Reasons not to use Captcha

Posted At : November 29, 2008 12:02 PM
Related Categories: ColdFusion,Web Design

I don't get as angry about Captcha as I used to, but on occasion someone asks me why I don't like it. I figured I'd post this list here so I can have something to reference, instead of having to brainstorm everytime I'm asked the question.

  • Most people hate filling out Captchas.
  • It doesn't stop human spammers (they fill out your form manually).
  • Spam software these days can break through simple Captchas.
  • If you make your Captcha harder, you may block legit users.
  • Blind people can't get past Captchas.

So what is my least favorite feature in ColdFusion? <cfimage action="captcha"> ;)

Comments (9) | Print | del.icio.us | Digg It! | Linking Blogs | 952 Views
Comments
[Add Comment]
What I hate more than captcha is comment moderation. It feels like censorship to me.

So what do you recommend as an alternative to Captcha? CFFormProtect??
# Posted By Andrew | 11/29/08 1:50 PM
CFFormProtect works, but what I generally recommend is that people pick one or two alternatives like Akismet or Project Honey Pot (both included in CFFP) and roll their own. CFFP is overkill for some folks, but if you want a fairly easy solution, it's always worked for me. :) And I am on the verge of releasing version 2.0, which is already in place here on my blog for testing.
# Posted By Jake Munson | 11/29/08 1:53 PM
Good points Jake. It's not just blind people who can't get past CAPTCHA... it's often anyone with any kind of visual impairment and far too often people without any impairment at all. I hate them too, for all the reasons you list and more :)
# Posted By Kay Smoljak | 11/29/08 3:28 PM
It would be great if you followed this up with a list of points on why other technologies work where captchas fail. As is, I think your list lacks a solid argument against the use of captchas, to address your points specifically:

1) Well yes there's always the choice not to use captchas, but people may hate filling out a form to register on a site, enter their password to log into a site, etc., but those steps are necessary to make a certain system work effectively.

2) That's true it doesn't, but I'd argue one of the most insidious qualities of spam is that it is sent in quantity, which a spammer manually filling out forms cannot accomplish without significant time on the part of the spammer.

3) & 4) This is a balance to maintain, security versus usability. However, I think the idea is to combat spam, making it more difficult for a spammer to fill out a form, not so much to eliminate it entirely. There never will be an unbreakable captcha, as there never will be an unbreakable password. The point is to make it more difficult for spammers with minimum inconvenience for legitimate users.

5) I'm a fan of reCaptcha (<a href="http://recaptcha.net">recaptcha.net</a&...;). It is accessible to blind users and makes me feel warm and fuzzy about stopping spam and helping digitize books at the same time. Even if I spam bot gets through, at least they're helping out :)
# Posted By Anselm Bradford | 11/29/08 6:42 PM
Both Akismet and Project Honey Pot can work where Captcha fails. There are other things too. Check out all of the tests in CFFormProtect for more. And I'll stress, none of these techniques force your users to pass through annoying stuff like Captcha.

reCaptcha may make you as the site designer feel warm and fuzzy, but your users could give a crap. I'm talking about usability here. Can you imagine telling your mom, "Sure mom, you can talk to me anytime you want, but you have to decode a little hard to read text before every conversation."
# Posted By Jake Munson | 11/29/08 7:55 PM
Oops, I just noticed that you said "why other technologies work". The reason Akismet and Project Honey Pot work where captcha's fail is because of crowd sourcing. The knowledge from millions of other blogs and sites work together to identify spam. So even human spammers will get blocked, because they are recognized by the community as spammers, BEFORE they fill out your form. CFFormProtect combines many techniques together, but I have read testimonials from people that only use Akismet, or only use Project Honey Pot, and report great success. And again, without annoying your users.
# Posted By Jake Munson | 11/29/08 7:59 PM
@Anseim, I looked at reCaptcha once, because I, too, like the idea of helping to digitize books. But have you ever listened to the audio captcha on reCaptcha? It's awful. To get rid of "listening" bots, they need to add a bunch of background noise to throw them off. Similar to the visual background noise on a visual captcha. The first time I tried the audio captcha, it took me 5 attempts to get it right.

Just a note: If a spam bot does get through on a reCaptcha captcha, it does not actually help out. The second word (the word for the digitized book) is optional, it does not need to fill it out to pass the captcha.

I have been using Jake's cfformprotect for a couple months now with great success. I have only heard of one issue with someone not being able to comment and I have seen ZERO spam since I started using it. Looking forward to version 2.0
# Posted By Jason Dean | 11/29/08 7:59 PM
I've used CFFormProtect for almost 18 months now and I'm very pleased with it. It saved me thousands and thousands of commentspam, even without using the Akismet function. It currently runs on a Bluedragon 6.2 CF-driven website as well as on CF7 and CF8 websites.

I became enthusiastic about the tool because I generally dislike CAPTCHA's - why should I have to fill in a simple mathquestion or try and decifer weirdly looking digits and letters? I just want to comment - the beauty is CFFormProtect is it's ability to do all checks serverside without the user ever even noticing it's present doing its work. I'm ready for version 2.0 even though I won't be using the Project Honey Pot feature. Thanx Jake for this little piece of CFC-magic.
# Posted By Sebastiaan | 12/1/08 2:42 AM
I would argue if you use anything but the easiest of Captcha, you WILL drive away users or, at best, create a royal pain in the rear for them. I have given up on some sites that use Captcha images that I simply can not figure out.
# Posted By Allen | 12/2/08 10:05 AM
[Add Comment]
BlogCFC was created by Raymond Camden. This blog is running version 5.9. Contact Blog Owner