Technology

Use Some Ingenuity and Avoid Captcha

Perhaps one of the worst user experiences I continue to run into on the web is Captcha technology.

Captcha is when a an image is generated with numbers, letters, and sometimes words tha you need to retype into another field. This is to thwart automated form posts from comment spammers. Since they can’t decipher the code, they can’t submit the bogus posts.

Captcha Flaws

  1. It’s an interruptive technology. I can’t tell you how many times I go to submit a comment or send a message on some site and I’m interrupted by a Captcha field. It stops the flow and stops the user experience. I can’t stand it. On occasion, I simply give up and stop visiting the site or using the tool.
  2. It’s generated by a computer. The fact that it’s generated by a computer tells me that someday it will be broken by a computer. It’s only a matter of time.
  3. It’s lazy. Instead of fixing the problem, it makes the user have to work around it.

A Better Approach

A couple folks have asked me why I didn’t utilize Captcha when I wrote my Comment Form plugin. I didn’t use it because I wanted to make the experience better, not worse, while avoiding comment spammers. With just a teeny bit of ingenuity, software companies could make these challenges fun, not an interruption.

My challenge question on my contact page is pretty simple, “last word in my blog’s title”. But it makes the person look up for a second and perhaps even chuckle, that they have to enter “blog”. Nice and easy. No discolored, distended, wacky combinations of letters and numbers. Just a simple question that can’t be answered by a computer – only the reader.

Facebook now using Captcha

Facebook CaptchaThe latest company to fall victim to Captcha style technology is Facebook. Not only is it an absolute eyesore, you can barely read the dang thing. Facebook has been pretty stellar in developing some cool tools and integrations into their site… did they really have to use this stupid technology? Bad enough that typepad and others are sold on it.

Some might argue that “it works”. It only works in the respect that it removes the problem from the website and places it on the user. This is inexcusable design and there are better ways! C’mon Facebook… take a chance, invent something! Be creative.

23 Comments

  1. 1

    One innovative solution similar to captcha’s is HumanAuth (and KittenAuth). It’s also similar to your “last word in my blog title” idea. A human must read a clue and prove that they understand the semantics of the clue. No computer can do that, yet. But if you listen to AI folks, they will, soon! It’s just around the corner, really!

    If HumanAuth or something “standard” that computers can’t do would catch on and go into widespread use, it would somewhat alleviate the interruption you’re talking about.

    BUT, you still have to be careful on the implementation. HumanAuth’s sample that I just went and looked at again has a flaw! The moment you click the right 3 images, it changes a button to let you know you’ve got it right. That’s ok, but it gives you unlimited clicks, so a simple recursive algorithm could easily figure out the 3 images.

    Your idea is simpler and simple usually means there’s less that can go wrong.

  2. 4

    Interesting opinion, though I am not really sure it deserves it’s own blog item…
    But what does one not do for just a little bit of attention… 😉

    Anyway, our site (http://ajaxwidgets.com) does not have a captcha for our blog system. And fact is that 99.99% of all spam blogs are being denied by the simple fact that we don’t allow HTML…!
    In addition we’re using “link condoms” for the URL field which also takes away a lot of spam. Not really all that hard 🙂

    .t

    • 5

      My objective wasn’t attention, Thomas. It really is to bring attention to a technology that is ‘acceptable’ mainstream but is not user friendly.

      Your example of how you’re dealing with it is exactly my point, there are definitely less intrusive ways of dealing with the problem.

      Thanks, Thomas! And I love widgets, so I’ll be checking out your site!
      Doug

  3. 6

    You fail to mention captcha’s which arent the tired and true distorted text image based ones.

    A captcha can be many things, text based, question and answer, subjective (pick cutest puppy) and these are much quicker to use and make more sense that trying to figure out if that is an o or a 0.

    I agree with you, and I hate them also, but your post didnt even cover the full breadth of the topic, and didnt offer any ideas about how to fix it.

    • 7

      Hi Garrow,

      I agree – I didn’t come up with the best solution… that’s what my call is to the companies with great resources and user experience experts. My motivation for writing the post was after seeing Facebook use this technology.

