[ElliotH]

The more I see of 'original' captchas, the more I think people should be taking the same attitude towards captchas as they do to cryptography. Just use a well known library that has proved to be hard to break by the test of time and heavy use.

[merlincorey]

Like ReCaptcha? Man, I was signing up for something last night and failed to solve it 3 times. Captchas are getting harder for humans to solve than bots - is this really a good thing?

[ElliotH]

(is your ReCaptcha reference to it being broken? If so then I think my point is proved by how quickly it was fixed)

As for making it harder for humans, I very much see your point, but the solution isn't to come up with some of the trivial captchas that many come up with by themselves.

[Uchikoma]

I came to the belief this is the goal to make human captcha factories more expensive.

[franzus]

The price for human-solving 1000 captchas is $2. You get ~98% accuracy. There is no secure captcha library.

Captchas as a concept are flawed and should be replaced by something that $works. (Don't ask me what that could be - I have no idea.)

[ElliotH]

Oh, I agree. But I'd argue a working captcha is at least somewhat preferable to a broken poorly made one, even if they can both be trivially mechanically-turked.

Sadly the only solution I can see to the overall 'Captchas are broken' problem that's current available is forcing people to link to an established identity like a Google account or a Facebook account. This then of course recurses to how can you prevent automated Google/Facebook sign ups. I wonder whether Google/Facebook could use some kind of heuristic for detecting genuine users of the service? (maybe a Facebook account that plays games or uploads photos regularly, or has attended a few events could be a threshold?)

[blake8086]

I keep waiting to see them replaced with proofs-of-work.