Talk:CAPTCHA/Archive 2

This page is an archive of past discussions. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page.

Is this paragraph really necessary?

Another potential weakness is that only a yes/no answer for each picture is required by most designs. Even with sixteen images, a bot has a 1 in 65536 (216) chance of getting the CAPTCHA right purely by chance. Furthermore, such chance identifications can be used to accumulate knowledge about the correct identification of the images, allowing the bot to progressively improve the accuracy of its guesses over time. In order for the CAPTCHA to be resistant to such chance-guessing botnet attacks, the user would need to be forced to solve an annoyingly large number of images.

recaptcha uses words from the English language, which only has about +/- 50,000 words. I'm not sure this is even a weakness, and it seems to be the Wikipedia article's opinion. Brute force is not a realistic way to solve a captcha - for a 5-second page load, 65536 attempts would take 91 hours. Marquinho (talk)—Preceding undated comment added 21:09, 26 March 2009

Please consider using this external link:
Innovation: Harnessing spammers to advance AI - tech - 17 April 2009 - New Scientist -- Wavelength (talk) 14:46, 19 April 2009 (UTC)

The beginning of the first paragraph seems to have a different font and spacing from the rest of the article. I don't see how that could be made or fixed. --Stuvaco922 (talk) 23:18, 6 May 2009 (UTC)

The article doesn't seem to link to the original paper. I haven't figured out the various citation formats for wikimedia, perhaps someone else can type in the info from this bibtex: http://dblp.uni-trier.de/rec/bibtex/conf/eurocrypt/AhnBHL03 There's a claim that the term was coined in 2000, but no reference. If so, it was when Langford was still at CMU, although on the 2003 paper he is listed as being at IBM. Bhudson (talk) 08:56, 4 December 2009 (UTC)

I just looked up the von Ahn et al 2003 paper; it refers to captcha.net which has the 2000 claim, at which time all four authors were at CMU. Their abstract is also very explicit that this is hard AI, and *not* security through obscurity as the wiki page seemed to indicate. I've made both those changes. Bhudson (talk) 09:15, 4 December 2009 (UTC)

Image of a CAPTCHA with the words "relief testis" to type out and submit. I found this on craigslist.org and immediately took a screenshot. —Preceding unsigned comment added by 71.235.11.114 (talk) 19:21, 14 May 2010 (UTC)

• Where's the profanity in that? 68.146.71.145 (talk) 13:25, 15 July 2011 (UTC)

I think it's worth mentioning the possibility for organizations to establish a public database for CAPTCHAs, in order to provide users with the convenience of not having to complete a CAPTCHA on sites that require them frequently. Obviously, these databases are subject to exploitation by bots, and may have even been designed for that purpose. It would work by being able to identify images, possibly by their hash, and a corresponding ASCII answer to it. When a user visits a site using the service, the service checks the page for a CAPTCHA image. If it finds one that is in the database, the form is automatically filled out and submitted seamlessly. If it doesn't, the user must input the CAPTCHA, and the answer and hash (or other means of identification) automatically treated as a contribution to the database. This works on the premise, however, that either A) sites use a fixed pool of images and answers, or B) a CAPTCHA image that is generated (when requested) from a word for each user, will be exactly the same as one generated for another user. This is because images automatically generated with variance per user/instance, are not likely to be matched, even if they represent the same ASCII answer.

A service like this could be implemented in a number of ways. The one with probably the most simplicity to the user would be a website, through which the user's destination website is passed, checked for CAPTCHAs (most easily done by comparing all images in a page to hashes in the database), and sent to the user; much like web proxy. Another way would be installing external software, or an extension or add-on for major browsers that scans incoming pages, contacts the database, and has the same effect as the aforementioned method. This method, however, would come at the price of needing to install software on the user's computer. Another approach might be using a modified transparent/caching proxy. It would work in much the same way as a transparent proxy that caches pages for speed of transfer, only it would cache CAPCHA answers instead. All of these ways would allow the service to get a web page for the user, and check for and fill out CAPTCHA challenges before the page even reaches the user, hence it would look like the CAPTCHA page was never even there. Additionally, all of these methods would allow contributions to the database by recording image hashes (so long as they could be distinguished from other ambient images on the page) and recording the user's answer it it, completely seamlessly to the user, and perhaps even without the user's knowledge.

Now, that's a pretty neat idea in itself if you ask me, but what does it mean for bot circumvention? Well, ordinarily any service can be for the most part protected from bots by adding a CAPTCHA, but since the nature of this service is getting rid of them, that wouldn't be an option. This means that bots could tap into the database and preform the same procedure as the service is doing for humans. To make things even easier, the bot could simply send requests through the service and have CAPTCHAs solved at the other end, and not even be bother to do it itself, and there's nothing anyone could do about it. That could either be a major headache for these services (bandwidth, advertising, etc, even legal reasons), or they might be happy to help developers circumvent CAPTCHAs. As I said, that could be a big part of the reason the service was started.

So now that I've written enough on the discussion page to be an entire article, what do you think? Is this issue worth mentioning or expanding upon?

Thanks, Zach

PS: I don't know if any services like this really exist, I just sat down and came up with this idea in my head. So, if you do know of any, please let me know. —Preceding unsigned comment added by Zachlr (talk • contribs) 16:37, 27 May 2010 (UTC)

This won't work at all. Text based CAPTCHAs are uniquely generated each time. The words come from a database, perhaps the one that you are thinking of, but the distortion effects that are used are random. So no word will ever display the same way. It would be best if you removed this question from the discussion page.67.177.201.108 (talk) 11:52, 6 April 2011 (UTC)

Since this is original research, it's not appropriate for the article. -- Beland (talk) 14:10, 15 July 2010 (UTC)

If anyone is able to add it, I think it would be interesting and beneficial to devote a sentence or a short paragraph in the main article describing the historical development of the use of CAPTCHAs. When were they first used? In response to which particular problem(s) were they introduced, and who wrote the original programming (etc)? This kind of information would be good for a general reader (such as me) who is less interested in the technical details of CAPTCHA technology and more interested in how and why they were introduced, and by whom. —Preceding unsigned comment added by 203.27.47.245 (talk) 08:05, 28 June 2010 (UTC)

I was looking for this information as well, though the article PayPal provides an interesting clue. -- Beland (talk) 14:07, 15 July 2010 (UTC)

Have you seen (heard) the #4 podcast at http://hackermedley.org/ on humans only or the web page at http://www2.parc.com/istl/projects/captcha/history.htm? Disclaimer: I am one of Andrei's co-inventors on the CAPTCHA patent. -- Mark Lillibridge — Preceding unsigned comment added by 15.219.217.254 (talk) 00:48, 16 May 2012 (UTC)

I have read somewhere that text based CAPTCHAs provide a very valuble service to digital document conversion. (At least one of the) text based CAPTCHA service providers require the entry of TWO words. The computer that provides the CAPTCHA only knows the correct response to one of the words, but the human is asked to enter both. The unknown word comes from an old newspaper article or scientific document that another computer had a difficult time converting to a digital format. The user is judged for a correct response to the known word. Simultaneously, the user is helping to translate the unknown word to help complete the digital conversion of the document. If enough people agree (I think the threshold is 5) on the unknown word, it is considered to be correctly entered, and it is added to the database of known words. I believe that this type of human help is needed when a word is misspelled in the document, or the older typeface is difficult to recognize (e.g. old newspaper articles). This also provides an excellent source of hard to guess words for other computers, since even in raw format, a computer couldn't get it right. I wish that I knew the reference for this. 67.177.201.108 (talk) 11:52, 6 April 2011 (UTC)

You are right. The most prominent such project is reCAPTCHA. Sam Hocevar (talk) 14:59, 6 April 2011 (UTC)

...refers to this article. Why? —Preceding unsigned comment added by 217.226.203.48 (talk) 18:36, 3 July 2010 (UTC)

For creating accounts on sites, you must enter a CAPTCHA for safety. Add this thing on the article.--99 time 14:47, 9 October 2010 (UTC) —Preceding unsigned comment added by Rockers99 (talk • contribs)

It is for the safety of the site actually. If there are no CAPTCHA's where users can enter information, then the database can fill up rather quickly either crashing the server or leading to a shared hosting account to become suspended for overuse.

--Leewells2000 (talk) 22:02, 21 December 2011 (UTC)

But how do deafblind people use computers, as it is mentioned twice in this article, and if they don't use computers, is it relevant to the article to mention them? Kungfukats2 (talk) 13:00, 14 October 2010 (UTC)

• Many DB people use computers for communication - there are interfaces that allow them to "read" the screen. This isn't Helen Keller's era anymore. 68.146.64.9 (talk) 17:33, 6 December 2010 (UTC)

Something I've noticed in the last couple months is that some CAPTCHA apps no longer require exact matches, but are intuitive enough to go "close enough" and let you in. I had a couple of cases where I had a truly ambiguous CAPTCHA to work out, but it accepted the one I typed in even though I knew I'd made a typo on a different letter than the ambiguous ones. On the other hand, I also went to one (English-language) forum where the CAPTCHA was messed up and showing puzzles in Cyrillic lettering, rendering it impossible to solve. I'd add both to the article myself, but as I cannot provide cited sources, just personal experience (so OR) I'll just leave this here in hopes someone with sources can add this to the article. 68.146.64.9 (talk) 17:33, 6 December 2010 (UTC)

This could be people using CAPTCHA's to get humans to read words which OCR software has failed to read properly (maybe due to a blot on the book). This is automated so that the OCR software combined with humans works much better. QuentinUK (talk) 12:36, 12 March 2011 (UTC)

We have images showing Yahoo's captcha, but in my opinion Google has a more advanced solution.

Opinions?

Support

1. Support. --•ː• 3ICE •ː• 05:21, 30 December 2010 (UTC)

Oppose

Comment

Does the article really need more examples? What is wrong with the current examples? I think they get the point across well enough. HumphreyW (talk) 06:09, 30 December 2010 (UTC)

I found the phrasing and choice of words used to give off too strong a positive image of Captchas, especially in the leading paragraphs. It read as if they were infallible. I toned down this a bit: instead of "CAPTCHAs are used to stop spam", for instance, I use "CAPTCHAs are used as a measure to stop spam" or "CAPTCHAs are used as an effort to stop spam". The differences may be subtle, but I think the text now is shifted in the direction of a more fair and realistic assessment of the technology. CapnZapp (talk) 09:38, 11 January 2011 (UTC)

For us worshipers of Inglip (http://www.reddit.com/r/inglip): Is this notable, yet? I know some smart ass did a wiki-edit to say there were genuine worshipers out in the world but I think that the joke is worth referencing if it is explicitly announced as such. (Incidently inglip tells me "earlyspan," so if you think it is too early, I can accept it. —Preceding unsigned comment added by 12.54.16.178 (talk) 16:41, 11 January 2011 (UTC)

No, and Wikipedia isn't the right place for it. Try ED. We don't have an article for Zalgo, and Inglip isn't much different. See WP:GNG for more explanation on what makes something notable. Throwaway85 (talk) 07:20, 13 January 2011 (UTC)

The primary developers of the CAPTCHA Project have provided official endorsement and continued interaction with the meme and there are plenty of notable references to be found. Added prior to seeing this conversation (adding the article to my watchlist made the talk page edit appear on my watchlist), any dispute should be brought before arbitration rather than reverted. R3ap3R.inc (talk) 20:11, 12 February 2011 (UTC)

No, the burden is on the editors wanting to add the meme to provide independent reliable sources that it's a notable meme. If it's not getting any coverage outside Reddit, it's not notable, and it doesn't belong on Wikipedia. —C.Fred (talk) 22:45, 12 February 2011 (UTC)

You must not have checked the resources, which included the lead developer's site (colinm.org) as well as knowyourmeme.com, churchofinglip.com, and geekosystem, but I'll add more just for you ;) R3ap3R.inc (talk) 02:01, 13 February 2011 (UTC)

Also worth noting is that the reCaptcha team stated that the meme has caused a tremendous increase in the number of solved captchas. The captchas utilized are from scanned text / books / scrolls that haven't been fully transcribed, and the use of the recaptcha tool helps to translate these texts ref from lead developer R3ap3R.inc (talk) 02:26, 13 February 2011 (UTC)

Bear in mind that reCAPTCHA has a separate article. —C.Fred (talk) 05:45, 13 February 2011 (UTC)

Yes, I think include inglip. —Preceding unsigned comment added by 71.202.225.227 (talk) 01:21, 13 February 2011 (UTC)

This is not a vote. Just posting here saying "yes, include it" does not suddenly make the subject notable. You will have to provide reliable references that show the subject is notable enough to include here. HumphreyW (talk) 01:51, 13 February 2011 (UTC)

I am re-including the 3-D CAPTCHA in the image-recognition section as it is notably distinguished from the other cited image-recognition CAPTCHA. The other CAPTCHA rely on a finite supply of manually generated images that must be manually labeled, thus straining the “Completely Automated” aspect of the CAPTCHA definition. On a side note I am moving the mention of reCAPTCHA out of the image-recognition section and placing it in the computer character recognition section. CrunchyChewy (talk) 23:05, 22 April 2011 (UTC)

The 3-D CAPTCHA was discussed more than 2 years ago and over that time the lack of any meaningful deployment of the prior cited image-recognition CAPTCHAs brings into question the relative notability of these CAPTCHAs as compared to the 3-D CAPTCHA. A reevaluation of the technical distinctiveness and importance of the 3-D CAPTCHA relative to all other image-recognition CAPTCHA is in order. The following questions deserve to be answered:

Does this design for an image-recognition CAPTCHA generate and label images in a completely automated manner? Do any of the currently cited image-recognition CAPTCHA do this?

The answer to these questions should determine if the 3-D CAPTCHA (or an alternate more-suitable CAPTCHA that also accomplishes this) is notable enough to warrant appropriate inclusion in a suitable section of the article.

It is difficult for any image-recognition CAPTCHA to grab the mantle of ‘notability’ as none have been deployed beyond niche use, so technical analysis should be used to assess notability for this technical article.