      I also didn’t realize that Captcha technologies overlapped outside of the simple font graphic that a user has to submit. If Captcha technology is expanding their footprint into challenge questions and answers that can be made to enhance, not degrade, the user experience, I’m all for them!

      Thanks!

  4. 8

    Use variable-variable names. Once the user comes to the page set a session cookie that contains a random number. Then give your “input” tag a name=”comment__[title]”, and so one for the rest of your fields.

    Then reset the number every time someone visits the page.

    That will ensure it’s a human person going to the page: for a little while.

    Chris

  5. 9

    I totally agree with you. CAPTCHA’s are a pain in the …

    However, it is really really easy to write an invisible CAPTCHA that does the trick. There are many different ways of doing it.

  6. 10

    Captcha’s can be annoying. Some more than others. I’ve seen some that are impossible to read (which defeats the purpose). I use the “bad” type of Captcha you described in a few projects. However, I make it easy enough to read so that the human isn’t having to contort his/her brain to make sense of it. Also, I only “captcha” when the user registers, not every single time they give input into the site. It isn’t a perfect system, but I consider it low on the human annoyance factor.

    There you go, we could start rating Captcha’s on their “HAF” (Human Annoyance Factor), Spammer Annoyance Factor, etc.

  7. 12

    I don’t want to belittle your plugin but there’s already a much better way to filter spam in wordpress. There’s an amazing plugin that I use called SpamKarma and uses all kinds of heuristics to determine whether this post if human or whether it’s spam. I’ve been using it for about 1 1/2 or 2 years now and once it flagged someone’s comment as spam and once it wasn’t sure so it asked the person to fill out a captcha and then let the comment through. It catches hundreds of spam comments a week though and never lets any through.

    I hate captchas as well. If I really had to write a captcha I would do it like http://www.hotcaptcha.com/ since picking out the pretty people or the furry animals or the whatevers out of a series of images is trivial for humans and extremely difficult for automated scripts.

    • 13

      Hi Smokinn,

      I don’t use SpamKarma but I have heard of it. I do utilize Bad Behavior and I’m probably only having to deal with 10% of the comment spam I had before.

      I’ll check out Hot Captcha – sounds similar to what I’d like to see.

      Thanks!
      Doug

  8. 14

    This post is pointless. Your solution doesn’t scale. A “bot” could be easily programmed to bypass your security measure by filling out “blog” every time. The solution has a finite number of questions – as many questions as you care to write. How would facebook, ticketmaster, or yahoo implement such a solution?

    This post was just ridiculous enough to get some attention and drive up your ad revenue. You’re going to have to try harder to “tip” this blog. I’d start with content worth reading.

    • 15

      Wow, Matt. Someone sounds a little grumpy today.

      Sounds as though you didn’t actually read my post. I never said my solution would scale nor should it be used by these companies. I did say that I’d like to see some companies (like Facebook) come up with a more ingenious solution. My plugin does allow you to change the challenge question and answer whenever you’d like – no bot is going to keep up with that. To date, I’ve had no SPAM on my contact page from this solution.

      One example: Perhaps Facebook could actually profit from using an advertisement on the page and asking “Who’s ad is on this page?”. Anything is better than punching in a bunch of numbers and letters – if you can actually read them.

      Cheers! Be sure to subscribe! hehe
      Doug

      • 16

        The “Who’s ad is on this page” is an interesting idea. I’ve seen it implemented before on a website called Moola.com. However, they use it specifically as a way to direct attention to their advertisers (as an interstitial) rather than a spam-prevention method.

        Some of them would even force you to watch a 20 second ad video and then answer a question such as “Which company was this ad for?” While, I’m not a fan of that particular method (I hate to wait), it would be interesting to see what something like that does to ad revenue.

  9. 17

    Apart from annoyance factor, which is huge, CAPTCHAs are regularly inaccessible for anyone with less than perfect vision.

