we could do this dance until the cows come home, but i want to give it one more try... 8O
Kevin Clark wrote:
code reader wrote:
-- about 10 times more work to prepare a new question (once you have the tools)
No. You just have a box asking you to type what's in the picture.
i was talking about the work required from the board admin to prepare the challenge. think about the required actions:
-- draw or search and download an appropriate image
-- upload this image to your board
-- define the correct answer
-- and finally, set it up as the current "challenge" image/answer
in contrast, text-only challenge requires the board admin to write the challenge question and the correct answer, and press "add challenge". no search/download, no drawing, and no upload. i think it's significantly less work.
Kevin Clark wrote:
code reader wrote:
-- not usable for the visually impaired
They can email the admin, just as they already can if they cannot read the standard VC
a visually impaired person who uses a computer, and more specifically a bbs, has some means to read the screen, either by using braille reader, or with some text to speech technology. they can respond to purely textual challenge, but not an image challenge.
Kevin Clark wrote:
code reader wrote:
-- no straightforward way to log which question each user have answered upon registration (logging is useful because once you discover a spammer you can replace the question)
Don't see why that's necessary. Once you notice bots signing up you just change the image or the question.
this has to do with something i discussed in a previous post. it should be possible to define a (large) number of challenges/answers, and have the script select a challenge based on some logic: either randomly, or change by algorithm, for instance, day-of-year modulo #of challenges. this will make it more difficult for spammers to prepare a database with the correct response of any particular board. if this approach is used, it may be beneficial to log which challenge was used to register each user, so when a user is "discovered" as professional spammer/spambot, the "cracked" challenge can be dropped.
i even suggested a quick "mark as spambot" button/quick mod tool that will do everything you normally want to do when you discover a spammer: ban user, ban username, remove all posts from the user, ban IP, ban email, and finally, scrap the challenge this user registered with (if it's not the only challenge).
Kevin Clark wrote:
code reader wrote:
-- takes more space on the page than strictly textual question (not important on registration, but is important if you want to use the challenge for guest-posting)
Use a smaller image. Or a purely text based question/answer.
i totally agree that purely text based should be used, i just think it should be good enough for registration also.
Kevin Clark wrote:
code reader wrote:
-- can't be used by text-only user-agents
So use a text alternative.
ditto. if you have a "text alternative", the potential spammers can always use this alternative anyway, so in effect it becomes "the weakest link". in this case i don't see what's the point in offering a picture challenge
in addition to the text challenge
Kevin Clark wrote:
The point is that regular VC is crackable.
Being able to write your own question or use your own non-standard image makes things a lot harder for the bots.
i totally agree that the challenge is 100% useless unless it is done per board, by the board operator.
i just don't see what do you gain by using a picture over a plain text challenge question.
plain text challenge is easier to implement (no image upload required), easier for the board operator to define, suitable for all users, including text-only users, and more suitable to be used with guest posting.
in general, it is just simpler, which always held an appeal for me, while i can't see any advantage for the more complex solution.
of course, the devs did not give any indication that they are willing to implement either of these approaches.
the whole discussion has re-awakened here and now, because the devs suddenly discovered that the current captcha is not good, and rushed to replaced it with a different, equally bad captcha. we are trying to promote alternatives to the captcha approach, and we argue amongst ourselves which alternative is better, but unless the devs are actually listening, or unless either of us is willing to develop this as a mod, this discussion is not too productive.
)