On a side note – why was the reCAPTCHA information moved back to the image-recognition section? Was the reversal of the edit well thought out?CrunchyChewy (talk) 18:13, 23 April 2011 (UTC)

ReCaptcha is actually in widespread use. That makes it notable. IMO, both its advantages and limitations are relevant to this article. David Spector (talk) 00:02, 22 September 2011 (UTC)

Sources? --Ronz (talk) 00:59, 22 September 2011 (UTC)

My above comment from April was not questioning the relevance of ReCaptcha. At the time that comment was written ReCaptcha was inappropriately placed in the image recognition section though it is a text-based CAPTCHA. I had moved the ReCaptcha information to a more appropriate section but that change and my other edits were reversed. The purpose of the comment was merely to suggest that the reversal of my edit was not well thought out.CrunchyChewy (talk) 18:35, 23 September 2011 (UTC)

An image used in this article, File:Airplane CAPTCHA JPG.jpg, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations

What should I do?

Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image for this article before it is deleted.

A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 03:25, 6 May 2011 (UTC)

An image used in this article, File:Airplane_CAPTCHA_JPG.jpg, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations What should I do?

Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image before deletion occurs. A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 10:40, 6 May 2011 (UTC)

	An image used in this article, File:Airplane CAPTCHA JPG.jpg, has been deleted from Wikimedia Commons by Túrelio for the following reason: Copyright violation: copyrighted screenshot What should I do?
	A different bot should have (or will soon) remove the image code from the article text (check if this has been done correctly). If you think the image deletion was in error please raise the issue at Commons. You could also try to search for new images to replace the old one. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 12:50, 6 May 2011 (UTC)

is the reverse turing test bit really all that relevant? perhaps it should be moved to another part of the article, or perhaps to the end of the overview — Preceding unsigned comment added by 67.81.199.45 (talk) 06:43, 7 September 2011 (UTC)

I added a description of a new and useful type of text-based CAPTCHA to show that there is no need to exclude blind and visually impaired people from equal access to CAPTCHA-protected Web-based forms.

IP editor 108.35.41.78 accidentally undid my edit, evidently thinking he or she was undoing another edit instead, which was erroneous.

That the IP editor made a mistake is clear from his/her comment line: "that criterion is not part of the intended use of a CAPTCHA, which is what this list is about", which applied to another edit, not mine.

I have now undone that mistaken undo to restore my edit. To anyone else: please understand what happened before you assume that I made a mistake. David Spector (talk) 19:42, 20 September 2011 (UTC)

I removed the advertisement from it, which is probably why it was removed. I also changed the wording and tone to make it far more encyclopedic. --Ronz (talk) 19:51, 20 September 2011 (UTC)

It wasn't an advertisement, Ronz.

I'd like to add that the example CAPTCHA server that I reference has nothing to do with me--there is no COI (conflict of interest) here. For one thing, the server is free. For another, I have no connection with that site or any organization or person it may represent. I just added the link as an example showing a real-world solution to the perceived problems with text-based CAPTCHA. David Spector (talk) 19:56, 20 September 2011 (UTC)

I'll stick by my assessment of calling it an advertisement, per WP:NOTADVERTISING. Since no one has brought up WP:COI concerns, let's stick to discussing the advertising problem. --Ronz (talk) 22:49, 20 September 2011 (UTC)

As you requested in private, I'll continue the discussion here.

There isn't a trace of advertising in my use of this reference. The burden is on you to provide a rationale for your deletion. If you could delete this reference successfully with no rationale, what is to stop you from deleting entire articles like Wolfram_Alpha or General Motors, which describe for-profit businesses?

The reason these articles cannot be deleted is that these companies are significant within some framework of knowledge or accomplishment. Their notability rests on more than just making a profit. My reference to textcaptcha.com was, like the existing reference to recaptcha.com, justified on the basis of its relevance to the article. textcaptcha.com is a successful example of a practical server for text-based challenges. In the history of this article, this provides for the first time a concrete response to those who would claim that only image-based challenges are practical and effective. Without the reference, my addition could be challenged as Original Research, which, as you know, is forbidden at WP. My addition was actually prompted by accidentally finding this company during a Web search.

In summary, my reference is vital to the point I made. Further, as the company involved is nonprofit, the question of advertising is moot anyway. Finally, I have provided a detailed rationale for including the reference, in contrast to your use of personal judgement that I was guilty of advertising without any explanation or evidence. David Spector (talk) 23:21, 20 September 2011 (UTC)

You've not addressed my concerns. Can you explain why you think WP:NOTADVERTISING doesn't apply? --Ronz (talk) 02:59, 21 September 2011 (UTC)

If I haven't addressed your concerns, it is because you have not presented any specific concerns. You have only quoted the WP policy on advertising. My use of a specific company in a reference is clearly not intended as a promotional tactic. To quote, "All information about companies and products are written in an objective and unbiased style." I am willing to work with you to ensure that the reference is written objectively. But, as I explained, the reference is an important source for the paragraph I have added.

I see some sources who discuss textcaptcha.com on the Web, but they are blogs and the like, which may not qualify as acceptable secondary sources. That is why I used textcaptcha.com itself as a primary source: it serves as a concrete example of how text-based CAPTCHAs can be of practical use.

