MeFi Captcha April 29, 2006 5:24 PM   Subscribe

Apologies if this is redundant, but Yahoo's search revealed nothing about the look-n-feel of the MeFi captcha.

Metafilter's captcha is particularly irritating. Of the few sites I use that require it, this one is by far the worst. Many of the characters are ambiguous because they use a sans-serif font—combined with the size and font variation, letters like C, O, W become hard to distinguish when their cases change. And this is me being selfish—there's still the nagging problem that these are very inaccessible.

I realize (and read the thread on) why you installed one, and realize Matt-n-Co are busy creatures, and perhaps the alternatives aren't great right now. But sites like TicketBastard, Yahoo, and PayPal all use much less ambiguous, much more human-parsable captchas, and presumably have orders of magnitude more traffic than MeFi—so these must have worked pretty well so far.

Wikipedia has a list of alternatives for a variety of languages.
posted by symphonik to Bugs at 5:24 PM (20 comments total)

I want to log out and refresh my memory of what the CAPTCHA looks like, but I'm afraid I wouldn't be able to read the letters to get back in.

You have put the fear of CAPTCHA into me, sir.
posted by ArsncHeart at 5:32 PM on April 29, 2006

And that's a good point, Arsnc. It's all alleviated when you stay logged in. But I rarely stay logged in to any sites (translated: I delete cookies a lot) as part of my paranoid security philosophy, and I also end up visiting from a lot of different computers. So I see the MeFi captcha a lot.
posted by symphonik at 5:35 PM on April 29, 2006

Captcha's are a very silly authentication mechanism anyway, in a few years I would expect most captcha breaking systems to be as effective as most people.

A better solution would be analyze login attempts emanating from a single source IP, and block people who are trying to guess weak passwords, which is what the system was designed to stop, after Pretty_Generic stole Ab'd AlHazrid's account.
posted by delmoi at 5:36 PM on April 29, 2006

The W3C has a good site I meant to link to, but the post was long enough already. I also understand that they're kind of silly, but they're easy to implement and probably stop 95% of the problems Matt was trying to stop. I understand that ease of implementation-versus-benefits curve all too well.

By the way, sorry for not "more insiding" the latter portion of that. It didn't even occur to me since the blue and green both have the secondary box. Feel free to edit the post.
posted by symphonik at 5:39 PM on April 29, 2006

I am getting rid of captchas entirely very soon. I'll be counting logins and having people get them emailed back to them after five failures.
posted by mathowie (staff) at 6:22 PM on April 29, 2006

I am getting rid of captchas entirely very soon. I'll be counting logins and having people get them emailed back to them after five failures.

If it was possible to hug people over the Internet...
posted by symphonik at 6:34 PM on April 29, 2006

...Matt would be feeling really creeped out.
posted by mr_crash_davis at 7:10 PM on April 29, 2006

There is already one captcha breaking system that I've seen demonstrated which is nearly 100% effective. The machines wander the web and try to log in places. When they are presented with a captcha, they send the image to an actual person somewhere who tells them what it is. So, you hire one guy who's job consists of having captcha's sent to him all day long and typing in what he sees. Crap job obviously. But also it works pretty much flawlessly. The same would be true of any turing-type test, it's simply too easy to actually have a person do it.
posted by RustyBrooks at 7:16 PM on April 29, 2006

Actually, you didn't even mention the really brilliant part of that breaking system. You take the ones you collect, and you use them as entry barriers on free porn sites. So some randy fellow does the work for you, for free.
posted by smackfu at 7:33 PM on April 29, 2006

letters like C, O, W become hard to distinguish when their cases change

I don't get it. Are you saying that you can't tell if these letters are upper- or lower-case?

I didn't think the mefi CAPTCHA was case-sensitive?
posted by MiG at 8:44 PM on April 29, 2006

smackfu: that is the best solution I've ever heard. You don't even have to implement your own system.
posted by RustyBrooks at 9:57 PM on April 29, 2006

Pfft, I use at least 5 different computers on a regular basis and I can hardly remember the MeFi catchpa. Whatever!
posted by furtive at 11:03 PM on April 29, 2006

What about the Kitten Catchpa? Or Kate Capshaw?

Seriously, though - and forgive my cluelessness - what does

I'll be counting logins and having people get them emailed back to them after five failures.

mean? They'll be emailed what? Their password, or the amount of times an attempt was made at their login?
I agree that the case-sensitive part of the MeFi catchpa was the largest annoyance of it, especially since I had to use it to post this.
posted by hoborg at 12:00 AM on April 30, 2006

I'm in favor of captchas -- they make the life of the fighting-sockpuppet assholes a bit more annoying
posted by matteo at 2:01 AM on April 30, 2006

I actually think the MeFi CAPTCHA is one of the most attractive ones out there. The colours go with the site quite well.
posted by By The Grace of God at 2:18 AM on April 30, 2006

Matt, please license Moift's Animal Captcha Technology... tia.
posted by Dreamghost at 3:44 AM on April 30, 2006

What I still don't understand is why it's impossible to have what every other website on the planet has - the ability to change your own password rather than having to whisper it in mathowie's ear.

Can anyone name even one other site, anywhere, that doesn't let you change your own password?
posted by dmd at 1:45 PM on April 30, 2006

Can anyone name even one other site, anywhere

nitpick: wrong way to ask the question.

Clearly this condition doesn't meet your standards, dmd (nor most of ours) but I'm sure that the ubiquity of this feature on other sites has no impact on its ease for Matt to implement.
posted by scarabic at 2:09 PM on April 30, 2006

its ease for Matt to implement

But many people have offered to step in and implement it for him, since this dead-simple feature seems beyond his abilities (even though it's in the early examples in the "Learn Cold Fusion in 24 hours" book), and he refuses to allow such a thing to happen.

I'd even be satisfied if Matt would give a short explanation for why Metafilter is a special case - i.e., why this is trivially easy to do everywhere else, but exceptionally difficult to do here. He refuses to do that, too.
posted by dmd at 8:53 AM on May 1, 2006

Just because. To know any more, you must meet the entry requirements of the cabal.
posted by dg at 5:15 AM on May 2, 2006

« Older Vancouver meetup.   |   Too many links makes a post something something Newer »

You are not logged in, either login or create an account to post comments