[Webteam] Demo: Contact us with Captcha
Lukas Renggli
renggli at gmail.com
Sun Mar 23 08:50:52 UTC 2008
Most (if not all) todays captchas can be broken with a reasonable high
certainty by robots, see [1] for an example. Moreover, captchas impose
a huge usability issue to humans. Personally I try to avoid filling
any form with a captcha, this is simply too cumbersome and feels so
Web 1.0.
There are many much better ways to make it much more difficult for
bots to submit forms automatically, and these techniques don't even
require additional human interaction. May people have blogged about
some ideas, for example [2].
Seaside uses the technique of the secure token since the very
beginning for all its forms automatically. There is not even an
interaction required by the web developer. At OOP in Munich I showed
some other security features that Seaside comes with out of the box
[2]. So far, not a single spam post has appeared in my blog comments,
even if there are dozens of strange post-requests visible in the log
files on a daily bases.
So please, no captcha. This is so extremely annoying!
Cheers,
Lukas
[1] http://www.cs.sfu.ca/~mori/research/gimpy/
[2] http://www.slideshare.net/renggli/seaside-web-development-as-you-like-it
[3] http://nedbatchelder.com/text/stopbots.html
--
Lukas Renggli
http://www.lukas-renggli.ch
More information about the Webteam
mailing list