Close
Close

The Argument Against CAPTCHAs

CaptchaMark Styles has posted over at Weblog Tools a post on CAPTCHAs (wikipedia’s page on them here) which makes some good points about why they might not be the best solution for stopping comment spam on a blog. Here’s a few of his main points:

  • Any extra work required to comment is likely to deter some people from commenting at all.
  • Sometimes the images are so distorted they’re almost impossible to read, even with perfect eyesight.
  • CAPTCHAs are hackable. Spammers are smart, they can get past many of our barriers.
  • Visually impaired users are completely excluded (although there are audio CAPTCHAs available now).
  • Dyslexics have a hard time too.
  • There are better and less intrusive solutions.
About Darren Rowse

Darren Rowse is the founder and editor of ProBlogger Blog Tips and Digital Photography School. Learn more about him here and connect with him on Twitter, Facebook, Google+ and LinkedIn.

Problogger.net runs on the Genesis Framework

Genesis Framework

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple - start using Genesis now!

Comments

  1. Michelle says:

    So what are those better and less intrusive solutions? I’m relatively new to blogging and found it to be the best idea I could see.

    Also, while combing your post and comments on blog gestations I found a pretty good list of blog-help spots. The Squidoo link listed on his list was helpful as well. You carry a lot of those kinds of lists and you might have seen something similar before, but I thought it was good.

    http://www.steve-olson.com/how-this-blog-attracted-100000-visitors-in-the-first-30-days/

  2. Trent says:

    I don’t see how captchas could ever be as unintrusive and as effective as something like AKismet. By putting up a captcha, you’re basically demanding more of your userbase, something that will provide another obstacle to participation.

  3. I hate captchas. They won’t stop me from commenting if I have something I really want to say, but I find them aggravating and might be less likely to comment regularly somewhere due to them. I especially hate the google ones on blogger because half of the time they expire before you finish writing your comment and you need to figure out what two of them say.

    Akismet + worst offenders combined with requiring an approved comment works fine for me, since I do not get a ton of legitimate comments as is.

  4. MJR/slef says:

    W3C published http://www.w3.org/TR/turingtest/ some time ago. All good bloggers read W3C, don’t they?

    I hate comment eyetests. I wrote http://mjr.towers.org.uk/blog/2006/blogmoves#commentimg some time ago (so please excuse the poor style).

  5. I can’t count the number of times I have decided NOT to comment because of a captcha. Half the time I can’t figure out what they say; I end up trying a time or two and then give up.

    Thanks for the post!

  6. I, too, dislike them, but they are a necessary precaution against those 1:00 to 6:00 am sites who just love to sell anything with the word Caribbean in them.
    When I started out blogging, I didn’t include captchas, but I quickly learned my lesson after I had to clean up after them. For a blogger who guards his/her time (that’s all of us), captchas are all that we’ve got against the interlopers.

    Peace,
    Geoffrey

  7. Definitely hate those things, I think the biggest problems mentioned above is their readability and the complete exclusion of some users. I’m definitely in the camp of thinking that it actually deters good comments.

    I get thousands of spam comments a day, but Askimet catches pretty much all of them for me. What it misses, my blacklist catches.

  8. brem says:

    I totally agree. Plus, why so many letters? just a custom checkbox or button would be enough.

  9. Farrell says:

    I have a WordPress blog that started picking up lots and lots of spam comments.

    I had Askimet successfully stopping that spam for awhile, but a few months ago it began to get overrun. It was catching hundreds of spam comments a week, but some were getting through as well. Too many.

    I enabled a nice captcha plugin, and now the spam has stopped.

    While I don’t like captcha as a user, I think it’s a necessary evil today. Most people who would comment on a blog anyway are familiar with it and the reasons it needs to be there. If the captcha is unreadable, that’s just a bad captcha implementation.

  10. Katy says:

    I used to get a lot of Spam so I added a Captcha to my (self-developed) blog. It stopped the spam alright but my commenters had trouble too! Now I’ve swapped over to an Ajaxy interface which my commenters can use but (for the time being) the bots don’t seem to be able to access thanks to the javascript.

  11. William says:

    Plain and simple, I hate these things. Anymore if a blog uses one of these, I just leave. My time is valuable too. I do not mind if it is a one time thing for membership, but every time I have something to say in a comment field is too much.

  12. Chris says:

    I dislike captchas and often get them wrong when commenting on other sites — pretty annoying. But I use them on mine, and have no comment spam.

    My options are limited by the fact that I’m a Joomla user and my third-party comments component uses Captcha by default. But it works well — for now.

    I agree that we need better and more accessible solutions than Captcha. Accessibility is the chief concern. For now, though, I couldn’t do comments without it, even on my small site.

  13. I recently added a Captcha system to all the forms on my site. It uses a simple font with no distortion, so it’s easy for anyone to read. It’s been working beautifully. I wish I’d implemented it from the beginning. My wife liked it so much that I added it to her site too.

    I used to get dozens of automated spam messages through my contact form every day. After putting up a simple Captcha system, the bots were stopped dead. It saves me a lot of time and was well worth the effort to implement it.

    If anyone decides it’s not worth sending a message because they have to type 5 extra characters, so much the better — it only helps reduce noise.

  14. The difference for you, Steve, is that you do not have public comments on your website. Anybody that is submitting anything wants to get in touch directly with you and not with your audience.

