On Sunday, November 9, 2014, Platonides <platonides(a)gmail.com> wrote:
On 07/11/14 02:52, Jon Harald Søby wrote:
The main concern is obviously that it is really
hard to read, but there
also some other issues, namely that all the fields in the user
form (except for the username) are wiped if you enter the CAPTCHA
incorrectly. So when you make a mistake, not only do you have to re-type a
whole new CAPTCHA (where you may make another mistake), you also have to
re-type the password twice *and* your e-mail address. This takes a long
time, especially if you're not a fast typer (which was the case for the
first group), or if you are on a tablet or phone (which was the case for
some in the second group).
Only the password fields are cleared (in addition to the captcha). It is
debatable if clearing them is the right thing or not, there must be some
papers talking about that. But I think we could go with keeping them filled
with the user password.
Another idea I am liking is to place the captcha at a different page (as a
second step), where we could offer several options (captchas, puzzles, irc
chat, email...) to confirm them, then gather their success rate.
I like both of these ideas.
On the general topic, I think either a captcha or verifying an email makes
a small barrier to building a bot, but it's significant enough that it
keeps the amateur bots out. I'd be very interested in seeing an experiment
run to see what the exact impact is though.
Google had a great blog post on this subject where they made recaptcha
easier to solve, and instead,
"The updated system uses advanced risk analysis techniques, actively
considering the user's entire engagement with the CAPTCHA--before, during
and after they interact with it. That means that today the distorted
letters serve less as a test of humanity and more as a medium of engagement
to elicit a broad range of cues that characterize humans and bots. " 
So spending time on a new engine that allows for environmental feedback
from the system solving the captcha, and that lets us tune lots of things
besides did the "user" sending back the right string of letters, I think
would be well worth our time.
Wikitech-l mailing list