Hand gesture CAPTCHA

As a user trying to complete a task, one of the last things I want to do is first play a game.

Imagine going to the grocery store. You just want to buy a freaking pack of milk. You’ve got a good number of other things on your mind today and you’re just going in for some milk, and you’ve allocated, like, 15 minutes for this simple task.

But when you get to the door, there’s some clown there, asking you if you really want to go inside. “Sure, I want to go inside,” you say. The clown laughs at you and asks “Are you SUUUURE??” and you say “yeah dude I’m totally sure I want to go into the store” and this continues for a bit. Then the clown says “well how about we make a balloon animal first? We can make it a cow, since you want to buy some milk, and dontcha know, milk comes from cows! Did you know that? That milk comes from cows? That’s why a cow balloon would be so great!”

At this point if you’re me, you want to kill the clown, but I do suspect I’m a more homicidal individual than most of the nice folks here at Sitepoint, so let’s say you’re getting a slight bit exasperated at this point. You can’t get past the clown, 'cause he’s blocking the whole doorway, and other people are being blocked by other clowns, but those people all went to balloon-animal-making school and graduated summa cum laude and can whip out a goddamn balloon animal in freaking SECONDS and so they’re just whipping out these silly balloon animals (complaining as they do it, of course, because it’s stopping them from also buying milk or diapers or whatever the hell, but at least they aren’t worrying about never getting into the store, so for these folks it’s but a minor inconvenience, like putting on pants in the morning), and then there’s some other people who went to balloon-animal school and didn’t even graduate but, if they try a few times, they often can eventually get it and go inside. And if not, they go to the sleazy convenience store around the corner without clowns to get some milk that might not be expired, if it’s Thursday and the date is an even number and everyone else didn’t buy it all up yet.

You, on the other hand, have forks for hands (due to an unfortunate culinary accident), and you could try all damn day to make a single freaking balloon, let alone a whole twisty amazing balloon cow. You’ve pretty much got something sharp and shiny and in a very sensitive bodily cavity right now.

So you have a couple of choices:

• you could stop drinking milk. After all, water comes from the tap inside your house, and your kids can learn to do without luxuries like milk… after all, milk is for baby mammals, not adult ones.
• you could go ask a handy friend who graduated from balloon school to get some milk for you.
• go to the ghetto convenience store for the chunky stuff. Still has calcium!
• even worse, your kids are in balloon school right now. You could get your kids to do it for you. As an adult who wants to be independent as much as all the other adults around there, asking your kids to do something as simple as getting a pack of milk is… well, depressing. Asking your kids to click a button on an inaccessible website, read an error message to you, translate ASL (or English) for you, carry you into a store… this is dependency, and it’s a frustrating thing for adults who want to be able to do things all by themselves like everyone else, not be a burden, have jobs and pay taxes and buy houses and marry and have kids and barbecue with the neighbours.
• rage on the internets whenever the topic of balloon clowns comes up.

Making a friendlier balloon clown is… not a bad thing per se, and certainly has good intentions! It’s also an interesting idea, as far as the method it attempts (even though it has nothing to do with humans, robots, or spam really…). But this might explain why the idea of a better balloon-clown just doesn’t fill me with glee.

If a CAPTCHA were one of those absolutely required pains of life, like death and taxes, then trying to make it fun or suck less can be a worthy endevour, I suppose. However, I do not believe a CAPTCHA is something on the level of filling out taxes, or wearing clothing in public, or eating – something we pretty much have to do to continue as we want in our society.

Instead, it’s pretty much the #1 barrier of just about every blind person I know. In fact, I’m part of a newly-formed co-op of mostly blind/low-vision programmers and freelance geeks, and our marketing person was pretty much locked out of every possible place we could sign up for to get our press releases out into the new world by CAPTCHAs (her Web-Visum plugin wasn’t working for some reason… it’s all working now tho). Making them more fun wouldn’t have prevented her from being locked out of places, wouldn’t have prevented her from being pretty much stopped from doing her job, wouldn’t have meant much of the internet is basically blocked to the folks in my company.

The insistence of determining if a user is human by determining if they can see, or have certain recognition skills, or certain motor skills, or can add 2 and 2 (bots do this much better than simple finger-counters such as myself) is really the main problem. Of the Internets. Of the first world, and increasingly of the third world as the internets get more important there and the numbers of disabled are much much higher than in the first world.

