Verification step is a serious usability problem

Started by James---, April 24, 2012, 11:45:46 PM

Previous topic - Next topic

James---

When entering the verification in order to post to a topic (happens only for new members),
the verification/anti-spam code is so hard, that it nearly can't be passed!

I tried a few times and it was simply to hard to solve the letter combination.
The sound doesn't work either.

So in my opinion - this is a serious problem. You want to reply to a post without
solving any hard puzzle that is impossible to solve.

Why do you think? Problem or not?
Een forum starten in 5 stappen: http://www.waardevolleartikelen.nl/?p=4 (mijn visie)

mashby

It is indeed a bad user experience. I was attempting to register a username earlier (one I knew would fail) and spent 10 minutes determining what the heck the letters were supposed to be. What used to pester spammers is now pestering real people (like you and me). Not sure what the alternative solution is though. Verification questions aren't likely the best idea considering the language element. Once you get past 10 posts, you won't experience it any more, but I can see users getting too frustrated to get past 10. What would Brian Boitano do? :)
Always be a little kinder than necessary.
- James M. Barrie

青山 素子

Yeah, it's painful here, but given all the different languages written here by members, many of whom don't know a bit of English, using something more clever like verification questions would be a big problem. Of course, for a more focused forum, the owner will likely only have to deal with one language.

Frankly, I'm not sure what a good solution would be for this site.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Kindred

actually, I turned off CAPTCHA completely on my sites.
I use Stop Spammer and Bad Behavior + HTTP:BL
Maybe we should consider adding those here for possible inclusion in future versions (despite our usual problems with including 3rd party stuff)

mind you, I actually also use questions....   but the two mods above seriously cut down on the spam count that even get to the registration.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Thantos


Colin

James I completely agree. It is a huge pain. The audio is easier if that helps. It is a shame spammers are such a huge problem.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

青山 素子

Quote from: Kindred on April 25, 2012, 10:12:47 AM
I use Stop Spammer and Bad Behavior + HTTP:BL
Maybe we should consider adding those here for possible inclusion in future versions (despite our usual problems with including 3rd party stuff)

The problem with those is that they catch a lot of innocent non-English users, often because their country proxies a majority of users through a small set of IPs.
Motoko-chan
Director, Simple Machines

Note: Unless otherwise stated, my posts are not representative of any official position or opinion of Simple Machines.


Antechinus

Quote from: mashby on April 25, 2012, 12:19:06 AM
It is indeed a bad user experience. I was attempting to register a username earlier (one I knew would fail) and spent 10 minutes determining what the heck the letters were supposed to be. What used to pester spammers is now pestering real people (like you and me). Not sure what the alternative solution is though. Verification questions aren't likely the best idea considering the language element. Once you get past 10 posts, you won't experience it any more, but I can see users getting too frustrated to get past 10. What would Brian Boitano do? :)

Honestly, given the issues mentioned with genuine users not being good at English and/or living in countries that use a small range of IP's, I think for this site we just have to accept that we're going to have to deal with a fair bit of it manually. It sucks, but there may be no alternative.

Using a difficult verification image is completely useless IMO, because these days all captchas are cracked anyway and the solutions are readily available and cheap as chips. The result of this is that regardless of how high we crank up the image difficulty, all it will do is bugger up genuine new members while doing SFA to reduce the number of bots.

Kill it. Kill it now. :)

James---

Thanks for all the useful replies.

Maybe they can replace the current code with normal catchpa widgets (those red things you see on the web).
I am not an IT man so won't know if it will help.

Oh god ... this is going to be another 10 minutes waste of time. Luckily this one will be my 9th post.
Een forum starten in 5 stappen: http://www.waardevolleartikelen.nl/?p=4 (mijn visie)

busterone

Maybe cutting the post limit down to 5 will help some.  I cut mine to 3, but of course I also use stop spammer and httpBL, so very few ever actually get registered.

mashby

Bots have an easier time registering and posting than do humans. Where's the logic in that? :)
Always be a little kinder than necessary.
- James M. Barrie


busterone

I must have been really tired when I posted. Yep, the bots do make quick work of unrestricted post access. :)

Akyhne

Just be happy SMF doesn't use Rechaptca. That's a real killer. I fail 9 out of 10 times on other sites.

The team could use my avatar verification mod and mod it to posting too, or make something similar. It's much easier just clicking the right image out of 10. Would stop just as many spammers, I guess.

MrPhil

Given that bots have advanced to the point where they seem to have an easier time with letter CAPTCHAs than people do, perhaps it's time to retire letter CAPTCHAs (or at least, don't use them as your sole line of defense). Other kinds of visual puzzles are possible, such as "identify the missing piece of the puzzle", or "what time does the clock face show" (use ornate hands, rotate the picture in random amounts, reverse the image, use abstract symbols instead of numbers [so long as 12 o'clock is distinct], put the watch stem at random locations, etc.). How much this will help with Third World humans in a spam farm remains to be seen. It shouldn't be any special problem for non-English speakers (provided the instructions are properly translated into their language), but blind and other handicapped users may have a problem here.

As I've said many times before, applications can't depend solely on a hard shell to prevent registrations by spammers (CAPTCHAs, other visual puzzles, Q&A) or harass newbies until they've "proved" they're probably not spammers. An application needs to implement in-depth defenses to examine posting patterns (including a large number of posts on the first day that a new member posts) as well as each post for suspicious qualities, and hold those out of posting until they can be reviewed.

Arantor

Quotebut blind and other handicapped users may have a problem here.

And therein lies the problem. None of the current solutions that 'fix the CAPTCHA problem' adequately deal with such users, and when they do offer an alternative, it's invariably an audio CAPTCHA - and you know what? Audio transcription of samples made deliberately clear so as to be understandable is a reasonably easy task.

In fact decoding SMF's current audio CAPTCHA is in fact *EASIER* than OCR'ing the visual CAPTCHA. (And interestingly, it's how reCAPTCHA was first broken in any kind of widespread fashion)

Akyhne

Quote from: MrPhil on July 17, 2012, 07:54:45 PM
Other kinds of visual puzzles are possible, such as "identify the missing piece of the puzzle", or "what time does the clock face show" (use ornate hands, rotate the picture in random amounts, reverse the image...
My mod randomly does some of those tricks, like rotating, stretching a part of the image or zooming in on a part of each image.

Advertisement: