by
kbenson » Wed Feb 22, 2012 12:15 am
jnurthen wrote:kbenson wrote:
The effectiveness is directly proportional to the prize for thwarting it. I'm under the assumption that it's still easier to find an alternate way to spam than to pay someone to manually enter CAPTCHA text for you (even at the rates you posted).
Note: I'm not advocating using a CAPTCHA in particular, just stating what I see to be generalities to ALL security mechanisms.
I disagree.
With which part? About effectiveness being proportional to reward?
Take this as an example, a picket fence on a corner lot doesn't protect the yard from intrusion, it
dissuades random passerby from cutting through the lot and trampling the lawn because it's not worth their trouble to jump the fence when they can just walk an extra 20 feet and not have to go over the fence. As soon as there is another reason to want in your yard, the fence is wholly inadequate.
The same can be said of EVERY security mechanism.
Those sites for which CAPTCHA is an effective method of preventing abuse would be equally as well served by a combination of other techniques such as those listed (at amongst other places)
http://webaim.org/blog/spam_free_accessible_forms/
Many of these techniques have no adverse effect for the user.
Indeed some don't adversely affect the USER, but that just means the adverse effect is shunted somewhere else, either to the admin, or the the server which has to do extra work, or missed email because of a false positives.
For those sites where these techniques aren't effective - neither would (generally) a CAPTCHA.
The only thing CAPTCHAs really do is alienate users.
I disagree.
First, CAPTCHAs don't protect against spam, they validate human interaction (to varying degrees, but quite well when done right). Unfortunately, they are quite bad at verifying the opposite - no human interaction. This means there can be quite a lot of false positives. It's this property they can confirm which is used for spam detection, since most spam is automated, due to the high volumes needed to make it profitable.
Second, there are other domains where CAPTCHAs provide an invaluable barrier against automation. Take ticketmaster for example.