You keep making me justify myself. I think I am doing that just fine. Now you must justify why you think an objective reference to a company is advertising. If you cannot do that, you should put the reference back in. David Spector (talk) 18:21, 21 September 2011 (UTC)

"All article topics must be verifiable with independent, third-party sources, so articles about very small "garage" or local companies are typically unacceptable." --Ronz (talk) 20:00, 21 September 2011 (UTC)

The quotation is irrelevant. This isn't an article about a company, small or big. If this is your only objection, then, since it doesn't apply, please restore the relevant reference. David Spector (talk) 21:44, 21 September 2011 (UTC)

I'm saying it is relevant, and I'm asking for independent, third-party sources. Otherwise the material appears promotional and self-serving, violating WP:NPOV and WP:PSTS--Ronz (talk) 00:55, 22 September 2011 (UTC)

I think this needs better sources, and to be rewritten from those sources, before it's reintroduced into the article. [1] --Ronz (talk) 03:04, 21 September 2011 (UTC)

Currently, CAPTCHA creators recommend use of reCAPTCHA as the official implementation.^[1] In September 2009, Google acquired reCAPTCHA to aid their book digitization efforts.^[2] However, this CAPTCHA has been cracked with 30% success rate, reported in August 2010.^[3]

I think this accurately reflects the current situation in the real world. How do you think this is inaccurate with respect to the sources referenced? Why are the sources unacceptable, and what better sources are you proposing? Why are you picking these specific areas to delete, and why do you think it is proper to do so without once giving a specific rationale for the deletion? I would like to assume that you have the best interests of WP at heart, so I assume you do have some rationale. What puzzles me is your unwillingness or inability to say what it is when asked. David Spector (talk) 18:08, 21 September 2011 (UTC)

Please WP:FOC. Thanks! --Ronz (talk) 20:02, 21 September 2011 (UTC)

If you thought I was focusing on something other than content, I'm not sure what you mean. I am addressing specifically and only content. Since you have no relevant objection to the specific points I made, I will ask you to restore the material you deleted on ReCaptcha. You may wish to do a Web search to assure yourself of the notability and relevance of ReCaptcha to this article. David Spector (talk) 21:49, 21 September 2011 (UTC)

I think the material needs better sources and should be rewritten from them. --Ronz (talk) 00:58, 22 September 2011 (UTC)

The article is about CAPTCHA, i.e. test to "to ensure that the response is generated by a person".

It correctly detects a human in human solver, even if he is from a sweatshop. While this article names CAPTCHA as vulnerable, insecure to ... a human!?

CAPTCHA is not conceived to make distinction between human spammers and human non-spammers, etc.

This article became a link repository, self-promotion texts (adding practically nothing and rather diverting the article from its topic), multiple repetitions of the same (unrelated) issues (like human solvers), discussion forum for spurious and biased opinions about completely separate topics like hacktivism, hacking, internet security, forum spamming, anti-spam protection, etc.

Shouldn't it all be written in corresponding articles like Anti-spam techniques? Cre8tin (talk) 05:06, 5 December 2011 (UTC)

All of those are related to CAPTCHA, in that they are raising concerns about CAPTCHA.Jasper Deng (talk) 04:56, 5 December 2011 (UTC)

How does human solvers raise concerns about CAPTCHA as test of human vs. computer?

The decision who from humans are spammers or not is off-topic in CAPTCHA as test.

This (and "Legal concerns" section or "Many users[who?] of the phpBB" paragraph, etc.) are not concerns about CAPTCHA.

There are separate, more proper, articles, if not forum/discussion boards, for such discussions, e.g. Anti-spam techniques

How is 'a central "anti-bot server"' (paragraph) related to the title of section "Attempts at more accessible CAPTCHAs"?

Wouldn't it be better to change the section title from "Circumvention" to "Factors Influencing Trustworthiness of Test" to dis-encourage the hijacking of the CAPTCHA topic?

Cre8tin (talk) 05:37, 5 December 2011 (UTC)

Legal concerns is a valid criticism. No, the title you suggest is a little too long, and is not accurate.Jasper Deng (talk) 05:40, 5 December 2011 (UTC)

I don't consider this bias at all as all of the law suits today generally either involve larger countries without extradition treaties or they're shut down making them a non-issue. --Leewells2000 (talk) 22:03, 21 December 2011 (UTC)

New Ways to Captcha Bots by Jeff Green BusinessWeek December 15, 2011 4:30 PM EST

99.190.86.5 (talk) 08:01, 28 December 2011 (UTC)

The article should mention captchatrader.com as the most effective human circumvention method in existence. — Preceding unsigned comment added by 201.231.234.10 (talk) 21:13, 30 January 2012 (UTC)

Section Human solvers already describes most of what this website does. Linking to this website would provide a commercial link, which is against Wikipedia policy. The claim "most effective" is original research, which is also against policy. David Spector (talk) 00:50, 11 February 2012 (UTC)

I have just undone three vandal edits by 96.25.215.29. I hope this person will post suggested changes here in the future so they can be reviewed by others.

