CAPTCHA means: Completely Automated Public Turing test to tell Computers and Humans Apart.

Since I often fail to solve CAPTCHAS I must be a machine...

I wonder how many people besides me are out there who are not human. You too seem to be slowly turning into a machine. The Borg have arrived on earth, resistance is futile...

all our base belong to them.

are they getting progressively harder to solve

In my experience, yes! They are a PITA.

surely there is an interesting technical back story here -- are the bots getting better, hence the humans are ratcheting up the difficulty?

or is this just some sort of cruel trick played by some under appreciated human working in the bowels of the internets?

surely someone with a good imagination or a history of hacks and cracks has a story to tell.

do tell.

The captchas I hate most are those within Google Analytics that you have to solve before you can send yourself a report about something.

C'mon, a user has to be already logged in to send themselves a report, what's the captcha needed for? Especially, why is it needed Every. Single. Time?

bw - I don't even bother, I just download the PDF and go from there.

and you make a good point.

The captchas I hate most are those within Google Analytics that you have to solve before you can send yourself a report about something.

C'mon, a user has to be already logged in to send themselves a report, what's the captcha needed for? Especially, why is it needed Every. Single. Time?

Ten years ago I worked with a scary-smart coder (PhD in computer science from a name school in the east, worked for DARPA for several years) with the ethics of Al-Qaeda. It took him four days, but created a script that jumped this kind of captcha and allowed him to download 99 percent of a db from a name everyone knows. To answer your question: Because of people like him.

Tip: Try doing the captcha sober.

LOL . . . :-)

The only thing that annoys me about CAPTCHA is that if your server side programming is coded right, in 95% of the cases they are absolutely unnecessary, a duct tape fix for a problem not understood by the developers.

They're unnecessary 100% of the cases, you can reliably replace them even with straight CSS or some custom html and have the server validate on form submission without the user having to do anything extra.

I like the ones that have a check box or radio button next to "Are you human"

My wife, the teacher likes the ones with a math problem.

That is actually one of the more popular duct tape brands that is at least easy for the end user to decipher and is almost as good as a captcha. "What is seven plus twelve" is as good as those cryptic image based widgets. (Which uhh, *should* be positive if either 19 OR nineteen is entered - if they can't spell nineteen well then . . . )

What I find disappointing is that my (wealthy) friends at Google don't do it much better than anyone else.
The captcha signup for Gmail isn't very good, and I sign up quite a few accounts, and often miss.
Surely a company that can make self-driving cars etc. can come up with a clever innovation!

The only reason current text based CAPTCHA's aren't routinely cracked automatically is that the graphical ones are still more common.

Once it becomes worthwhile it'll take a ne'erdowell, ooh... hours to crack! We're talking about parsing at about '80s 8bit text adventure level with a limited number of problem domains. Start fixing either of those issues and the number of false positives from real humans will start rising again!

I can think of at least one way of mixing computer and human solutions to break textual captchas that requires no parsing at all and would have nearly 100% correct answers at minimal cost. With minimal cost being defined as less than the 0.1 of a cent per correct solution that is currently required for an entirely human based solution!

All variaties of free communication services are absolutely stuffed. But even they, along with everybody else that takes form submissions, need to look at reducing the value of the service to spammers, not just increasing the cost (which is currently (well, a few years ago, might be cheaper now) capped at the above 0.1 cent per submission noted above for teams of humans.

Avoid making a service useful to spammers at all, if applicable to your web application. But if that can't be avoided then log and check everything - IPs, http headers, language filters, submission speeds etc.

Avoid making a service useful to spammers at all, if applicable to your web application.

This, as Frank Zappa would say, is the crux of the biscuit. And it works. :-)

I don't know if it's my bad eyesight, but, yes, some of them are particularly challenging: Google's being annoyingly difficult at times. And, the audio version is as good as useless, too.

funny how no such foolishness seems to be required here on WebmasterWorld. of course, I haven't had to do anything but let PayPal take the money each year.

if only some of the smarts here could actually be somehow inoculated inside of Google and some of these other awful sites.

Yes! Just a few weeks ago I was suddenly confronted with a new series of captchas which seem to resemble a color blindness test. The bemusing part is that, whenever I fail, The captcha example turns into an easily readable and seemingly color blindness friendly version. What's up with that?

why not stage a boycott?

let's just stop using them. it only encourages them. ;)