Sick of reCAPTCHA
I really love the concept of reCAPTCHA, and currently use it on this blog. But I grow weary of this kind of comment:
Also, the captch is super hard to read.. I had to reload 3 times before I got one I could actually make out.
Observation #1
First, people who say this simply do not understand how reCAPTCHA works. One of the words should be legible; the other may or may not be. That’s because one of the two words is taken from some scanned book, and the OCR software could not read it.
People who understand this know they do NOT have to keep hitting reload. Instead, just type your best guess into reCAPTCHA. I’ve left a lot of comments on my own blog, and can only remember a single incident where I had to reload the CAPTCHA. Every other time, even if I couldn’t really read one of the words with confidence, I just typed my best guess and made it right through.
Observation #2
Observation #1 does not matter. It is unrealistic to expect people to research how your CAPTCHA works before they “get it”. I have received a large number of complaints about reCAPTCHA, and it’s making my blog suck. My own blog content is bad enough, now I have to deal with extraneous technical complexity.
This brings me to a larger point about software usability. As technologists, we have deep technical understanding of how our own software works. It is far too easy to get defensive and perhaps even angry at “dumb users” who can’t figure things out. All too often, we are blind to the usability flaws in our own software.
In Summary
reCAPTCHA is a brilliant idea, but fatally flawed. It presents hopelessly garbled text to users who generally don’t really understand what reCAPTCHA is trying to accomplish. Even if I were to include some detailed educational material explaining the concept, most people would not read my explanation. And who could blame them? We’re all overloaded with technical noise.
At this point, reCAPTCHA damages the usability of my blog, as evidenced by numerous comments and complaints from visitors. Explaining how reCAPTCHA works is not my concern. Making my blog easy for people to use — and blocking spammers — are my only concerns.
Sooner or later, when I get around to it, I’ll have to find another solution. That makes me sad, because I’m a big fan of the research behind reCAPTCHA. I really do think it is a great concept, but “not annoying customers” is a bigger concern for most web site owners.
Funny…I was blogging about Twitter when someone commented, complaining about my CAPTCHA. So I wrote this post, then went to Twitter. Now I see that Twitter uses reCAPTCHA.
Have you seen Asirra (http://research.microsoft.com/asirra/)?
I’ve just tried http://research.microsoft.com/asirra/
Answer:
“You’re a bot!”
A really big annoyance I’ve run into is sites that require a CAPTCHA to complete a username/password account login. WTF??? The Sirius Satellite Radio website does that (for example), so I can’t just use 1Password to do my account login. Sirius doesn’t surprise me — I come away laughing at the idiocy every time I deal with them anyway.
OK, let me see if I can get your your reCAPTCHA correct, so this comment gets posted….
Oh, I didn’t know I only had to get one of the two correct. I suppose if you just put a quick (Only one of the two words have to be correct) above the captcha it would clear things up a lot.
Sorry for the double post but after submitting that I started wondering why the recaptcha box didn’t put that explanation in themselves. It’s actually obvious why. If people know that only one had to be right they’re pick the one they could read and wouldn’t bother with the other. The whole goal would be defeated. To get people to type in both they’d have to give a full explanation of why they want people typing in both which would be long and no one would read. Even if they did read it some people wouldn’t care about OCR and therefore would only type the readable word. So it’s in their interest to keep users in the dark.
Until I read this post, I didn’t realize how reCAPTCHA worked. And I’ve been around the blogging block once or twice. I don’t use captcha at all on my blog, just akismet and my spam is quite manageable. Why do you even need it?
I used Akismet before reCAPTCHA. Akismet required far too much effort on my part to constantly scan for valid messages incorrectly marked as spam.
Test post for determining if I’m able to correctly answer to this reCAPTCHA (I did’nt know it existed before reading this post). It doesn’t seem very easy though
BTW: Nice blog. I like reading it occasionally
I’m using Akismet and some Track Validation Plugin on my blog. Can’t remember when Akisment blocked something that wasn’t spam. Everything not marked by Akismet is moderated, unless the author posted before and got published. That worked quite fine so far.
Why the heck doesn’t reCAPTCHA at least mention that you have to get only one word right?
Hello. I’m working on the next official reCAPTCHA WordPress Plugin. You can see the things that have been implemented so far at the wiki page here [ http://code.google.com/p/recaptcha/wiki/TodoWordPress ]. Perhaps the benefits will outweigh the ‘flaws’. I don’t have any authority over the core CAPTCHA system, just the plugin and its features etc. So even if you told me to make the CAPTCHAs easier to read (Which for me at least, 95 percent of the time are), I wouldn’t be able to help you there. However what you could do is edit the plugin file or your comments.php file in your theme’s folder and right above the reCAPTCHA spot, in discrete font mention in just one line that if it’s too difficult to solve to click refresh, and if even after a while (Which again I highly doubt) it is difficult to read, then just type their best guess.
Let me know your thoughts on the next release, I’ve been working hurriedly on it. Among many things, it will also support reCAPTCHAs mailhide API which will elegantly and in a clever way hide emails from spambots. Currently I am working on trying to make it work in conjunction with Akismet so that if a comment does get through reCAPTCHA it is still screened by Akismet to further test the comment. At the moment, if one enables Akismet along with reCAPTCHA, any spam comments that the reCAPTCHA comment will block will still be reported by Akismet as spam. I believe it has to do with priority levels.
I do find readability to be an issue, but don’t know of other options out there that is so effective in stopping that pesky spam.
Asirra is an interesting idea, although since they tell me that I am a bot too, it’s clearly not ready for real world use. CAPTCHA sucks, there’s no two ways about it.
I just ignore any form submissions that are made in a session under 3 seconds. Don’t think a person could comment that fast, so it works for me and seems to eliminate a lot of spam. There is also bad behaviour, which looks interesting. http://www.bad-behavior.ioerror.us/.