Stop using CAPTCHAs. It’s time to switch to DLT: Design, Limit and Trapdoor.
“[a certain website] has the evil bad wrong Google reCaptcha on the edit page to stop disabled users, so screw it. Google’s reCaptcha seems to be spreading again, obstructing more people when accessing more websites. Is there a reason for that? The re in reCaptcha stands for replace with real anti-spam, please!“
I wrote the above about two years ago and it’s not getting any better. I’ve written similar things over the last ten years, as have many others, and I’ve always sought to avoid using physical ability tests as a way to cut down spammers.
Why do people keep reaching for the reCaptcha non-captcha or things that use similar bad eyetests like Mollom? So most online messages may be spam, but those physical ability tests do nothing to test for spam. They’re trying to detect computer submissions (the TCHA in CAPTCHA is meant to be Telling Computers and Humans Apart), but that’s really bad when the computer is helping someone with a disability to access the internet.
People from the home of the CAPTCHA describe access for sight and hearing-impaired users as “an important open problem for the project” (Luis von Ahn, Manuel Blum and John Langford. Telling Humans and Computers Apart Automatically. In Communications of the ACM). Until that problem is closed, CAPTCHAs should be considered defective and removed whenever possible.
What webmasters should do instead is DLT:
- Design it well: Set up sites so the spammers cannot get a quick win in the first place. Configure permissions and things like that so people have to do some work before they are trusted to post links. This is similar to the basic theory behind my Open Activism paper Fighting in the Shadows. This is much easier to do if the system is Free and Open Source Software (FOSS), too.
- Limit the damage: include rate limits to stop one person causing you lots of work: even with computer-assistance, few people need to post 10 forum messages every minute. Join up in co-operative anti-spam networks like blogspam.net so if they hurt you, others can see them coming. Again, it’s easier to hook into a network if you’re using FOSS.
- Trapdoor: keep a way for people to contact you if they are really blocked by your design decisions and limitation and keep a way to exempt them from the limits if needed. Make it welcoming because disabled users are tired of reporting barriers to webmasters who don’t care and will never fix the web. A good multi-step eyetest-free contact form is a basic way to do this.
Have you tried this? Have your experiences been as good as our co-op’s? Are there sites you don’t think it would work for? A comments form is on the original of this article, as ever.
9 Responses to DLT is better than CAPTCHA