The edits reflect the point of view that CAPTCHAs cannot ultimately be successful. While this is technically true, this observation (1) does not belong in the lead section, where the topic is being described, and (2) must have a cited reference in a reliable source, rather than being presented as original research by the anonymous editor.

This editor is advised to read about WP policies before continuing to edit. Without knowledge of the policies, they might find themselves blocked from editing (although I would not do it myself). If this editor has questions or issues they may discuss them here or on my Talk page. David Spector (talk) 00:42, 11 February 2012 (UTC)

Would we say the term had gained use as (per WP:CAPSACRS) an "ordinary, lowercase word" yet? News sources are still mostly using the capitalised version, but I don't know how much we should weight that for technical publications using lowercase. The current article is looking a bit unreadably shouty, but maybe it'd be better just to replace "CAPTCHA" with "test" in some of the denser paragraphs. --McGeddon (talk) 16:42, 16 February 2012 (UTC)

I think using UPPERCASE for technical terms sorta highlights them so you will notice them more. But yeah, I agree. 68.173.113.106 (talk) 01:58, 2 March 2012 (UTC)

I've two suggestions for additions, assuming sourcing, etc. is possible. One is talking about how some randomly generated CAPTCHAs end up being physically impossible to solve. For example, I often see Chinese or Cyrillic or mathematical symbols showing up, as well as straight out graphics (possibly culled from a WingDings or Dingbats-like font somewhere). Usually you can just hit reload and a new one is generated, but not always. The second is "penalties" for failing a puzzle, because there are numerous ways CAPTCHAs can be set to react if you don't get it right. The most common, of course, is a new puzzle is provided and you try again. Sometimes, in the case of file download services, the "countdown" starts again. But I have also heard (and this is where sourcing is needed as it's just word of mouth) of users being frozen out of sites for 15 minutes or even longer for failing a CAPTCHA puzzle, either the first time, or after several attempts. 70.72.223.215 (talk) 17:08, 26 April 2012 (UTC)

The section about 'image captchas' has conflicting points. First, it states that '"Computer-based recognition algorithms require the extraction of color, texture, shape, or special point features, which cannot be correctly extracted after the designed distortions.".

Then it later goes on to say '"Causing minor changes to images each time they appear will not prevent a computer from recognizing a repeated image as there are robust image comparator functions (e.g., image hashes, color histograms) that are insensitive to many simple image distortions. Warping an image sufficiently to fool a computer will likely also be troublesome to a human."'

So which is it? --moeburn (talk) 14:13, 29 July 2012 (UTC)

This article would be better with contemporary examples, such as the brand-leader Recaptcha . — Preceding unsigned comment added by Matt me (talk • contribs) 23:07, 7 August 2012 (UTC)

Started with wiki but my research seems to show the article here is patchy. First I found HappyCaptcha http://drupal.org/project/HappyCaptcha but then something a bit more interesting: Semantic Captchas eg http://code.google.com/p/egglue/ It would be great if someone with the tech knowledge could include/comment on these as they are popular Drupal modules. LookingGlass (talk) 14:39, 8 September 2012 (UTC)

Much appreciated, should be an m, thanks for deleting. — Preceding unsigned comment added by 177.4.61.19 (talk) 05:11, 27 September 2012 (UTC)

The GeoLang project has an article http://www.geolang.com/current-projects.php where it is suggested that "Insecure CAPTCHAs cost industry billions of dollars per annum". Why?

The Wikipedia article (which by the way seems awfully long for a topic like this) seems to fail to mention just the obvious: What is CAPTCHA used for? Why do bots attack websites to wreak havoc, what's their motive, what is it they achieve, and how is it that major companies lose money as a result? Do they steal information? do they install viruses? — Preceding unsigned comment added by 188.153.6.9 (talk) 17:14, 24 December 2012 (UTC)

Good point.Romanfall (talk) 16:23, 30 January 2013 (UTC)

User:Cre8tin's edit has been reverted six or seven times now, by different editors. He or she seems to be concerned by the fact that a site may have a CAPTCHA system to keep spammers out, but may also voluntarily host advertising that unwittingly contains spam-related malware. This is certainly ironic, but without a source that explicitly remarks on this irony, it is inappropriate original research to write about it. --McGeddon (talk) 13:54, 14 February 2013 (UTC)

I agree that it's original research. --Ronz (talk) 18:30, 17 February 2013 (UTC)

Copying from my talk page:

Concerning your undo of my edit. The link isn't off topic. It's a small piece about client-side CAPTCHA software. Microphonics^talk 20:17, 25 June 2013 (UTC)

I hope you don't mean by "my external link" that you have a WP:COI of some sort.

