Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I would be interested to see what the completion rate for this is versus, e.g., the Yahoo captcha. My intuition is "not that great." (You require reading on the Internet... uh oh.)

By the way, picking one token from the captcha and returning it beats the captcha 7% of the time, if the examples are representative. Spammer wins, since he can generate requests by the hundreds of thousands.



I also noticed that certain questions aren't necessarily 'easy'.

> The 1st number from 25, eight, 6, six and 27 is?

So is the answer 25 or 6?

I've come to the realization that CAPTCHAs aren't the solution, or at least can't be a standalone solution. Make the CAPTCHA easy enough for a human to not be blocked (pick the cat from these 3 photos) and the bot still wins 33% of the time. Make it hard enough that the user has to invest energy to 'solve' the problem in front of them and you alienate users by treating them like criminals.


I agree completely! I suspect the solution to the CAPTCHA paradox will be something we haven't even considered. In fact, I don't think we can even solve it directly- we have to approach the problem from a different angle. For example, we can start requiring significant identity authorization on some high quality sites (sacrificing anonymity for responsibility), and rely on advanced filtering for the rest.

Think about it: the actual problem with spammers defeating CAPTCHAs is low quality content. I'd much prefer to expend energy trying to stop low quality content, which is often delivered by non-spammers :)

I wrote a blog post expanding on these ideas: http://cmurphycode.posterous.com/the-problem-with-captcha


I don't get how the answer could be 6, though I do agree with you on the paradox of CAPTCHAs


Interpretation 1: It's a string list and pick the first element = 25.

Interpretation 2: It's a numerical list of numbers, numbers being ordered by value have an implicit sort applied to them, pick the first element in that sequence = 6.

#2 is a very programmer thing to do ;)


you get a cookie :)


Maybe the solution is to obscure the text somehow, so that a spammer can't read the text to grab a token . . . .


Do remember you really need to consider the blind in any solution.


Not to mention that most modern captchas are being solved by people in third world countries, not bots.

Something like ReCaptcha is already for all intents and purposes bot-proof. A text captcha like this looks like a step backward.


I haven't been to Yahoo in a few years, but when I registered a mail account there once, it took me at least 10 if not 15 tries to get the captcha right. I came dangerously close to blowing my stack.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: