On Sun, Jan 20, 2013 at 1:22 PM, David Gerard dgerard@gmail.com wrote:
The MediaWiki captcha is literally worse than useless: it doesn't keep spambots out, and it does keep some humans out.
(I was just reminded of this by a friend I lured into joining Wikivoyage - who can see and is highly literate, but found the captcha really troublesome.)
Why are we still using this?
- d.
Hi David,
This question is something we've also been asking ourselves on the E3 team, as part of our work on account creation. I think we all agree that CAPTCHAs are at best a necessary evil. They are a compromise we make in our user experience, in order to combat automated attacks.
If anyone is interested in seeing how CAPTCHAs impact users first hand, you should definitely watch the remote user tests we did at https://www.mediawiki.org/wiki/Account_creation_user_experience/User_testing... at least scan the notes. Those highlighted for us that, even in the much nicer looking new version we built, the CAPTCHA is a pain in the ass.
To get more numbers on how much taking away the CAPTCHA might gain us in terms of human registrations, we have considered a two hour test (to start with) of removing the CAPTCHA from the registration page: https://meta.wikimedia.org/wiki/Research:Account_creation_UX/CAPTCHA That kind of test would probably not be an accurate measurement of what kind of spam would be unleashed if we permanently removed it, but the hourly volume of registrations on enwiki is enough to tell us the human impact.
There are other, easier things we can do to make this issue far less worse, if we can't remove it entirely without lots of rigorous testing...
One thing we recently did was simply regenerate the images with font rendering that is easier to read for people; our system for generating CAPTCHAs is arcane to my eyes, but Aaron Schulz was able to accomplish that without much headache.
The other thing in the works is adding a refresh button to the CAPTCHAs, which if done correctly could make a huge difference IMO: https://gerrit.wikimedia.org/r/#/c/44376/ That patch still needs UI improvements and testing, but any help would be most welcome.
Steven