My experience is not limited nor second hand. We get scanned by plenty of bots every day. We also see captchas broken every day by some bots. Not all bots break the captchas. Not all are trying to, either of course. But without the captchas, the ones that weren't even trying would be getting to things we don't want them to get at. It's that simple. Not a solution, just a screen door in the way - one that I don't mind asking my users to open up by hand as they come in.
-Eric ________________________________________ From: Stephen J. Turnbull [step...@xemacs.org] Sent: Monday, June 14, 2010 7:11 PM To: Eric Bloch Cc: Cristóbal Palmer; mailman-developers@python.org Subject: Re: [Mailman-Developers] UI for Mailman 3.0 update Eric Bloch writes: > I am a lurker here and can concur with Cristóbal's sentiments wrt > captchas . I run http://markmail.org where we provide a search > index for thousands of public mailman lists (and google groups and > other mailing lists as well). The captchas we use (for a variety > of purposes) aren't perfect, but they get rid of a lot of junk. How do you know? "Post hoc ergo propter hoc" is a fallacy. In my (limited and often second-hand) experience, *any* change to a form reduces "junk" dramatically. Simply using obfuscated names for signup fields (such as swapping the email address variable name and the full name variable name) often reduces signups (presumably the difference is 'bots) significantly. I've heard one report that switching from a homebrew CMS to Drupal (IIRC) was followed by a dramatic increase in signups ... most of the increase being bogus. Nothing against Drupal, just that it apparently provides standard forms for certain purposes, and 'bots take advantage. Any standard and common system (eg, Mailman) which recruits members would face the same problem. Do cosmetic changes work as well as captcha? I don't know. I do know that about 2 years ago I downloaded one of the gocr-based captcha breakers and watched it get 5% to 40% success rates against a star-studded cast (don't recall exactly, but the likes of Google and Yahoo were in there). 95% "correct" answers may sound good to a college student taking a final exam, but what that means in the case of captchas is bogus signups at a maximum rate of about 3/min. Oops. My conclusion (lacking other data) is that the cost of annoying my users is far greater than the potential benefit. I don't intend to even try to collect real data on captcha efficacy. ;-) _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9