Comments on: Captcha is Broken

By: Jeffrey Morgan

Jeffrey Morgan — Wed, 03 Sep 2008 10:11:47 +0000

Moderating comments is the only sure way to avoid automated spam. I moderate comments on my blog and part of the moderation process is investigating the URL provided by the poster. Content which at first seems OK is often revealed to be spam when I look at the poster’s web page.

By: Sniff

Sniff — Tue, 02 Sep 2008 11:50:31 +0000

Maybe you’ll find interesting CAPTCHA I’ve wrote – tEABAG_3D, you can see it at http://ocr-research.org.ua

By: Paul B.

Paul B. — Mon, 01 Sep 2008 22:52:13 +0000

Your final quote is dead on. The focus should not be on whether the viewer is human or not, but rather we should focus on the content/data, which is where the spam actually is.

By: An Tu

An Tu — Mon, 01 Sep 2008 10:59:31 +0000

I never like the captcha system, none of my site use it

By: Chris Messina

Chris Messina — Mon, 01 Sep 2008 06:59:38 +0000

Was also disheartening to discover how Mechanical Turk is being used for spamming purposes as well:

http://www.readwriteweb.com/archives/amazons_mechanical_turk_used_for_fraud.php

By: Tim

Tim — Sun, 31 Aug 2008 16:37:14 +0000

Just because something came from a real human being doesn’t mean it isn’t spam, which is why content-based solutions like Akismet are the only long-term solution to the spam problem.

And unfortunately, it is also true that just because Akismet (or any content filter) says something is spam doesn’t mean it is spam. A valid message marked as spam by a filter isn’t a good user experience either.

Sure, we can review comments marked as spam, but if I’m going to review 100% of the filtered comments for false-positives, why have a filter at all?

I’m no fan of captchas either, but silently discarding a valid message that doesn’t pass a filter is an even poorer experience for that user and unacceptable to my application.

By: Pushkar Arora

Pushkar Arora — Sun, 31 Aug 2008 07:14:43 +0000

‘ companies such as Microsoft are not abandoning the system. “We are updating our Captcha system to be both more readable for customers but more difficult to break through” ‘

Why waste more time and technology on something that, eventually is going to fall again.
Matt’s quote in the closing part in the article really defines what needs to be done ultimately for a spam free web.

By: Michael Hampton

Michael Hampton — Sun, 31 Aug 2008 06:28:50 +0000

Hm, that reporter should have talked to me.

By: amolpatil2k

amolpatil2k — Sun, 31 Aug 2008 05:09:11 +0000

Comment spam is a serious problem. There are 4 defences Captcha (proactive), filters like Akismet (reactive), admin moderation (reactive) and reader flagging (reactive). The problem with Akismet is that it is not transparent. How do we know it doesn’t harbor a bias in the guise of secret algorithms.

By: ::Wendy::

::Wendy:: — Sat, 30 Aug 2008 22:43:00 +0000

‘are you mouse or man’ or girl?
The guardian for the intellectual man (Niel’s comment) come on fellows – at least demonstrate in your language that you are aware that women can write spam bots, spam, and be intellectuals.

By: Jacques Marneweck

Jacques Marneweck — Sat, 30 Aug 2008 17:59:48 +0000

Something I found quite amusing on the subject of captcha’s today – there is a booming industry in India of guys employed to reply to captchas (http://blogs.zdnet.com/security/?p=1835)

By: lambic

lambic — Fri, 29 Aug 2008 19:26:38 +0000

I wrote about the horribleness of Captchas back in 2006 (http://www.lambic.co.uk/blog/archives/2006/12/captchas-who-needs-them/), why didn’t they quote me?! Oh right, I didn’t create the internet’s most popular blogging engine, sorry, forgot that part

By: Captcha Broken says Matt, I agree! | Strangely Perfect

Captcha Broken says Matt, I agree! | Strangely Perfect — Fri, 29 Aug 2008 19:01:02 +0000

[...] what I’ve determined empirically recently. Matt’s (WordPress prime mover) post here and this article in the Guardian mention the various failings of [...]

By: Khürt Williams

Khürt Williams — Fri, 29 Aug 2008 17:00:17 +0000

I hate captcha! Hate! Hate!

By: Lloyd Budd

Lloyd Budd — Fri, 29 Aug 2008 16:20:02 +0000

That article is disappointing in it doesn’t even mention reCAPTCHA. Maybe, they decided that reCAPTCHA got enough play in the news mid-month.

I can’t stand craptcha, but if someone really, really, really feels they must use it, reCAPTCHA seems like the way to go. You are both helping a great cause and there are accessibility options.

By: nathan

nathan — Fri, 29 Aug 2008 13:42:52 +0000

My first thought was, ‘not only is it broken, it’s also really annoying.’

Very interesting it starts with a Matt quote and ends with a Matt quote.
Obviously, someone has a good handle on how to fix captcha…

By: Neil

Neil — Fri, 29 Aug 2008 12:12:07 +0000

Aww the guardian, for the intellectual man, good read!

By: Inge Janse

Inge Janse — Fri, 29 Aug 2008 11:43:11 +0000

“Just because something came from a real human being doesn’t mean it isn’t spam, which is why content-based solutions like Akismet are the only long-term solution to the spam problem.”

Excellent quote. That pretty much dismisses all alternatives given in the article.

By: Le Weblog de Frederic Bezies » Archive du blog » Le captcha : gadget inutile ?

Fri, 29 Aug 2008 08:26:15 +0000

[...] via le blog de Matt Mullenweg, un des codeurs principaux de WordPress, la version en ligne du Guardian a rédigé un article qui [...]

By: lemming

lemming — Fri, 29 Aug 2008 05:36:19 +0000

Congrats, Matt.
Btw. you have the best jolted domain i’ve ever seen so far.

By: Titanas

Titanas — Thu, 28 Aug 2008 23:11:24 +0000

It was about time for someone to call captcha a bane. Sometimes it takes me 2-3 reloads to figure out what the captcha is displaying just to register to a service..

By: m@

m@ — Thu, 28 Aug 2008 22:05:41 +0000

The problem lies in usability vs. vulnerability. You want to make it as easy as possible for users while making it as hard as possible for spam bots. Captchas were never easy for users, and apparently now they’re easy for bots. Group sourcing filtering isn’t necessarily the answer either as you have to worry about bots being in the group. Now what? That is indeed the question.

By: Martin

Martin — Thu, 28 Aug 2008 21:54:34 +0000

I hate Captcha with a passion. I have five sites and none will ever use it. I use Akismet and comment moderation and that pretty much solves everything without and hassles for my users or me.

By: Stephen R

Stephen R — Thu, 28 Aug 2008 20:57:56 +0000

I’ve been working on improvements to Andy Skelton’s Quiz plugin. Basically you make a custom question for each post, when you write it.

I like the idea of this a lot because it means that not only do you have to have human comprehension, but you have to have actually read the post. Slows down (hugely) the “captcha farm” spammers, and thins down frivolous comments to boot.