Captcha No More
Since I wrote about my sweary run-in with Captchas - those squiggly things at the bottom of forms that can only easily be read after too much coffee/beer - a week or so ago, I've been paying more attention to this technology.
And with good reason, too. My friend Michelle, who brought to light the original howler at the credit union forwarded me an article in today's guardian.co.uk, reporting that if the automated technology can't crack a captcha, then there are alternatives,
Another option is to pay. Spammers have employed large teams of temporary staff to solve Captchas, effectively "rooms of people", usually in a third world country, sitting at a computer and solving Captchas.
The article goes on to suggest that OpenID or Microsoft's CardSpace might be viable alternatives. Surely, though, they'll suffer from exactly the same kind of verification problems. If a potential spammer controls an email address and can by-pass Captchas on a mass scale, the only defence will be to analyse behavioural patterns to handle the problem.
300 registrations in 10 minutes from one IP address. Up to no good methinks. As Matt Mullenweg from Wordpress suggests, if the spammers are using 'humans' the moderators will need to follow suit,
"Ultimately Captchas are useless for spam because they're designed to tell you if someone is 'human' or not, but not whether something is spam or not. Just because something came from a real human being doesn't mean it isn't spam, which is why content-based solutions like Akismet are the only long-term solution to the spam problem."
So, keep your eyes peeled on those blog comments and registration forms. Here's hoping for some hefty vigilance at the webmail providers, or we're all doomed!
Comments
Caught ya...