Captcha's are bad m'kay?
Still not accessible, still breaking the law (Equality Act 2010) when will these people learn?
A UK startup is trying to make a game out of solving CAPTCHAs*, the ubiquitous but sometimes irritating challenges designed to make sure that a human, rather than a 'bot, is registering for an online service. CAPTCHAs typically oblige website visitors to type out distorted words presented in images to prove that they are human …
Absolutely. I developed a great imagemap (remember them?) system to do this back in the late 90's, massively back compatible with all graphical browsers, very accurate discernment, but failed on accessibility grounds. As long as you offer those dreadful audio captchas (sound like short wave number stations from the cold war), you have an alternative attack vector anyway.
It's a real problem, this is assuredly not the answer except for some marketing goik who thinks the internet comes in a shiny box and you can back it up to floppy drives.
I guess there's no magic-bullet. You're going to have to have alternative CAPTCHAs. I can't think of anything that's going to help people like me, with serious visual impairments, that won't then screw over people with hearing problems or motor problems. And I guess you've got to spare a thought for people with dyslexia on CAPTCHAs too.
Having tried the hearing ones, they're a total dead loss. I have pretty good hearing, and I'm very good at discriminating sounds, having mixed live music - but I can't make head-nor-tail of them. Some of them are so bad that I'm not even sure what's the background noise and what's the computer generated words.
I can see well enough to complete the text ones, eventually. But the more weird contrasting backgrounds and such that people put in, the worse they get - and any decent modern image edge-detection and OCR software beats my 5% vision any day of the week. But if you can see, but struggle to control a mouse, I guess wordy-CAPTCHAs are probably the best thing for you.
I'd like to take issue with one part of the article though:
Making a bad problem worse, one in four attempts at completing a CAPTCHA fail – a figure that (although we weren't able to independent verify it) sounds about right.
One in four attempts at completing a CAPTCHA succeed...
There, corrected that for you.
So, onto solutions. "If you're so clever why can't you do better style." Boring suggestion, just have multiple alternative types, and pick the one you can do. Second suggestion, a tickbox that says "are you a naughty bot". Well it works on immigration forms... I've promised that I'm not a terrorist and was never a member of the Nazi party, and obviously I wouldn't lie. Third option, which would solve spam, CAPTCHA abuse at a stroke. Digital Vigilantism. There are enough clever techy people online that we can track down the spammers, after all they have to get paid, and some ship out products. So we have online search teams and digital lynch mobs, for those without the technical skills to find the spammers - but a more direct approach to percussive server maintenance...
A solution for the Audio ones could be to use song lyrics or sentences. Choose one answer from, say, 10, that actually makes sense at the end of or in the middle of a sentence. Then it can be clear as day.
An upshot would be that while trying to break it the Captcha crackers would have to develop voice recognition software that worked offline (Google, I'm sure, would notice the same team of people using their service over and over and over) and with a variety of accents- so even breaking it they're doing the world some good!
"Still not accessible, still breaking the law (Equality Act 2010) when will these people learn?"
It might be against the law but making more accessible for the blind makes it more accessible to the spammers and at the end of the day, I get more emails from spammers than from blind people.
If the government wants to make laws, why doesn't it make some to stop spam and then CAPTCHA won't be needed.
Personally I went a different approach. I added a field called email inside a hidden div in the form. My script knows if the email field is filled in, then it's from some crap robot written by some scumbag spammer who will hopefully die a painful death and spend eternity in hell getting his nuts roasted....
I'm sure I did one a few months ago, that involved putting things in a kitchen in the correct place. So the egg went in the frying pan, the spoon in the saucepan or something. But I don't remember if it was a real one, or just a demo from a company promoting the idea. To be fair, it may even have been this same company...
Are you completely mental? It's completely evil. It'll do nothing to reduce spam (sweatshops, etc), but will do everything to put more fucking advertising IN YOUR FACE, as though you needed it.
"Bored with typing stuff in? Here's an INTERACTIVE ADVERTISEMENT YOU CAN'T IGNORE OR BLOCK instead."
Advertisers? Out round the back of the shed, two barrels upside the head..
"Less annoying than mangled text?" Yes.
It's still bloody annoying and I certainly don't approve, but it is slightly less annoying than having to click next image a hundred times before finding one CAPTCHA that doesn't have r merged with n to look like m etc.
Tufty Squirrel,
What's wrong with advertising? Seriously, if it's not intrusive and it's allowing stuff that costs money to be free it's a perfectly good thing. For example, TV ads have in the past been funny, so a short ad break with 2 or 3 20-30 second ads that are funny or have a nice tune without being annoying are perfectly acceptable in exchange for a free TV program that's decent. If the telly's not decent, don't watch it. If the ads are annoying then record the telly and skip them, or use the time to make a cuppa or have a wee.
Online banner ads that behave and don't break the browser aren't annoying, as you aren't forced to look at them. I don't even see them unless I'm looking, or they misbehave. And again, they allow publications such as El Reg to be free - so what's not to like.
In this case, you have to have a CAPTCHA anyway, so if they can come up with something that's better than the current really shit ones, what harm does it do if it's an advert? Are you so weak-willed that you can't see a picture of a bottle of Heinz Salad Cream without having to instantly buy one? Or are you so stuck in some kind of student-politics nirvana that all big business must be evil, therefore it's still evil even if it does something good?
