>>most annoying invention to come to the internet

Yep. I simply don't buy anything from a site that uses Captcha, in fact, I won't leave a comment at a site that uses Captcha.

If you must use Captcha, and I can't think of a reason why anyone must, at least make sure there's no chance for character confusion. No 1s that look like ls. See that? No 0s and Os. See that? No 9s that look like lower case gs. etc.

Captchas annoy the hell out of me too, although I did like the idea behind recaptcha [recaptcha.net]. At least it addressed the annoyance/usefulness balance a little. But for e-commerce it's got to be out of the question.

You would think that a website/webmaster can assume that someone with a credit card is not a bot... Humans tend to have credit cards... in my experience anyways.

I can understand why for forums that allow anonymous to post would have it but for a credit card check out? Why? If someone wants to program a bot to buy stuff and put a credit card that validates then fine by me... I will charge it happily.

[edited by: Demaestro at 4:28 pm (utc) on Sep. 28, 2007]

I think the captcha is something we are going to have to live with until software is available that makes is simple to check if a user is a bot or a human. The standard captcha is anoying, but there are a lot of sites out there that do something else to try and made the captcha process as painless as possible.

What we need are systems that authenticate that the user is a human, whilst still carrying out the sites main function. Not easy, but i'm sure people are working on it.

Mack.

If a captcha is needed - then okay. But my biggest objection is how many are unusable. Half the time I struggle to discern the correct characters, and I don't tolerate that too well. The loss rate of older users or vision impaired users is probably very high. I don't refuse to use them - but will abandon the site if they are a hassle. Once I determine that I want something, most often there are plenty of choices about where to buy.

I don't understand the popularity of image captchas. They have tons of accessibility problems, not to mention the annoyance they cause. Text captchas are the way to go.

Unfortunately captchas are essential, for some types of web forms. But all you really need is a question that's unique to your website, and possibly one that changes regularly, and that's enough for most. I can understand why large and extremely popular sites would need something more robust, but not your average small blog.

Ecommerce is different, however. There's no good reason to put up a captcha on a website that's selling something.

I have recently seen many websites where the captchas have been replaced by simple tasks like doing calculations or writing the third letter of a specific word. I think this is much better and probably harder to beat by bots.

For my websites I have found a better solution. I simply randomize the names of the input fields with each refresh of the page. No chance for automatic submissions.

randomize the names of the input fields with each refresh of the page

what a nifty idea!

I have stopped using captchas on my sites long ago for because they are annoying and scare visitors off. I even recently allowed users again to post on my forums without first registering.

Despite of this, I have no SPAM problems on my sites. My idea is that SPAM should be controlled with technology behind the scenes rather than systems that scare genuine visitors away. Captchas, user registration and other visitor visible approaches to control spam are the poor mans solution to a problem which was not created by your visitors in the first place.

Actually, I really like the WP Hash Cash plugin approach - use javascript (okay, you still annoy non-JS users with a captcha or some such) and require a "proof of work".

A proof of work is as simple as a responding to an onclick event that shows there's a real person. Then if you hash the timestamp, create a field in the form and a row in the DB with that value and check to see if there's a match. Once you get a match, you delete it, so that form can only be used once

- no double submisssions by bots or accident
- no annoyance to users

genius.

Don't blame the people who invented locks when you lose your key - blame thieves who made people use locks in the first place.

The locks and thieves analogy doesn't really hold up.

The point is that there are ways to stop spam bots without annoying users.

I am also annoyed about CAPCHAs and prefer to use JavaScript tricks to fool bots that learn to deal with CAPCHAs anyway, I am just saying that the people who should really be hated are the low-lifes who caused the Web to adopt CAPCHAs - if it was not for automated spamming then CAPCHAs would not have appeared :)

Honeypot captcha people,

declare a hidden form field, invisible to the user (via css), use server side code to check if there is a value in there, if there is a value, it's almost certainly been automatically filled in, therefore it's from a bot.

if its a bot, reject the form.

i've got this on a few of my contact forms (name, email, comment) and i've never received spam through them.

I find CAPTCHAs incredibly annoying. I have seen (and liked much better) sites that ask "You Human?" and tell you to type "yes" in a text box, or check a check-box.

That's really good. Please don't have them do math - that gets annoying.

The real pigs are the ones who make the lock and key essential.

I like the ideas presented here. The hidden form element sounds real cool.

Randomizing the field names sounds even cooler. It would be a bit of an annoyance to some visitors however. Visitors like things in some sort of rational order.

Doing math isn't that hard. Provided it isn't something too insane. Adding or multiplying single digit numbers is cool. Resolving the square root of Pi is not.

i cant believe the simplicity if the hidden field in the form, but honestly speaking if we start using it than bots will look out for it as well.
we use captcha, had loads of problems by the end we are using just numbers and it seems to work fine.
for payments we dont use verfication, for that there is the credit card verification.
almost a year ago i tried math question on one of my sites users didnt like it. (thought i was the only smart one...)

imho until there is something better what choice do we have.

out of curiosity what solutions is there for HUMAN bots?
i am lucky that almost all human bots register on my site with the least used country!