Why the CAPTCHA Approach Is Doomed

Posted by timothy on Wednesday April 8, 2009 @07:33AM from the how-do-you-feel-about-are-you-a-human dept.

TechnoBabble Pro writes "The CAPTCHA idea sounds simple: prevent bots from massively abusing a website (e.g. to get many email or social network accounts, and send spam), by giving users a test which is easy for humans, but impossible for computers. Is there really such a thing as a well-balanced CAPTCHA, easy on human eyes, but tough on bots? TechnoBabble Pro has a piece on 3 CAPTCHA gotchas which show why any puzzle which isn't a nuisance to legitimate users, won't be much hindrance to abusers, either. It looks like we need a different approach to stop the bots."

1 of 522 comments (clear)

Min score:

Reason:

Sort:

Re:So what next? by uhoreg · 2009-04-08 09:00 · Score: 5, Informative

This is known as hashcash. One big reason that it doesn't work on the web is that, currently, users will be stuck with some slow JavaScript version of the algorithm, while a sufficiently determined spammer can use a fast C version, and end up with much less work required to post. So it's nearly impossible to set a cost that is cheap enough for valid visitors, that will be a sufficient deterrent against spammers.

--
To get something done, a committee should consist of no more than three persons, two of them absent.