CAPTCHA
Here is a CAPTCHA I got yesterday:
I really hate CAPTCHAs. For the most part I can’t read them. They’re a frustrating extra step when you’re trying to get something done, and a terrible stumbling block to any user-oriented process when the CAPTCHA is difficult to read (like the one above).
And yes, I am currently using a CAPTCHA. I’ll get to that.
There are a lot of other alternatives—Akismet and Bad Behavior are two examples which don’t generally ask people to prove they’re human or solve an unrelated puzzle in order to get things done. There are a number of other technical strategies which I’ve seen work, mostly. These usually involve changing how your forms are written and submitted. More work for the developer or site owner, but less for the people using the site.
The difficulty with any technical anti-spam solution, though, is that spam is not a technical problem. It is a management problem. And the real key to CAPTCHA’s perceived success is what happens to most of the false positives.
Almost any spam tool that is good enough to be useful is also going to produce some false positives. When Akismet sees something suspicious, generally it’s dropped into a moderation box that a human has to go through and sort out. Dealing with false positives is the responsibility of the site operator.
CAPTCHAs, on the other hand, put almost all of the false-positives on the user side of things. The site owner doesn’t see or have to deal with the failure, but the users do. The false positives are still there—they may even be much greater—but they happen and are handled out of the sight of the site manager. Did you just say “good?” Well, CAPTCHA may be your solution then.
But me? I’d like to know when users of my products are having trouble getting things done.
“But, like, you’re using one now.”
I turned on CAPTCHA a week ago and have since received no spam comments. I’ve received no comments of any kind, at all, since I turned it on. Is that because CAPTCHA is working? Have I lost any comments because CAPTCHA is on?
I don’t know, and that’s the point.
I shifted my responsibility to my users, and now I have no control or knowledge about what’s going on.
At the time I turned CAPTCHA on, I didn’t really care. Posting has slowed here considerably. Discussion frequently happens on the comment thread in Facebook instead of here. And I was sick of deleting the three or four comments a day that got through Akismet and were posted publicly on my site thanks to Expression Engine’s weak comment moderation structure. I didn’t have time for the site, so I turned it on. And it will probably stay on until someone complains at me on Twitter that it’s not working or until I have the energy to redesign the site.
Yes, I believe anyone who uses CAPTCHA is evading their responsibilities to their users. And that includes me. I’m using it, but I’m not happy about it. I certainly don’t think it’s the best solution or the most appropriate solution. But, well, I have limited resources. And I can understand why Suzy Social-Media or Bobby Blogsalot would resort to such methods.
But, you know, replace that as soon as you can. They’re not really more effective. They’re just more silent about their failures.
Just a test to see if this gets thru to u.
Don’t you mean ‘false negative’? That is, if a legitimate person can’t use the CAPTCHA, then his failure to use the CAPTCHA is lumped in with all the automated spam bots. All those attempts, I would think, would be categorized as ‘negative’. Except, for the legitimate person, its a FALSE negative. A false positive would be a spam comment actually making it to your blog.
As for me, I’ve always seen myself as a false positive regardless of whether I have something legitimate to say… and thus, why I successfully passed your CAPTCHA! (btw, your CAPTCHA is quite easy. There are some automated CAPTCHA solvers out there that could probably solve yours)
With the phrase, “I’ve received no comments of any kind”… you were fishing for comments, weren’t you!
None the less, I don’t mind CAPTCHAs as a user. Then there is the whole re-CAPTCHA movement where they are using CAPTCHAs to automate the OCR translation of old text most with bad typefaces.
There are statistical and/or Bayesian mechanisms for doing this kind of thing as well. GMail’s spam filter has some variant of that… and it works very well. But it does take a higher level of understanding in how it works to configure it appropriately.
If I was fishing for comments, you were hooked!
When drug tests entrap the innocent and disease tests indicate a problem where there is none, those are called “false positives.” That is because they are trying to identify the presence of drugs or disease. We call the results “positive” and “negative” as the result of the Boolean.
Similarly, If you think of comment algorithm as trying to identify spam, good comments marked as spam are “false positives” (comment == spam). A spam comment making it to my blog is a “false negative.” (comment != spam).
On the other hand, if your algorithm is a “good comment detector.” it would make more sense to flip the terms around.
As for the difficulty of solving this particular CAPTCHA, yes; there are easy ways to defeat this one. But it’s had a noticeable impact on my crap-comment count nonetheless.
I am not a CAPTCHA, I am a free man!
I freaking hate CAPTCHAs. I was trying to log into my student email account via Google, and I typed the right password, but I had to do it over and over, repeatedly, just because I couldn’t understand the codes. I constantly had to strain my eyes, trying to see them more clearly. The frustrating thing about these irritating codes is that the letters are either squeezed too close together, or too out of proportion. Don’t you just hate that, or what? Geesh.