On 9/20/05, Steven Lumos <steven / lumos.us> wrote: [...] > OCR isn't *that* easy. Humans--even young children--far exceed > machines in discerning even relatively clean machine-print characters. Yes, I understand that. However, CAPTCHA is also proving to be relatively ineffective and against accessibility standards. If you have to follow US Federal 508 guidelines, you shouldn't use CAPTCHA. As noted on the various discussions that I linked to, the large sites that spawned CAPTCHA have now abandoned it. [...] > The research at Lehigh is interesting. > http://www.cse.lehigh.edu/~baird/research_hips.html Interesting, but I believe it will be ultimately fruitless. If I am visually impaired but do not, for example, have audio attached to my computer, then an audio CAPTCHA is just as limiting as a visual CAPTCHA. Even the logic puzzle CAPTCHAs -- the most promising of CAPTCHAs -- are often culturally or linguistically exclusive. >> Basically, my advice is to forget CAPTCHA and go with double >> verification. You can even provide multiple levels of user >> accessibility, allowing immediate access but nothing that could be >> construed as spam until they have verified their identity in some way >> that is accessible. > I guess you're talking about email, but that is considerably less > difficult for a machine to pass than CAPTCHA. Verifying that some > thing that gave you an email address has the ability to view messages > sent to that address doesn't prove much. Not necessarily email. Google has solved this for GMail and Google Talk with SMS, as the number of people who own computers and the number of people who own cellphones has a high correspondence. Other systems can solve it with multiple levels of privilege. If you have a bulletin board, then someone who has signed up but not yet verified might have command set X (maybe posting new messages to the support forum once every four hours and replies to any forum once every fifteen minutes). After they've verified, they might have the base restrictions lifted and get command set X + Y (posting new messages to any forum every thirty minutes, replies every five minutes). After they've participated on the site for ten days continuously or thirty days sporadically, they get full posting and reply priveleges. Or maybe they don't get PM capabilities until thirty days. CAPTCHA don't work nearly as well as people think and they're inaccessible. There is a reason that Ruwiki will never support them. -austin -- Austin Ziegler * halostatue / gmail.com * Alternate: austin / halostatue.ca