[akg0]

Hell, in it's current form it's entirely client-side; hardly seems like it should even count as a CAPTCHA. $(form).attr("action", $("#mc-action").val()) and you're done.

Even with server-side validation, it's still trivial to break; it only requires tracking a line through an otherwise blank image.

This is fundamentally unusable as a CAPTCHA, and can't be made significantly better. The whole point of a CAPTCHA is to be difficult for computers and doable for humans, hence stuff like warped characters and image categorization. Tracking a line against a blank BG is not difficult for a computer.

[retube]

Yes. Not only is this easier to break than a character captcha, it's more painful, fiddly for the user.

[jtheory]

I don't like it for accessibility reasons, but if you have a site with n disabled users (say, a site for archers?) it might work well.

Certainly, not hard for spammers to break, but as long as it doesn't have widespread use, they won't bother putting in the effort.

[pornel]

> as it doesn't have widespread use, they won't bother putting in the effort

But this can be said about almost any Javascripty custom trick, and there are ones that no effort from user and don't have accessibility issues beyond requiring JS.

[josscrowcroft]

Naturally if you'd had a quick look at the readme/roadmap, you might have noticed that this is a proof of concept :o)

V1.0 will combine it with a standard PHP captcha, which is replaced onload.

[akg0]

I did look at the readme. The client-side issue isn't a real problem. The fact that it's easy for computers to solve, on the other hand...

I get that it's a proof of concept, but it's a concept that doesn't work. You can't make recognizing a line easy for humans and difficult for a computer. The best you could do is introduce noise and make the line a shape that humans are likely to recognize... and bam, we're back at warped characters.