The 10 point case against CAPTCHA use

Did you know that approximately 80 to 90% of email received every day day in and day out by our mail server is spam – unsolicited, bulk email?

Spam-bots are automated systems that surf the Internet looking for ways to post spam messages to forums, blogs, wikis, guest books or any of a wide variety of web forms. Worse still, spammers are now paying people to post their spam.

We all know spammers change their methods frequently. But there are also some broader trends that slowly emerge over long periods. The economics of spam has changed considerably since Akismet first started back in 2005, and that has led to some new trends and changes in spam patterns recently. Here’s a quick summary of some of the most important changes in web spam we’ve seen over the last year. —  State of Web Spam blog.akismet.com/

John Suler, Ph.D, Department of Psychology, Science and Technology Center, Rider University: A strong relationship exists between one’s presence on the web and the amount of spam received. The more places in cyberspace that your e-mail address is listed, the more likely the spammers will find it and add it to their mailing lists. Paradoxically, then, the more available your address, the less likely people will be able to clearly contact you through the noise created by the spam you receive. Currently, I receive up to 100 spam emails a day.
—  The Psychology of Coping with Spam

CAPTCHAS

captchaCAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart and is a challenge-response test that was developed to fight ‘spam-bots’.   Captchas are security tools for preventing spam postings and log-ins. You have experienced them  as  images of  random letters and numbers that some  sites require you to decipher in order to submit a comment or log in to a resource.  The most common type of Captcha requires that the user type letters or digits from a distorted image that appears on the screen.

Web Accessibility

Software can be designed so both the able and disabled users can use any  site with ease. Web accessibility means that people with disabilities can use the Web. Web accessibility also benefits older people, with changing abilities due to aging.

Millions of people have disabilities that affect their use of the Web. Currently most Web sites and Web software have accessibility barriers that make it difficult or impossible for many people with disabilities to use the Web. As more accessible Web sites and software become available, people with disabilities are able to use and contribute to the Web more effectively.

This is the case against using Captcha.
1.   Captchas are an annoying inconvenience to legitimate commenters who do not like being delayed by having to type in Captchas codes or having to type in numerical solutions to arithmetic questions. (Arithmetic questions are a barrier to people who have learning difficulties or cognitive disabilities.)

2.  Captchas render content inaccessible to blind users or anyone who uses a screen reader system.  If you’re a US company, this is potentially an AMERICANS WITH DISABILITIES ACT (ADA) violation.

3.   Many Captcha codes cannot be read by people who are visually challenged and those with dyslexia also have trouble reading them.

4.   The use of Captchas is NOT a barrier to unethical humans, who are paid to spam. To get around Captchas and math comments, spammers are now paying people to make comments for them ie. to post their spam.

5.   A surprising amount of  Captcha software is buggy. Many Captchas do not work as expected and the bloggers who have buggy Captchas on their sites are not aware of it.

6.   Captcha will NOT keep the trackback spam out.

7.  Captchas are hackable.

8.   No anti-spam solution can ever be 100% effective or foolproof. Captchas do provide a primary level of defense against spambots,  but some of the more sophisticated bots are now able to read the more simple Captchas, and they are getting better all the time.

9.   According to a study by SEOmoz, if your site is monetized then  Captchas could be costing you conversions.

10.   Captchas are not the best solution to prevent spam.  Akismet and Defensio are superior choices.

Discussion
IMO CAPTCHAs are a barrier to commenting and Akismet and Defensio are better anti-spam choices. What’s your opinion?
Do you use CAPTCHA on your blog?
What’s your CAPTCHA user experience?

Related posts found in this blog:
Encouraging blog readers to comment
Can I turn off Aksimet, or view the spam it blocks?
How to deal with spam effectively

Read also: Should Bloggers Profit Off Of Spammers Via CAPTCHA Ads?

 

76 thoughts on “The 10 point case against CAPTCHA use

  1. I’m another person who hates CAPTCHA. Also being a online gamer for almost 20 years, I know there is nothing going to filter out people who are paid to spam. It happens in games all the time, they are called gold farmers. They are sitting over in China or India getting paid pennies an hour to troll the internet.

  2. A very good post. I am blind and use Jaws (screen reading software which converts text into speech and braille allowing me to read my computer’s screen). Jaws is unable to read captchas so if there is no audio alternative to the visual captcha I am unable to submit a comment/contact a webmaster etc. Although audio works for me it is totally ineffective for people who are blind and profoundly deaf.

    I think the use of inaccessible captcha runs counter to the provisions of the Equalities Act here in the UK. The Act specifies that providers of goods and services must make “reasonable adjustments” so as to ensure that their products and services can be accessed by people with disabilities. Clearly a captcha which can not be interpreted by a disabled person is in breech of the Act.
    Kevin

  3. I wish captcha was banished from the net altogether, at least, the sort that requires you to see an image or hear a sound. Not even the audio captchas are good enough, the deaf-blind are still slapped in the face by a big “You’re not human because you can’t solve a captcha! Get out of here!” on sites that use these awful things. Audio captchas often don’t even work. No Google/Blogger audio captcha will play on my computer but other sounds do. Sites that let people host their content for free, I.E. Boardhost and Groupsite should at least give each forum/network’s administrator the option not to use captchas at all. I wish I could switch that nuisance off on my sites hosted by these places. Even Yahoo Groups sticks you with captchas everywhere.

  4. @Evan “This is funny though, because as I was commenting on blogs the other day I got really mad at a captcha, so I turned them off on my blog.”

    I did exactly the same thing a couple months ago myself. I thought if i was having this much problems, after three genuine tries, so where my visitors so I turned it off too. I moderate everything anyway so between the akismet and wp-spamfree plug-ins not many spams get by so far, although some of those human spammers do, and always will.

  5. Great topic, I do remember reading somewhere that some captcha services have additional purposes like reading old faded books that are scanned in. There’s two words, one is the legitimate captcha and the other tries to find common answers.

    This is funny though, because as I was commenting on blogs the other day I got really mad at a captcha, so I turned them off on my blog.

  6. Hi TT.
    Couldn’t agree more, very timely post. We run a small restaurant and accept bookings made using a Contact form. Well you know what happened, a booking with no contact number and so I responded to the email address thereby confirming my email address – you’d think I’d know better at my age !!!

    So I decided to add a CAPTCHA code to the contact form. But it just didn’t look or feel right. Read your article and promptly dumped it and also from the 2 blogs I run. I get grumpy when I get a CAPTCHA code wrong because it is barey readable, I tend not to return to the site, unless it is a very good blog about wine, then I forgive the irritation.

    Solution to the restaurant bookings problem, a large note in red that if you are making a booking I will only accept it if you include a contact tel. number. Then I can phone and confirm. The other option is to refuse to take online bookings, which I might resort to if the polite request doesn’t work.

    It is important to us because we are a small and intimate owner run restaurant (max 16 seats) and a table of 4 that is a ‘no-show’ has a material impact.

    Keep writing, I’ll keep reading.

      1. Tks TT. Re Akismet, it is excellent and I have not found a comment that it has flagged as anything but SPAM. If in doubt I open the associated website and it is always flaky, either rubbish or an attempt to sell something. The style of comment is a give-away, very general., nothing specific.
        I dump whatever Akismet flags, and in this case I don’t mind if the baby is thrown out with the bathwater.

Comments are closed.