A story on hatred for your users and fans
The other day I decided that I needed to invest (for free) in a good note-taking program for my Blackberry. After surfing the internet and reading reviews for the pathetic amount of choices available I settled on Evernote. After installing the program I was prompted to register. This makes sense since Evernote backs up your notes to a web server and makes them available anywhere, however there was one big flaw.
There was a captcha. And not just any captcha, but a captcha that didn’t seem to work. The doctors tell me I have pretty good eyesight, and this wasn’t a difficult looking jumble of characters but I still wasn’t allowed to register after 4 tries. So I didn’t. The glaring ridiculousness of this was staring at me and laughing. Here I was, on my Blackberry, not being allowed to use a program because I’m apparently not a human. (I am, by the way.)
There are two possible trains of thought that led to the inclusion of a captcha in this instance:
- Evernote thought that it was plausible for a bot to buy and register a Blackberry with internet service, navigate to the Evernote website, download it, and try to register it in an attempt to spam itself with private notes.
- Evernote was too lazy to make a separate sign-up for people coming from the mobile version of Evernote.
So which is it, friends? Regardless of the logic it was unnecessary. This is an extreme example, of course, as I usually see captchas on blogs and upload-friendly websites, but my sentiment is the same: There’s no need to annoy people with captchas with so many alternatives out there for spam prevention now. And that’s my gripe.
Here are some of those alternatives
- A simple question
My favourite! I know, it’s 2010, and asking a simple question sounds silly when you could have an image and a script that knows what the image says! But it’s much more user friendly. I’m sure you’ve seen it before, “5 + 2 =” and you fill in 7. Perfect!
- A plugin
Askimet is very good at catching spam on my blogs. There are other plugins that are apparently even better. Use them. This is only for blogging or CMS software but most places I see captchas are built on those platforms anyway.
- Manual spam-checking
I know. You’re too busy. You get a whole 1,000 hits per month on your blog and a few of them are spam and you can’t be bothered. Come on. If you have a low to moderately trafficked website it’s not too much trouble to ask you to go through your to-be-moderated comments and check them out every few days.
Or do you hate me?
Because I’ll tell you, for every 3 captchas I come across I’ll fail one of them. And leave.
For discussion
Do you agree? (You should.) Am I being a whiner? (I’m not.) Do you have any other alternatives that you’ve seen work?
Follow me
Subscribe to RSS feed
Subscribe by e-mail
{ 20 comments… read them below or add one }
I'm with you: I hate captcha. So much, that I blogged about it twice:
Captcha Madness
Please, Don't Use Captcha
My favorite captcha (if there could be such a thing) is ASIRRA, Microsoft's version that shows pictures of dogs and cats. Clicking on the pictures of all the cats proves that you're human.
See! Exactly. Proves you're human without annoying the hell out of you. I don't know if you can customize it at all because I just took a quick glance, but if you can change the amount of pictures to 3 or 4 instead of 12 and make them a tad bigger that would be a perfect alternative.
I like when i see short questions instead of captcha, but i don't use them. I don't have captcha at all, i'm using akismet to prevent spam and if something bad happens on non-wordpress websites i have mysql good skills so i can delete spam stuff.
I fight spam in quite radical way in my blog. I manually changed the field names from emal to e4524tr in the theme and in the processing script. That takes a few mins but this is a perfect way to fight spambots. I don't get any spam now
Image capthca when you select pictures is really better than typing the words from images
I eliminated all spam through various forms via this technique.
1. Create a bunch of form fields with common names (like name, email, phone, etc).
2. Hide those fields with CSS
3. Create your regular form fields, but give them more unique names (like contact_eaddress)
3. Create a hidden subject field as well as another subject field with the Subject title reversed (will compare the two in post-processing).
4. Remove the target from the form itself (will only get placed once JavaScript validation happens.
5. Remove any email addresses from the form itself (I use a contact list linked to a database with a reference number and dropdown list).
6. Validate all fields for proper content, including properly formatted email address before being allowed to submit.
7. If all validation passes, have JavaScript set the proper target address, and submit.
POST-PROCESSING
1. Take a look to see if the Subject reversed matches the reversed subject line. If not, kill the mail.
2. Take a look at all the hidden fields. If any of them have data, kill the mail.
3. Check to see if any of the fields contain standard spam elements like cc:. If so, kill the mail.
4. Check to see if the email address is properly formatted.
5. If all checks pass, send the email.
I did this to a lot of my webforms for my clients. Haven't seen one spam message in the past year.
Interesting technique there. And the user knows nothing of it. A little bit of effort can go a long way.
“Microsoft thought” … “Microsoft was too lazy”
Is Microsoft responsible for the sign-up pages of Evernote?
No that was definitely my bad. I always thought they were behind Evernote for some reason. Probably something to do with OneNote, haha. Article has been updated.
Hah! Nice trying to convince us you're human, filthy bot!
This is a good idea, but you run the risk of annoying the hell out of someone who is trying to use the form with a screen reader or even just keyboard navigation.
I have adopted a simple version of this approach, where there is one extra field in the form, and the label lets specifies to leave it blank (and why). Then I hide that field with CSS and check server-side to make sure that field contains nothing upon submit.
Maybe I'm missing something because my solution is so simple, and yet I never see it done elsewhere.
I just put a tick box that's required and place the question “Ready to send? Tick the box: [box] and click send. [send]“
I've yet to have one single spam submission using this method. It almost feels like I'm doing something wrong because it's so simple and I don't see it mentioned.
Anyone else use this method? Any thoughts on it?
It's a great method. Very similar to the easy question I was referring to in the article.
I've experienced similar frustration with captchas (see: ticketmaster.com) and believe that you should never put anything in the way of a user completing his/her task. I'm also for simplicity, the image with a 5+2 seems a very good solution…
I've read about this technique somewhere and wondered why no-one considered using it instead of the obviously unpopular captchas (unpopular among users).
Great post and I agree, Captchas need to be replaced by a more elegant non obtrusive solution. I put a couple of hidden fields in each form I create then when processing, if those fields are filled out it stops before the mail step
I don't know where I saw this , but I think this is a nice option too: an image (e.g a photo of a dog or an apple) the user has to identify to proceed.
.
Its not that frustrating like the the typical “cluttery-character-image”- captcha. And not that ugly
Here's a CAPTCHA alternative that asks the user to click on a few specific pictures, such as dogs, flowers and cars: http://www.confidenttechnologies.com/products/c...
It's easy on people, but tough on bots because the pictures in the grid change with every session. You can customize the number of images presented on the grid and also the number of images that you require your users to click on.
To see the various customization options, go here: http://demo.confidenttechnologies.com/captcha/ and click on the word “configurable” in the text.
I'd be interested to hear your thoughts on this alternative.
There’s an alternative version out there that someone has been using for his blog. Don’t remember who it was, though:
In the form, have an extra text input field with its CSS set to “display: hidden;” – if, upon submitting, there is any text in this field, it is spam.
He’s had one or two spam messages in years, since spambots try to fill in everything.
I. Hate. CAPTCHA.
There are a few instances where it could be useful, but now it’s everywhere.
Augh.
I have a puzzle blog and I use a small 2×2 sudoku as my captcha. With 3 givens. The (obvious) answer is 2, but the image reads 1 2 and 1, and the text field is named ‘phone’. Tricky on all fronts for the bot and easy on all fronts for the user.