None of this is a particular critique of this particular attempt at CAPTCHA, to be clear and fair. I just think it’s not solving what I see as the real problem. It’s solving some other problem, something to do with creativity and CAPTCHA options, I think,

[font=calibri]

I managed to make it work, but quite frankly the accessibility and usability there is horrendous. It took me ages to work out what I was trying to do, and whether it mattered that the hand was reversed and some fingers were curled. When they get crossed over, it’s even more difficult. Yes, I managed, but I’m trying to imagine my parents coming across that and even understanding it, let alone successfully completing it, and the answer is simply “does not compute”, and they are reasonably computer savvy people who buy lots of stuff on Amazon and eBay, look up venues and restaurants, book holidays, do internet banking and so on.

I was going to critique the instructions, but actually I’m not going to, because even if the instructions were better I wouldn’t want to see this deployed on actual websites. Any manual captcha system is a nuisance, when things like time traps and honeypots are generally pretty successful, and anything as complex as this is going to have a monumentally high failure rate.

Poes – I wish, I wish, I wish that you would accept awards so that we could recognise the outstanding contributions you make to these discussions. I really did LOL as I was reading that, it is both brilliantly funny and also absolutely perfectly true as well.[/font]

[ot]

Indeed. I’m in full agreement there. :award:[/ot]

[ot]

+2. But I’m not going to fret over it right now, as I feel like going and making some balloon animals. I think I’ll make a cat.[/ot]

Wow! It was a cry from the hart! Come on, guys, don’t get me wrong. I’m just an ordinary guy, trying to turn something that is real bad, insecure and inaccessible by almost everybody into something, that is may be just slightly more accessible - that’s all. Frankly speaking, IMHO, captcha is a curse of free web, and the only way to get rid of it permanently (also IMHO) is to give up the idea of anonymity itself. So, the only way to get into the shop without bothering the clown in the doorway is to replace this clown by a policeman. To show him a passport every time can be much better idea? (I’m sure - more convenient for some people). May be both? To give you freedom of choice? Why there should be somebody in the doorway AT ALL? - you could ask (and cry :). Hey, internet is not a real life, sure, but it’s not a dream-world also. It has some obvious advantages, but disadvantages (derived from advantages, by the way) as well, so … this off-topic is real HUGE, but meaningless and useless, I think.

Thank you! Indeed, It only means, that the quality is bad :(, but, what if there was a clear photo of a real hand (just imagine)? Does it make sense? By the way, you’ve said something about instructions - what it should be? I tried hard to make it short and explicit at the same time, but English is not my native language, as you may guess

The mistake with most of these captcha methods is that they put the onus on everyone, including honest people. The ideal method is to leave honest people alone and filter out the bad guys. So the trick is to identify the traits of the dishonest ones and target those. For example, a bot will fill out a form in a flash and submit, whereas a real human will take a while to do the job. So, put a timer on the form, and abort it if it’s filled in too quickly. That’s the sort of thing that should be pursued, instead of making honest people jump through hoops. I’ve tried your captcha 5 or 6 times, and each time I have done it correctly (IMHO) and yet still failed to get past the gatekeeper. The only reason I tried it once was to test it out for your sake; but as I’ve said above, in the real world I would not bother, as I long ago decided not to play insulting games like this.

I can’t hate you for trying to do something about the problem, fer sure… Guess it’s my Inner Social Justice Warrior or something.

You aren’t just speaking for people on the “fringe”, though—at least on this matter. As someone who doesn’t really have any “disabilities” as such (except perhaps cognitive, if my wife is to be believed), I find captchas near impossible to get right a lot of the time, and it drives me nuts [said the guy with a steering wheel on his lap]. This is an accessibility issue that affects everyone.

Someone on the twitters suggested that, in addition to my mountains of b*tching about CAPTCHAs, that this thread’s probably also a good place to link to alternatives, even though they’ve been posted before in other random places. Good idea.

Karl Groves lists a bunch he personally uses together to create one uber-super-system:

this is an oldie which has apparently been the basis of some WordPress and other anti-spam plugins:
http://nedbatchelder.com/text/stopbots.html

for example some techniques mentioned on http://daniemon.com/blog/block-comment-spam-without-captchas/ link to a plugin called Cookies for Comments which combines techniques but mostly uses the unique timestampy id thing.