We agree it's a small piece. I'd say a very small piece on a very small and specific subtopic, hence not relevant enough to be included. --Ronz (talk) 20:22, 25 June 2013 (UTC)

The link in dispute is Implementing client side CAPTCHA. I don't see why some short notes on client-side implementation is worth linking. --Ronz (talk) 20:28, 25 June 2013 (UTC)

I suppose it is rather specific. Never mind then. Microphonics^talk 23:27, 25 June 2013 (UTC)

Changed: "where it melds with" to "where it fuses with" The author probably wanted to say "where it melts with" in the sense of "to blend into" The verb to melt is intransitive and cannot be used here. (something melts; you cannot melt something with something else) "To meld" means "to announce" in a game of cards. 88.9.34.199 (talk) 00:38, 26 January 2014 (UTC) Reverted as MELD == blend; combine. — Preceding unsigned comment added by 31.50.16.51 (talk) 09:08, 26 January 2014 (UTC)

A method of improving the CAPTCHA to ease the work with it was proposed by ProtectWebForm and was called "Smart CAPTCHA".[13] Developers advise to combine the CAPTCHA with JavaScript support. Since it is too hard for most of spam robots to parse and execute JavaScript, using a simple script which fills the CAPTCHA fields and hides the image and the field from human eyes was proposed.

The reference link takes the reader to a website that may well have been written by the same person as the one who wrote the paragraph here. The English in both places is clearly non-native, which doesn't help matters, but the basic gist of the sentence is also unclear. Doesn't hiding an image from human eyes defeat the very purpose of a CAPTCHA?

I would like to remove the paragraph entirely. What do others think? -AlanUS (talk) 19:50, 13 May 2014 (UTC)

I'm surprised that a section hasn't been written about how difficult captchas are to read for humans. I know I'm not alone in voicing how the need to stop automated programs from reading the captcha has made it harder for humans to use. The words and numbers have gotten longer, more warped, and now we have short time limits to enter the captcha. It's an unfair tradeoff: We're minimizing automated programs from reading the captcha, at the expense of inconveniencing human users who can spend over a minute just trying to enter the correct captcha. And no, I'm not interested in writing about it, but here's some info to help whoever wants to.

http://theory.stanford.edu/~jcm/papers/captcha-study-oakland10.pdf http://blog.adscaptcha.com/2010/06/18/captcha-difficult-humans/ http://www.johnmwillis.com/other/top-10-worst-captchas/ http://meta.stackoverflow.com/questions/42109/do-the-captcha-words-get-more-difficult-over-time

I'm not. The very nature of CAPTCHA being a nightmare to humans but easy for bots to slip past is so much of a problem that I doubt the alleged purpose of CAPTCHA. They're also not talking about it because they don't want us to know the real purpose. If this managed to slip into Wikipedia (or worse, a reputable mainstream source), people would realise they're being lied to about why they have to type in some cryptic code 50 times every time they sign up to a website or send a message. If the purpose were what they say it is, it would no longer exist because it's extremely broken. My speculation is that the purpose is to keep humans out and let bots in, but that's just speculation. I know, however, beyond a shadow of a doubt, that it's not about keeping bots out and letting humans in. I also know, beyond a shadow of a doubt, due to the fact its real purpose is kept secret, that its real purpose is a shady one. 71.207.183.254 (talk) 15:36, 30 January 2013 (UTC)

YES! This article shouldn't perpetuate the demonstrably fake "purpose" of CAPTCHA, and has a duty to its readers and neutrality to report on the facts about CAPTCHA, alongside the claims of its proponents to discredit them. CAPTCHA proponents don't really believe CAPTCHA does what they say it does. They just know people hate spam, so if you say something is anti-spam, no one questions it. But, CAPTCHA is demonstrably not anti-spam. On the contrary, it's PRO-spam. Why does it exist at all? We may never know. But we at least have a duty to report on what we know is NOT the reason.50.168.176.243 (talk) 18:50, 6 September 2014 (UTC)

I agree this would be a good section to have if properly sourced. Captchas do seem to be getting out of hand, and I wonder if using them makes sites much more difficult to use, especially for older folks. Stevie is the man! ^{Talk • Work} 17:31, 21 December 2011 (UTC)

I have to "+1" this. You are faced with unusually long timeouts if you miss these captchas at certain sites and I cannot even make out what to do with the few sound captchas that I have attempted because the text ones are starting to become too difficult (considering you face a long timeout on a single failed attempt). — Preceding unsigned comment added by 71.82.3.3 (talk) 17:58, 2 September 2012 (UTC)

Absolutely: latest captchas, such as those implemented by Blogger since 2011 or so, are so complicated that even highly intelligent people need to take their time to think what the heck is written there and may need to reload the captcha several times. Distorted audio is no help, specially if English is not your native language. Personally I have removed all captchas from my blogs because I do not wish to handicap readers who wish to comment - incidentally I do not get any more spam at all (and the little that comes you just need to police it).

