Captchas: The Anti-User Experience? Gripes and Alternatives

A story on hatred for your users and fans

The other day I decided that I needed to invest (for free) in a good note-taking program for my Blackberry. After surfing the internet and reading reviews for the pathetic amount of choices available I settled on Evernote. After installing the program I was prompted to register. This makes sense since Evernote backs up your notes to a web server and makes them available anywhere, however there was one big flaw.

There was a captcha. And not just any captcha, but a captcha that didn’t seem to work. The doctors tell me I have pretty good eyesight, and this wasn’t a difficult looking jumble of characters but I still wasn’t allowed to register after 4 tries. So I didn’t. The glaring ridiculousness of this was staring at me and laughing. Here I was, on my Blackberry, not being allowed to use a program because I’m apparently not a human. (I am, by the way.)

There are two possible trains of thought that led to the inclusion of a captcha in this instance:

  1. Evernote thought that it was plausible for a bot to buy and register a Blackberry with internet service, navigate to the Evernote website, download it, and try to register it in an attempt to spam itself with private notes.
  2. Evernote was too lazy to make a separate sign-up for people coming from the mobile version of Evernote.

So which is it, friends? Regardless of the logic it was unnecessary. This is an extreme example, of course, as I usually see captchas on blogs and upload-friendly websites, but my sentiment is the same: There’s no need to annoy people with captchas with so many alternatives out there for spam prevention now. And that’s my gripe.

Here are some of those alternatives

  1. A simple question

    My favourite! I know, it’s 2010, and asking a simple question sounds silly when you could have an image and a script that knows what the image says! But it’s much more user friendly. I’m sure you’ve seen it before, “5 + 2 =” and you fill in 7. Perfect!

  2. A plugin

    Askimet is very good at catching spam on my blogs. There are other plugins that are apparently even better. Use them. This is only for blogging or CMS software but most places I see captchas are built on those platforms anyway.

  3. Manual spam-checking

    I know. You’re too busy. You get a whole 1,000 hits per month on your blog and a few of them are spam and you can’t be bothered. Come on. If you have a low to moderately trafficked website it’s not too much trouble to ask you to go through your to-be-moderated comments and check them out every few days.

Or do you hate me?

Because I’ll tell you, for every 3 captchas I come across I’ll fail one of them. And leave.

For discussion

Do you agree? (You should.) Am I being a whiner? (I’m not.) Do you have any other alternatives that you’ve seen work?

{ 21 comments… read them below or add one }

Brent Logan March 15, 2010 at 9:12 pm

I'm with you: I hate captcha. So much, that I blogged about it twice:

Captcha Madness
Please, Don't Use Captcha

My favorite captcha (if there could be such a thing) is ASIRRA, Microsoft's version that shows pictures of dogs and cats. Clicking on the pictures of all the cats proves that you're human.

Reply

matthewlyle March 15, 2010 at 10:10 pm

See! Exactly. Proves you're human without annoying the hell out of you. I don't know if you can customize it at all because I just took a quick glance, but if you can change the amount of pictures to 3 or 4 instead of 12 and make them a tad bigger that would be a perfect alternative.

Reply

Lucian March 16, 2010 at 1:07 pm

I like when i see short questions instead of captcha, but i don't use them. I don't have captcha at all, i'm using akismet to prevent spam and if something bad happens on non-wordpress websites i have mysql good skills so i can delete spam stuff.

Reply

Konstantin March 16, 2010 at 11:53 pm

I fight spam in quite radical way in my blog. I manually changed the field names from emal to e4524tr in the theme and in the processing script. That takes a few mins but this is a perfect way to fight spambots. I don't get any spam now :)
Image capthca when you select pictures is really better than typing the words from images :)

Reply

Matt March 17, 2010 at 11:29 am

I eliminated all spam through various forms via this technique.

1. Create a bunch of form fields with common names (like name, email, phone, etc).
2. Hide those fields with CSS
3. Create your regular form fields, but give them more unique names (like contact_eaddress)
3. Create a hidden subject field as well as another subject field with the Subject title reversed (will compare the two in post-processing).
4. Remove the target from the form itself (will only get placed once JavaScript validation happens.
5. Remove any email addresses from the form itself (I use a contact list linked to a database with a reference number and dropdown list).
6. Validate all fields for proper content, including properly formatted email address before being allowed to submit.
7. If all validation passes, have JavaScript set the proper target address, and submit.

POST-PROCESSING
1. Take a look to see if the Subject reversed matches the reversed subject line. If not, kill the mail.
2. Take a look at all the hidden fields. If any of them have data, kill the mail.
3. Check to see if any of the fields contain standard spam elements like cc:. If so, kill the mail.
4. Check to see if the email address is properly formatted.
5. If all checks pass, send the email.