So, captcha-haters all around here Seriously, guys, captcha is just a method. Please, don’t demonize it! Is there any possibility for friendship? Your highly adored (and quite sophisticated) methods with timers, filters, honey-pots can be very effective, sure, but sometimes it’s just not enough! If some suspicious attempt was discovered there by these services, why not to offer him to solve a captcha? Real strong (unbeatable may be) captcha? I would have no objections here! As an example - just recently I’d been trying to register on some site and got the same answer all the time - “Spammers are not allowed” - something like this. No further explanation! Is it more fair than captcha’s approach? I spent some time trying to figure out what’s wrong till remembered that I’d forgotten: I was using proxy. Stupid, you think? May be. But I had no clue what was happening and who was a real stupid here: me, my computer or some web developer (Ooops, I didn’ say that ). Captcha at least let me know that the only one fool here - it’s me (in most of the time - if it works correctly). So, something like this - your turn

I think you’re getting there – use the Captcha when the hidden, non-intrusive, automated tests suggest that there might be a problem. Or put it in for manual approval. But use those other tools first, and if they suggest the attempt is genuine then accept it without any further challenges. Only if you try that and find that you’re getting loads of bogus attempts being passed should you consider making users jump through hoops.

Dammit. First, I have to say the ajaxy-saving method crap here does absolutelyy ZIP. I’m retyping this for the second time. I breathed on a button apparently.

You know, I don’t want to be the douchebag who tells someone they’re re-inventing the wheel badly, if only because it’s through someone screwing around with something that new things get discovered. Like that dude who found mold ruining his kitchen experiment and decided to just see what happened instead of throwing it all in the trash because sht was definitely certainly fcked. Bam, we get nice new drugs, because he didn’t listen to the rest.

There was a guy here on the forums a while back, wanting to use regular expressions to “parse” English to reliably separate full sentences. While the rest of us pointed out the innumerable exceptions he’d need to even start getting normal sentence separation and his regex started growing tentacles and smelling like old socks, and while we told him “trying to parse a non-regular language (such as a natural language, which is not regular) with regular expressions (even non-regular regexen with lookaheads and lookbehinds and the such) will call Zalgo and you should use a natural language parser instead”, I think we may have prevented someone from going ahead and doing something we thought was stupid, when possibly he could have either

• taught himself better than we ever could by his attempt failing, or
• discovered something we’d never see because we “knew better”

He kept saying “well but nobody’s even tried this!” Now, lots have, that’s how we’ve all learned the hard way the limits of regexen, but… it was probably wrong of us to push down on his head to make him stop, because that’s kinda dumb to do to someone excited about trying something out and getting the experience of Doing Stuff.
Honestly, I’ve never seen a CAPTCHA that was anything like this before. It’s probably not a good CAPTCHA (if there was such a thing), but that doesn’t mean it’s not interesting or could never be useful.

Getscha, keep working on this. It could end up being a new idea in something in e-learning or physical therapy or lord knows what. Don’t let us depress you into just stopping. What do we know? We know that CAPTCHA sucks, which you already know and have agreed with us and was the whole reason you started this in the first place… and my only legitimate point is that CAPTCHA is not only annoying, it’s discriminatory, but that alone isn’t reason to abandon this idea. It’s unusual. That means it demands thinking in unusual ways. Which may or may not run into a dead end… which you won’t know until you try it, and you’ve been trying it with us… well, listen to us (LISTEN TO ME, ME, MEEEE!!!), but I can’t say this is a totally worthless endeavour.

Keep us posted on where this goes.

As an example - just recently I’d been trying to register on some site and got the same answer all the time - “Spammers are not allowed” - something like this. No further explanation! Is it more fair than captcha’s approach?

No way, that’s totally user-hating and wherever you were trying to register (even if it was here!) doesn’t deserve any users if they treat them that way. That’s where all my hate come from-- making life even crappier for human peoples because some developer wanted to whip out some easy-for-him but hard-for-users solution. CAPTCHA is a “solution” people whip out because they’re told “it will stop spam”. Bah.

But I had no clue what was happening and who was a real stupid here: me, my computer or some web developer

They say, Einsteins, when they sit behind a computer, immediately lose 50 IQ points and become Gumps. No matter how “smart” the user is, unless they’re actually building freaking nuclear rockets with that web application, they should be as smart or as stupid as people just are, and should be able to fulfill their tasks without headache. The developer was the dumb one here, not you, no matter if you actually were stupid or not. If a developer can’t build it idiot-proof, it’s not ready for the real world and needs fixing. What’s the definition of a “good developer”?

