Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why the CAPTCHA Approach Is Doomed

Posted by timothy on from the how-do-you-feel-about-are-you-a-human dept.

TechnoBabble Pro writes "The CAPTCHA idea sounds simple: prevent bots from massively abusing a website (e.g. to get many email or social network accounts, and send spam), by giving users a test which is easy for humans, but impossible for computers. Is there really such a thing as a well-balanced CAPTCHA, easy on human eyes, but tough on bots? TechnoBabble Pro has a piece on 3 CAPTCHA gotchas which show why any puzzle which isn't a nuisance to legitimate users, won't be much hindrance to abusers, either. It looks like we need a different approach to stop the bots."

5 of 522 comments (clear)

  1. Re:My solution is simple & elegant: by Dynedain · · Score: 4, Informative

    The author was arguing that one of the primary reasons to do captcha breaking is to get freebee email accounts on GMail/Yahoo to send spam from.

    Limit the email the account can send, and you reduce the desire for the account. Reduce the usefullness of the account, and you reduce the desire to crack the captcha on new account signups, or at least the profitability in doing so.

    It's one approach that would make a difference, but it's clearly not the only solution.

    --
    I'm out of my mind right now, but feel free to leave a message.....
  2. Re:So what next? by uhoreg · · Score: 5, Informative

    This is known as hashcash. One big reason that it doesn't work on the web is that, currently, users will be stuck with some slow JavaScript version of the algorithm, while a sufficiently determined spammer can use a fast C version, and end up with much less work required to post. So it's nearly impossible to set a cost that is cheap enough for valid visitors, that will be a sufficient deterrent against spammers.

    --

    To get something done, a committee should consist of no more than three persons, two of them absent.

  3. Not really by willy_me · · Score: 4, Informative

    SPAM is sent from compromised computers. If you make people pay for posts then the owners of compromised computers will be billed - not the real senders of SPAM. Billing would help minimize the problem, but we would still receive a pile of SPAM. And a pile of people who only use their computer once a week would have to foot the bill.

  4. Re:That wooshing sound.... by kwerle · · Score: 4, Informative

    Yup. I used PHPBB2 and changed the CAPTCHA code.

    "Type the following text in the CAPTCHA box . Ignore the image below."

    All spamming stopped. Regular users were fine.

  5. Re:Stuck in the old ways by Eternauta3k · · Score: 4, Informative

    If your site gained any popularity, they would make bots specifically to register in your website.

    --
    Yeah. Would you choose a neurosurgeon who pokes around people's brains in his spare time? I wouldn't.