the distinction is made based on the difference between people and computers to distinguish the content of something visual. Since these CAPTCHAs rely on the real person being able to see and the computer not having powerful enough OCR it discriminates against anyone who can't see or who for whatever reason cannot see images in their browser. To get around this some sites also incorporate a corresponding audio CAPTCHA that tells those who can't see the image what the image contains - hopefully in a way that the computers can't use to solve the CAPTCHA. One alternate visual CAPTCHA that some sites have switched to using is one where a number of images are displayed and the person is asked to click on the image that contains a particular object. Now this is an easier CAPTCHA for people who can see to solve while being far harder currently for computers to solve. Unfortunately this type of CAPTCHA has no audio equivalent and so it potentially discriminates even more against people who can't see the images. Unless sites implementing that type of CAPTCHA also implement some other type of CAPTCHA for those real people who cannot use the visual CAPTCHA then that group of real people are blocked from access even more effectively than the computers are.
A completely different type of CAPTCHA that some sites now implement is where the person has to fill in the answer to a question. A really common one uses simple arithmatic where a calculation is displayed and the person is asked to supply the answer. Foe example "What is 1 + two?". This type of CAPTCHA will work even for those who can't see because the CAPTCHA uses plain text that their web reader can read. This type of CAPTCHA relies on people being able to interpret the meaning of the question and to then be able to provide the answer. Computers are currently not as good at that interpretation and so CAPTCHAs like this currently work. As this type of CAPTCHA becomes more common the spambots will be updated to make it easier for them to work out the answer to the question as well and then this type of CAPTCHA will die out. Another variant of this which would be slightly harder for the computers to solve would be to ask more general questions such as "What colour is the sky?". Unfortunately there is another group of real people who are as unable to solve these types of CAPTCHA and so you are still blocking some real people as well as the computers.
Using CAPTCHA will become more and more important in the future as more sites are attacked by spambots and those bots become smarter at solving the more commonly used CAPTCHAs. The types of CAPTCHA that people use will change and hopefully become less obtrusive as further ideas on how to distinguish between people and computers are developed. It is time for those horrible image CAPTCHAs to die but only by replacing them with some other form of CAPTCHA that is at least as effective at blocking computers while hopefully minimising the number of real people who get blocked as well.