RE: Defeating CAPTCHA

["Derick Anderson" <danderson () vikus com>]

Just an observation about the growing complexity of solutions being
presented...

If I have to look at 10 images of strawberries in various stages of
decay, answer inane riddles, or pass an I.Q. test before registering for
some site, then I'm going to decide that whatever your service is, I
don't need it that badly. And if I, as a technologically-saavy
individual, refuse to jump through hoops to prove I'm not a spammer, how
likely is it that the average web surfer is going to?

If a system is built to run on a computer, then a computer can automate
input into that system. If you want to curb a particular use-case of
your system (say, signing up for an account), make it economically
unattractive or put a human on the receiving side. I can think of three
ways (off-hand) to make a use-case "economically unattractive":

1. Charge money. Spammers aren't going to shell out cash en masse.
2. Require a uniquely identifiable token which requires confirmation of
the token holder. PayPal's signup is a good example - they credit your
bank account with some paltry sum and you tell them later what it is.
3. Provide a service with only information that can't be exploited for
profit.

Attempting to automate a human recognition system is a race that will
leave the humans behind. Eventually only automated spammers will be able
to get into your system.

My two cents.

Derick Anderson