  15. UltraRob says:

    I hate the way Blogger uses Captcha for posting to my blogs. I’ve already logged in to my account so why can’t they set a cookie so I don’t have to enter the characters. I think they may be doing something with IP because there are times I don’t have to enter the characters but most of the time my IP gets translated. Nearly half the time I don’t the characters typed right because they’re so distorted and run together.

  16. Terry says:

    I agree with Steve P. The Captchas are effective IF you can read them. I tried to buy some tickets on Ticketmaster the other day and the Captcha was so unreadable I gave up after 3 attempts. I ended up calling for tickets instead. It’s not very customer friendly to put such barriers in the way of ordering.

    If the Captcha isn’t plain and readable, it should be pulled because you’re losing customers.

  17. George says:

    The biggest problem is that in order to attempt to keep spammers from hacking captchas they get more and more distorted. For someone with vision problems like me, it’s a pain to figure out what the captcha says. I like systems that ask you ask a question like “what color is a green apple?” and you have to enter the word “green” to get past.

    I have gotten to the point where I have stopped visiting some blogs that use captcha’s, because it’s too hard to participate when I want to.

  18. Stephanie says:

    So far Akismet plus approving initial posts is working for me too. I only rarely have to delete a spam comment. I know spammers are always working to outsmart whatever is put in place, but so far things are going well for me without CAPTCHA on my blog.

  19. Vincent Chow says:

    Is those mathematical question as bad? I’m not using CAPTCHA, but commenters on my blog need to answer a simple mathematic question before they can submit their comments. I’m quite sure users won’t have difficulties answering it as it’s not even involving number larger than 10.

    What do you think about it? Should I remove it?

  20. I’d be more favorably disposed to captcha if so many of the messages were unreadable for humans as well as bots.

  21. john t unger says:

    I use CAPTCHAs on my blogs and it does bum me out… I’d rather that there was a less labor intensive way for readers to be distinguished from bots. Even with the CAPTCHAs, some spam gets through, but it’s much better than it was when I turned them off.

    Two points in favor:

    1. Since I have a comments feed, I feel very strongly that I need to do everything I can to save my readers from spam comments.

    2. Sometimes, that extra step before posting a comment gives a reader just an extra moment to think about whether they really want to go on record with their comment. Also, it provides a moment to think about whether you’ve said all you need to say. I never use the “preview” feature of comments, but I have edited comments I was leaving to either include or delete part of the comment when I noticed something in the preview that usually comes up along with a CAPTCHA.

    One point against:

    I hate having to fill out the CAPTCHA myself when I leave a comment in response on my own blogs! I try to respond to most comments, so I end up having to fill out a lot more CAPTCHAs than I would if I were just commenting elsewhere!

  22. Murdoc says:

    I’ve hesitated to use captchas for the exact reasons listed.

    And, as has been noted, the volume of comments (both legit and spam) should be considered when deciding whether or not captchas make sense for a particular site.

    A site that has fewer legit comments and a (relatively) low number of spams might not see captchas as so much of a hindrance as a site that gets (and wants) hundreds of legit comments a day.

    FWIW, I’ve received about four hundred spams this afternoon. Those are just the ones that got through the filtering software an actually made it onto my site. And my site isn’t all that big.

    400 will seem like a lot to many. But it is a tiny fraction of what some sites get.

  23. George says:

    Vincent,

    I like the math questions, better than captchas. Albeit, not being asked for anything at all is easiest for visitors. It’s an easy for visitors vs. easy for you question.

    Aren’t customers always supposed to come first?

    How important is ease of use?

    - George

  24. I hate captchas. They don’t keep me from commenting, but they are often hard to read, and if hackers get around them, maybe one should just use Askimet.

    It works great.

  25. MJR/slef says:

    I don’t accept the “necessary evil” nonsense. The best way to stop spam comments on your blog is NOT to have all comments appear without moderation. Use robo-moderation to let in the safe things that tick all the boxes (no links AND no badwords AND from previously-seen addresses and so on) and then hand-moderate the remainder. “Default permit” has been a bad security idea since forever.

    Reading the list above, I remember an eyetest blocking me from contacting Steve Pavlina to tell him that his site was broken (how many article views did he lose, I wonder?), and the all-too-common WordPress math test plugin requires some particular undocumented browser settings (but it works with IE’s usual low security settings). Finally, blogger’s audio-captcha alternative to eyetest-captchas were returning 404 Not Found yesterday, but to contact blogger support you had to fill out a form… including a captcha! Duh!

    The support for the “works for me”/”I’m alright Jack”/”blocking my spam is more important than accessibility” view by many blogs is disappointing. Open your comments up to all your readers, else they’ll go away when they notice you want to talk AT them instead of WITH them, just because they fail a math test or aren’t using your favourite browser setup.

  26. Dustin says:

    I would have to add to the list that they are annoying. Personally, I use Akismet, and it has never failed (ok I think there was one false negative). Plus it learns, so the more site which use it, the more the rest of us benefit. And the users never notice the different – unless they are spam that is.

  27. Dr. Vino says:

    My readers have called them sobriety tests!

  28. JJ says:

    Darren,

    I see that you are not using Captcha. What do you use to prevent spam? Which plugin do you use for “Notify me of future comments via e-mail”?

    I am using Captcha and with 5k unique visitors / month I get only 2-3 comments / month!