I believe that something should be written about this "extremism" of modern captchas. --Sugaar (talk) 14:07, 27 September 2012 (UTC)

I never knew what to call these until today. I just thought of them as a security scramble. Anyway I hate these things. Besides the upper and lower case problems the letters are so distorted that a "u" looks like a "v" or a k is an lc or such. the example showing "following" looks like it could be "fellawing". There's times I've tried a six or more attempts to get it.71.218.254.85 (talk) 00:34, 25 August 2012 (UTC)

One time I tried an audio CAPTCHA and it was completely unintelligible. The visual ones on some websites are difficult, but the audio one was just garbled noise. 74.96.75.239 (talk) 23:34, 16 May 2013 (UTC)

They are hard for me. The 1st puzzle is not possible. After 15 flips I just type. I get 'okayed', so maybe I am too attentive. Or have poor hand eye coordination. Aren't they easy for 'normal' people? Maybe the difficulty is spacial or relates to abnormal visual processing. most of us have autistic traits. Or is it just me again?Romanfall (talk) 17:02, 30 January 2013 (UTC)

They're nightmares for the dyslexic or anyone who can't read a doctor's handwriting. Sometimes you get wingdings or foreign alphabet segments. — Preceding unsigned comment added by 50.135.167.21 (talk) 04:40, 5 May 2013 (UTC)

The section on circumventing using humans talks as if it's a theoretical idea dismissed by all major players, which is 100% nonsense. There are plenty of extremely cheap and reliable services, presumably profitable, which make it completely trivial to bypass any captcha. It's not like any of this is new, so... what the hell? This section needs to accurately document the actual fact of the situation. Ellisthion (talk) 11:28, 26 December 2014 (UTC)

It appears this abbreviation is becoming genericized into a common word. People are now commonly using it in sentences as "do the captcha and then.."

Is it moving away from full abbreviation capitalization all the time?

As a proper abbreviation, it apparently should be "CAPTTCHA" .. "Turing Test" -- DMahalko (talk) 16:59, 8 November 2015 (UTC)

I was surprised to see no mention in this article of the above, nor any Wikipedia article on the subject. I exclusively use this much more user-friendly technique which, instead of forcing the user to prove his or her humanity, instead tricks the non-human user to reveal their botness. 208.81.28.208 (talk) 18:53, 9 October 2015 (UTC)

EDIT: Because it's not profitable to Google, whereas the millions of man-hours in OCR labor they harvest from reCaptcha users is. — Preceding unsigned comment added by 68.231.185.52 (talk) 05:15, 19 December 2015 (UTC)

For the life of me, I can't figure out what this paragraph means:

Hi were rype more captcha Vijay241952 (talk) 13:25, 26 January 2017 (UTC)

Looks like somebody fixed it. --Guy Macon (talk) 18:36, 5 November 2017 (UTC)

The article currently claims that "CAPTCHA" is a backronym, meaning that the words were chosen to fit the existing name, but if that's true, it doesn't explain where the name came from. The source for that sentence only says that "CAPTCHA" is "short for" the given phrase, which would support it being a normal acronym.

Any further information? 2.25.149.9 (talk) 19:49, 29 May 2017 (UTC)

There is no rule saying that a backronym cannot also be a neologism. --Guy Macon (talk) 18:44, 5 November 2017 (UTC)

it is a PASS cloud platform for developer based on cloud foundry — Preceding unsigned comment added by 171.83.19.136 (talk) 16:08, 21 March 2018 (UTC)

CAPTCHA for authenticator and factual verification??? 124.106.140.191 (talk) 21:42, 16 July 2018 (UTC)

What about visual Captcha, where the human operator has to distinguish the shape? ("check all squares with cars"). Also, Stanisław Lem mentioned captcha in his books in the 1960s (! - a hint: it was employed in an elevator, with a chatbot). Zezen (talk) 06:35, 17 July 2017 (UTC)

Got a citation or a book name and page number for the Stanisław Lem claim? --Guy Macon (talk) 18:46, 5 November 2017 (UTC)

Hello, I'm Omar Mehrez and I'll be reviewing your article in the context of a project of my masters degree (VS2I).

First, I find the article quite detailled and well written. My comments are more about the form.

• Form

      History

---> You can replace the "Such that a filter ..." with " So that the filter ..."

      Circumvention
           Machine Learning-based attacks

I don't quite understand the sentence : "As a result, there were many instances in which CAPTCHAs were of a fixed length and therefore automated tasks could be constructed to successfully make educated guesses about where segmentation should take place." ---> I guess it's a bit hard to get because it does not contain separators, such as ',' or '.'...

What do you mean by "which made the test much easier to game." ---> Do you mean "wich made the test much easier to solve." ?

What do you mean by "algorithms were created that were successfully able to complete the task..." --> Do you mean : "algorithms were created to successfully complete the task"? Or "Algorithm that were created completed successfully the task..."

• Context

I Hope you can Develop further the "Relation to AI" Paragraph"; maybe adding details about the Use of Captcha solving to train AI.

Do you have references for the alternative method "MAPTCHAs" ?

Omhz0405 (talk) 21:50, 30 January 2019 (UTC)