Of course, this new system may also be rubbish. But even then, unless it's more rubbish than the current system, it still doesn't do you any harm. So just relax.
>> if it's not intrusive
That's the thing, though, isn't it? Advertising *is* obtrusive. TV ads are mastered to run at a higher volume than the programs they intersperse. Web banner ads are placed and designed such as to demand your attention. And so on.
The response is instamuting the telly every time the ads come on, adblock pro, noscript and other browser addons. Ads are largely speaking offensive (not in a NSFW sense) and intrusive, it's how they are designed, and people try their hardest to avoid them.
So what's this? An adman's wet dream. Ads that not only you can't skip, but that demand 100% of your attention whilst you're not skipping them.
Fuck them. Fuck them anally with a large pole wrapped in barbed wire.
Not only that, but what's even more sinister is that this represents ads that you can't block with NoScript and Adblock. If you do, obviously you can't solve the captcha and you can't use the site.
So if one line of your defence against malware is NoScript, that provides a passthrough for the all too common malware-laced advertising. You'll have to allow Javascript for the ad server, and you can bet the VXers will be very quick to exploit this new hole.
Any site that starts using these ad-captchas simply won't be getting my business, either as a product or as a customer. Ads I usually don't have a problem with, as long as they aren't in my face. Being forced to run unwanted Javascript I do have a problem with.
Are you completely mental? It's completely evil. It'll do nothing to reduce spam (sweatshops, etc), but will do everything to put more fucking advertising IN YOUR FACE, as though you needed it.
Yep. You can call that the Ryanair experience (if you ever had the misfortune of having to buy a ticket there you know what I mean - I 100% agree with the commenter who stated that they appear to be actively going out of their way to piss you off)..
Thankfully, most businesses have competition.
BTW, there were quite a few instances of "creativity" in that pitch.
- they make great play of the time that CAPTCHAs take, thereby trying to imply theirs doesn't. Nice try. Theirs you will have to read, interpret, than manipulate which may be slower.
- they state that users freely give up 15 secs of their time to do a CAPTCHA - no, it's because they usually don't have a choice (which leads straight into my main objection, and my absolute hatred of the Ryanair system where you have to type in NLP inspired phrases to get anywhere).
- they claim high levels of brand recall. It may inspire high levels of brand hate too - what about disabled people? What about people who have seen ads fill up web pages until there is no content left?
I'm sure they will do well. Since Google and Facebook, everyone is conditioned to accept ads as the way to make money off the web. But it may be worth crowdsourcing a counter. Or wind them up by creating "alternative" versions of a more salacious type, like removing a USB stick from a computer to access the NSA or something (the xxx sites of this world could have some real fun with this).
Not impressed. Turn the little handle alongside my hand to raise the middle finger.
If Adblock doesn't kill it, corporate firewalls certainly will.
Also violates the KISS principle. Games are bloated and off-putting, you can work with something much simpler (e.g. a slider) and get exactly the same effect. No need to distract the user from what they originally wanted to do - i.e. engage with your website.
If you look at the example source you can see it's just javascript. When you "pass" the test a function is called which - if a real site - would then submit the form. Turn off javascript and neither the test will show nor will it do anything to stop the knowledgeable. A real spammer won't even be using a web browser at all, they just send POSTs to the server en masse. Aside from the accessibility concerns no client-side solution can ever be effective.
This is as unsecured as the supposedly "unreadable" font. http://www.theregister.co.uk/2013/06/24/freedom_font/
This irritates me too but since reCAPTCHA works by providing one known and one unknown sample, I've been sabotaging the system. Whenever I see a house number, I know that the other text blob is the known sample. So I enter the correct letters for that but enter the word FUCK for the house number.
I'll gladly help you OCR old books, but figure out address mapping yourself Google.
Yes, the house numbers thing bugs me too. reCAPTCHA is repeatedly held up as a Good Thing - mitigating a necessary annoyance by achieving something useful, namely digitising books, but for quite some time it's been a case of an annoyance PLUS unpaid work for Google, sorting out house numbers in Google Maps.
I'm a long-time contributor to OpenStreetMap - adding house numbers is something I happen to be doing there at the moment. But I'm doing that because it's a useful thing to do that benefits anyone who uses the (free) data. It's somewhat galling to be forced into also improving a competing, proprietary product.
It's evil in clown costume (at the moment, empty-handed).
I expect this will be converted in an eye-blink into a ubiquitous low-rent paywall—where you don't get to see the content of the page until you've consented to having your retinas exposed, for a brand/site-specified period of time, to specific objects in specific relations, etc. and made to jump, slide, twist, drag the fiddly bits through the required hoops... It's well shy of Blipverts, but has the potential to go far - or, with a little applied psychology, fairly deep into the psyche.
It's all bullshit - but then the idea came from an advertising company. Captchas have to meet two requirements: one is that they can't be solved easily by a machine; secondly there must be a sufficiently large number of them that it is not feasible for a nefarious type to build a list of all the possible captchas and their correct answers. This proposal fails big time on the latter.