    Imagine a CAPTCHA that you find difficult to read and then let someone with poor vision have a go. Difficult? Almost impossible.

    How about someone with no vision at all, surfing the web with a screen reader or braille technology. A CAPTCHA is designed such that programs can’t read it. In this case, neither will the disabled user.

    There are few accessible CAPTCHAs, ones that include a voice CAPTCHA for those who can’t see are an example, but the added usability concerns make it a technology that I would never consider implementing. Beat the spammers another way, don’t make your real users pay (also the reason I use the dofollow plugin).

  10. 18

    Captchas aren’t bad. Bad captchas are bad. If they are so hard to figure out that you can’t read it, then that is bad.

    However I think the better solution is a basic math question, three variables:
    1. Number 1 (0-9)
    2. Number 2 (0-9)
    3. Solution

    It is done so the math is very easy, and you can figure out what the answer is from a script standpoint rather easily.

  11. 19

    One neat solution I encountered somewhere was a checkbox labelled “I’m a spammer”, that came unchecked by default. Granted, it’s more useful in the context of preventing automated signups than on comments (as blog comments usually don’t have checkboxes that need checking).

    Of course in the end it’s just a matter of time before AIs break that. But I don’t think there’s a perfect solution than robots will never break, so this is good enough and doesn’t disrupt user experience at all (unless, of course, you consider yourself a spammer…)

  12. 20

    What is with the negative comments about this being an “attention getting” post? Since when was it a bad thing to add your voice to the discussion. Heck, with 17 comments already, it is obviously a topic people are interested in.

    Besides, if this is a topic that gets people’s attention, why the heck would you _not_ want to blog about it?

  13. 21

    How is that not a CAPTCHA?

    True, its not the usual mangled letters in an artificially grainy image, but it is something trying to tell computer and human apart.

  14. 22

    Yeah, I agree that captchas are a little irritating, and I’m sorry to realize that they’re a hurdle for disabled users, but I recently just
    raved about how much I appreciate the dual nature of the reCaptcha system, in that it blocks spam (though not 100% effectively, as you point out) while helping to decipher books, and I’m still a fan.

    No disputing their detrimental effect on user experience, but you have to admit that using minimal effort from each member of a vast pool of humans to do what even a very brainy computer cannot (read mangled text that defies Optical Character Recognition) is a pretty elegant solution.

    Though generally speaking, yes, I’m all for using creativity instead of code when possible.

  15. 23

    Hey There,

    Nice concise post. I, too, disagree with the flames regarding your post’s possible intention. Especially where others point out your lack of providing an “answer” or “alternative,” which I could have sworn you did with your comment-form plugin and discussion of your contact page (or did I miss something? 😉 I think too many people form opinions (and share them) without bothering to read even a relatively short post, such as this one, before they lash out (which accomplishes next to nothing)

    This is an interesting debate and, no matter whether a solution is proffered, worthy of writing about if you want. It’s your blog, after all and – this is what bothers me the most about some of the comments – since when has blogging become a public responsibility? If you want to write about something, write about it. Anybody who doesn’t want to read still has the option to not read it. If you were charging a fee, this would be a different story, but, if I’m correct, weblogs spawned from the mass’s desire to post just about anything and/or everything that pops into their head and put it out for public display, or to make it easier to share with friends. Many blogs’ contents are not publicly accessible or even interesting to those not directly involved.

    I had to laugh when I read about using this post to jack up your ad revenue. Perhaps (and I do hope so) your experience has been better than mine, but – unless you’re blogging to promote a product – you can write about captcha or you could write about how smelly generic dog food is and your contextual ad system will pay out at its usual unpredictable rate in either situation 😉

    That being said, if the CAPTCHA makers are reading, thank you for adding the audio! Black blackground with a tumultuously wavy white grid foreground over which ghostly white (and grossly distorted) letters are posted (sometimes over the edge of picture) is a perfect example of a situation that a human with reasonably decent vision will have difficulty deciphering, but a program will probably easily solve over time.

    Just my 2 cents,

    Best wishes to you,

    Mike

Leave a Reply