Please consider some of the other options (Bad Behavior 2 and Akismet work well together) before using a CAPTCHA. Visually impaired people will not be able to comment, nor will people with images turned off. And all of your commenters will be inconvenienced.
Captcha’s don’t work. This is more or less conclusively proven. Don’t bother with them, use other methods that actually do work instead. Akismet, Bad Behavior, Spam Karma, etc…
Yeah, generally captchas are annoying, and they’re not bullet-proof.
In addition to the accessibility issue, it’s always best to make it as easy as possible for your users to leave a comment, if a comment form is complicated, I usually don’t bother, unless I really want to say something π
google uses a captcha
Yes, they do. Your point?
Sorry, but no, they don’t.
Captchas render content inaccessible to blind users or anybody that uses a screen reader system. If you’re a US company, this is potentially an ADA violation and could get you sued.
Most captchas are easily defeated by clever software. I forget the link, but some university students wrote a program that reads captchas and gets it correct something like 80% of the time. If they had their program try a second time (with different generated captchas from the same programs), that increased to 95%. It was on slashdot a year or two ago. Interesting stuff.
A surprising amount of captcha software is buggy anyway. Either encoding the captcha text in a cookie or in some other easily machine decodable form, or using a hash, which makes the process of machine reading a hell of a lot easier.
Since captchas are reasonably difficult to code, the majority of them use pre-made packages, so all the software has to do is to determine what package you use and use the correct algorithim to defeat that package.
One attack used other people to defeat captchas. Essentially, he made human beings type in the text from a captcha to access something, like porn. Only the captcha image was relayed from somebody else’s site and the text then would let the software get through that captcha. An interesting attack, I thought. All a spammer would have to do is to send any captchas to some high traffic he ran, like a free porn site.
And so on. The point is that captchas don’t work in the long run. Nor will they ever, because as processor power increases so does the ability for machines to read and defeat them.
Whereas filtering solutions *do* work, and work quite well.
A captcha will not keep the trackback spam out; You need Akismet and Bad Behavior for that. Once you have those installed, you won’t need a captcha.
Maerk wrote:
“if a comment form is complicated, I usually don’t bother, unless I really want to say something :)”
And this is bad how? Sounds to me like a little inconvenience might go a long way toward self-moderating a web site, keeping the flow of replies limited to people who really want to say something useful. π
CAPTCHAs CAN work, but there are much, much better solutions. I mean hell, like 3/4 of them are easily crackable and the rest are just a pain in the ass to read.
The best two solutions are linked to in the big fat stickied thread at the top of the forum that you should have read before making a new thread. :/
http://wordpress.org/support/topic/72930
And this is bad how?
Because a lot of people who have useful things to say will simply leave without saying those useful things. Me, for one. I don’t do captchas either, regardless of how relevant my comments might (or might not) be to the topic at hand.
Assuming that people who have time to waste on your captcha are the only ones who have something relevant to say is a poor assumption at best.
Okay, regardless of whether they work or not, I can’t believe some of you are saying you can’t be bothered to type in 4-6 more characters… Is it that big of an inconvenience/time waster? Even typing around 40 wpm, means it’ll take you 1.5 seconds roughly to type it out…
CaptainSKA: That assumes that I can read your captcha, which half the time I can’t. Some of them have gotten so illegible that it’s difficult for normally sighted people to get them, and frankly they’re so frustrating that I won’t even bother making the attempt.
In other words, if I look at your comment box and see a captcha, I leave your site. Right then. It’s a deal breaker. I won’t leave a comment because I’m not interested in trying to figure out your primitive and arcane technology. I don’t care enough about making a comment on your blog to deal with it. Simple. It doesn’t even matter that I can read your captcha, the fact that you have one at all simply makes it not worth my time to bother with it.
I’m right with Otto42 on this one, couldn’t have said it better.