I did this to a lot of my webforms for my clients. Haven't seen one spam message in the past year.

Reply

matthewlyle March 17, 2010 at 4:40 pm

Interesting technique there. And the user knows nothing of it. A little bit of effort can go a long way.

Reply

M. vd Lee March 24, 2010 at 9:54 am

“Microsoft thought” … “Microsoft was too lazy”

Is Microsoft responsible for the sign-up pages of Evernote?

Reply

matthewlyle March 24, 2010 at 10:01 am

No that was definitely my bad. I always thought they were behind Evernote for some reason. Probably something to do with OneNote, haha. Article has been updated.

Reply

Marco Canepa March 26, 2010 at 9:31 am

Hah! Nice trying to convince us you're human, filthy bot!

Reply

Michael Guill March 26, 2010 at 11:21 am

This is a good idea, but you run the risk of annoying the hell out of someone who is trying to use the form with a screen reader or even just keyboard navigation.

I have adopted a simple version of this approach, where there is one extra field in the form, and the label lets specifies to leave it blank (and why). Then I hide that field with CSS and check server-side to make sure that field contains nothing upon submit.

Reply

Lee Peterson March 26, 2010 at 5:48 pm

Maybe I'm missing something because my solution is so simple, and yet I never see it done elsewhere.

I just put a tick box that's required and place the question “Ready to send? Tick the box: [box] and click send. [send]“

I've yet to have one single spam submission using this method. It almost feels like I'm doing something wrong because it's so simple and I don't see it mentioned.

Anyone else use this method? Any thoughts on it?

Reply

matthewlyle March 26, 2010 at 7:46 pm

It's a great method. Very similar to the easy question I was referring to in the article.

Reply

Daniel Serrano April 24, 2010 at 12:01 pm

I've experienced similar frustration with captchas (see: ticketmaster.com) and believe that you should never put anything in the way of a user completing his/her task. I'm also for simplicity, the image with a 5+2 seems a very good solution…

Reply

Sunny Singh April 25, 2010 at 10:56 am

I've read about this technique somewhere and wondered why no-one considered using it instead of the obviously unpopular captchas (unpopular among users).

Reply

Chad Allen April 25, 2010 at 11:22 am

Great post and I agree, Captchas need to be replaced by a more elegant non obtrusive solution. I put a couple of hidden fields in each form I create then when processing, if those fields are filled out it stops before the mail step

Reply

stefanie April 26, 2010 at 4:12 am

I don't know where I saw this , but I think this is a nice option too: an image (e.g a photo of a dog or an apple) the user has to identify to proceed.
Its not that frustrating like the the typical “cluttery-character-image”- captcha. And not that ugly ;) .

Reply

Sarah May 5, 2010 at 12:06 pm

Here's a CAPTCHA alternative that asks the user to click on a few specific pictures, such as dogs, flowers and cars: http://www.confidenttechnologies.com/products/c...

It's easy on people, but tough on bots because the pictures in the grid change with every session. You can customize the number of images presented on the grid and also the number of images that you require your users to click on.

To see the various customization options, go here: http://demo.confidenttechnologies.com/captcha/ and click on the word “configurable” in the text.

I'd be interested to hear your thoughts on this alternative.

Reply

Izkata December 19, 2010 at 8:24 pm

There’s an alternative version out there that someone has been using for his blog. Don’t remember who it was, though:

In the form, have an extra text input field with its CSS set to “display: hidden;” – if, upon submitting, there is any text in this field, it is spam.

He’s had one or two spam messages in years, since spambots try to fill in everything.

Reply

Kit January 20, 2011 at 11:57 am

I. Hate. CAPTCHA.

There are a few instances where it could be useful, but now it’s everywhere.

Augh.

Reply

David Millar February 17, 2011 at 10:54 pm

I have a puzzle blog and I use a small 2×2 sudoku as my captcha. With 3 givens. The (obvious) answer is 2, but the image reads 1 2 and 1, and the text field is named ‘phone’. Tricky on all fronts for the bot and easy on all fronts for the user.

Reply

Julia September 13, 2013 at 5:21 pm

Keypic is a secure and efficient solution. And it’s free. Spam is blocked without CAPTCHA, users just do not do anything! Keypic system automatically detects and blocks robots. Come on try it, give us your feedback as we want this anti-spam service to be perfect for you.

Reply

Leave a Comment

Previous post: 5 Places to Submit Your Design Links That Actually Give You Traffic

Next post: 37 Signals’ Rework (Book Review)