Captcha at least let me know that the only one fool here - it’s me (in most of the time - if it works correctly).

CAPTCHA’s job isn’t to determine if you’re “good enough” to join a forum, buy a service, add a comment, or scratch your butt. It didn’t tell you that you were stupid or made a mistake-- you’re a person, which means you automatically do those things (stupid things, make mistakes). Good applications work with this, because they’re built for people, not infallible machines. Bad applications make you feel like crap for being a normal stupid average screwing-up human being.

And that’s just wrong. Internets don’t need more of that. We have TV and hipsters to tell us we’re dumb already.

Nice sentiments, poes.

I guess the ideal would be a non-intrusive first layer (time stamp etc.) and then present a captcha if there is something fishy—like a proxy or whatever. At least the most legitimate users get through the door without being hassled, while the others get a second chance—albeit harder.

Anyhow, saw this online today (or a version of it) and couldn’t resist posting it here:

I took a look at the page linked in the original post.

If that were ever to appear on a page I’d do what I did this time - hit the back button and leave straight away.

These days it is relatively easy to install a two tier CAPTCHA approach where the first CAPTCHA is completely invisible to the user and those who pass that one (taking long enough to fill out the form, having JavaScript enabled) get in without ever seeing the second CAPTCHA - which is added to the already filled out form when a fail of the first CAPTCHA occurs.

Oh, I’ve got it, finally! It’s all clear now for me, I was a real stupid, sorry. Caused so many words about something so little concerned the original topic but can’t even understand what it’s all about. Now I understand: the whole fuss is about “captcha’s ugly face of discrimination” and why it’s so appealing to developers (the last is even more important, right?). But I absolutely don’t mind your holy war against that! Although, I, personally, believe in much more natural ways for justice here. Internet is a living being and it will die without our love :). There is no need for a fight! I’ll try to express it in several words: user-unfriendly sites will just die out by themselves because a lot of others are around - my captcha hardly could change it. There are a lot of us, who ignore such sites already and will be more - this is what I’m talking about. So, you try to propagandise your vision here - OK, but is there anybody here who can say something on topic?

[ot]

I love it.[/ot]

… which just goes to show you can’t please all the people all the time. As I said at the start, I like the idea.

I agree with everything that’s been said about captchas as an accessibility nightmare and the sooner they become a thing of the past the better, as far as I’m concerned. However, from a purely personal point of view, I do find this an improvement on the standard letter-based captchas. My vision is fine (as long as I’m wearing my glasses), but I have problems of perception. I, too, find captchas so difficult that I generally abandon sites that employ them, unless I absolutely have to use that site, but I found this easier to deal with. Perhaps it’s because there are a more limited number of possibilities, which reduces with each dot you assign.

On the other hand (no pun intended) I also have problems of co-ordination, and on a bad day, would have no chance of completing this. But then, even on a pretty good day I have no chance of completing most current captchas, so that’s still an improvement.

Agreed.

I’m never going to fail a test for being too fast at filling out a form ;), but if suspicious behaviour includes repeatedly mistyping things, putting the wrong information in the wrong field or being unable to provide a phone number, then I could well be suspicious. In that case, I would much prefer the option of this task to a “normal” captcha.

Just a personal view. (I think I’m wandering into the territory of poes’ other excellent post. Other excellent recent post, I should say - otherwise it sounds as if she’s only ever made one. :x)

Thank you, TechnoBear, so much! Actually, when I’d been thinking about an early concept I meant to give some improvement not only to people without any health problem, but may be to people with dyslexia (and children of’ course - as a father). Actually, I don’t know if they would really need it, but still. So, your comment blows an extra amount of wind in my sails!

Hi, everybody, it’s me again. I’ve just reread comments carefully and, actually, if I could I’d wipe out the whole topic. Never thought, that I can be so arrogant - but I just wasn’t prepeared for such a strong dislike for the topic itself, that was shocked. I’m sorry. Bye.
P.S. Thank you, TechnoBear, once again!

Hi, guys, it’s me again. Please, try the new version - now with significantly improved graphics. I’ve made my best to show everything as clear as possible here.