On Sunday, November 9, 2014, Platonides platonides@gmail.com wrote:
On 07/11/14 02:52, Jon Harald Søby wrote:
The main concern is obviously that it is really hard to read, but there are also some other issues, namely that all the fields in the user registration form (except for the username) are wiped if you enter the CAPTCHA incorrectly. So when you make a mistake, not only do you have to re-type a whole new CAPTCHA (where you may make another mistake), you also have to re-type the password twice *and* your e-mail address. This takes a long time, especially if you're not a fast typer (which was the case for the first group), or if you are on a tablet or phone (which was the case for some in the second group).
Only the password fields are cleared (in addition to the captcha). It is debatable if clearing them is the right thing or not, there must be some papers talking about that. But I think we could go with keeping them filled with the user password.
Another idea I am liking is to place the captcha at a different page (as a second step), where we could offer several options (captchas, puzzles, irc chat, email...) to confirm them, then gather their success rate.
I like both of these ideas.
On the general topic, I think either a captcha or verifying an email makes a small barrier to building a bot, but it's significant enough that it keeps the amateur bots out. I'd be very interested in seeing an experiment run to see what the exact impact is though.
Google had a great blog post on this subject where they made recaptcha easier to solve, and instead,
"The updated system uses advanced risk analysis techniques, actively considering the user's entire engagement with the CAPTCHA--before, during and after they interact with it. That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterize humans and bots. " [1]
So spending time on a new engine that allows for environmental feedback from the system solving the captcha, and that lets us tune lots of things besides did the "user" sending back the right string of letters, I think would be well worth our time.
[1] - http://googleonlinesecurity.blogspot.com/2013/10/recaptcha-just-got-easier-b...
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l