Slashdot Mirror

← Back to Stories (view on slashdot.org)

Campaign To Kill CAPTCHA Kicks Off

Posted by samzenpus on from the can-you-read-this? dept.

Bismillah writes "CAPTCHA may be popular with webmasters and others running different sites, but it's a source of annoyance to blind and partially sighted people — and dyslexic people and older ones — who often end up being locked out of important websites as they can't read wonky, obfuscated letters any more than spambots can. A campaign in Australia has started to rid sites of CAPTCHA to improve accessibility for everyone."

4 of 558 comments (clear)

  1. I've never used CAPTCHA'S by corychristison · · Score: 5, Informative

    I've been developing websites over 10 years and have never needed a captcha system.

    This is how I always go about it:

    1) Include a form input element labelled as something common, like a telephone number but on a registration form that would never actually require a telephone number. Hide the parent div using CSS in an external CSS file. When the form is submit, check to see if the element is filled out. If it is, simply display a message that you think their registration may be automated and to try again. If it continues, please contact us by other means (phone, email, etc) and we will help them through it.

    2) Time the registration from the time the page is loaded to the time it is submit, if its less than 10 seconds, do the same as above, simply display a message saying you think their registration is automated and to try again, etc.

    When used in conjunction I feel I've cut out 99.9999% of spam or false registrations. The timing method has to be done server side and stored in a session, and is fairly involved so not easy to do properly if you are new to web development. There is also the issue of someone hitting the back button to try again after a failed submission (if you don't use client-side validation), and them submitting from a cached page, but can be worked around if you know what you are doing.

    Obviously its not bullet proof, and if the CSS file doesn't load then someone would see the extra form element. But its a small price to pay for effective protection.

    Anyone else have other methods they use?

    1. Re:I've never used CAPTCHA'S by Quirkz · · Score: 4, Informative

      I've done some custom questions. Something simple, like "what is this forum about?" or "what's the name of the game this forum is for?" Something a person would immediately know, but a bot wouldn't.

      --
      The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
    2. Re:I've never used CAPTCHA'S by Dynedain · · Score: 4, Informative

      If you are a high-profile site, the spammers will build rules to handle your specific form edge case.

      --
      I'm out of my mind right now, but feel free to leave a message.....
  2. Re:stupid by plover · · Score: 4, Informative

    Minteye was very thoroughly broken.

    http://translate.google.com/translate?sl=ru&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http%3A%2F%2Fhabrahabr.ru%2Fpost%2F167359%2F&act=url

    Essentially, the guy realized that jpeg pictures with distortions should have a completely different size than the undistorted picture. But all pictures delivered by minteye were of identical length. He figured they were padding the files with zeros, and he was right. By counting the number of zeros at the end of the file, the local maxima/minima was the correct file. He wrote a few lines of javascript, and it was broke.

    --
    John