[realaravinth]

Thanks for the ping!

I used "captcha" to simplify mCaptcha's application, calling it a captcha is much simpler to say than calling it a PoW-powered rate limiter :D

That said, yes it doesn't do spambot form-abuse detection. Bypassing captchas like hCaptcha and reCAPTCHA with computer vision is difficult but its is stupid easy to do it with services offered by CAPTCHA farms(employ humans to solve captchas; available via API calls), which are sometimes cheaper than what reCAPTCHA charges.

So IMHO, reCAPTCHA and hCaptcha are only making it difficult for visitors to access web services without hurting bots/spammers in any reasonable way.

[cmjs]

Thanks for the reply! That's basically what I thought then – but as you say, traditional captchas are deeply flawed and ineffective anyway, and I totally agree that in many cases the cost to real users outweighs any benefit. So I'm excited to see alternatives such as mCaptcha popping up. It'll be interesting to see how it works out for people in real-world use.