2006
05.27

Bye bye, Captcha

Captcha! was my 2nd plugin. When I started creating it, I knew this solution wasn’t very suitable for this system nor going to last forever. By that time I was using WP 1.5, and didn’t knew Akismet. I’ve already seen other Captchas, but they look rather weak to me.

With the arrival of WordPress 2.0, Akismet already became a mature solution. However, many people complained it slows down the blog system. A friend even told me sometimes it gives false positives (valid comments marked as Spam by mistake). Furthermore, if you get much Spam, examining the Spam queue to look for false positives can be tedious.

With Captcha! I never had such problems. Since I installed, only got 2 spam comments. Believe it or not, there are people out there trying to break captcha security codes using OCR techniques, like Pwntcha and this other, which assures that bypassing HN_Captcha is a task of one evening (personally I think is a company trying to sale its product, and that Captcha! is a free an quite reliable solution). Although Captcha! was initially based on HN_Captcha PHP class created by Horts Nogajski under GPL license (Thanks, Horst!), I made several modifications to make it stronger.

I studied Computer Science and learned that Captcha! is not an elegant solution: I made a rather complex JavaScript to hide the original submit button (a script which doesn’t work on all WordPress templates), and needs external files (the TTF fonts from Dafont. I don’t bundle them with the plugin to avoid license problems).

But the worst is that it put your users out: another friend had some difficulties to post a comment, and even got a bit impatient. I’ve found myself in trouble when trying to leave a comment in other people’s blog using this plugin, and the last but not the less: Users with some vision problems cound really have a hard time with Captcha!. I agree Internet is a mostly visual media (although this will change), but blogs main purpose is to trasnmit data content, not to offer beautiful designs (other kinds of webs are for that, well, that’s my point of view).

In short, captchas bother readers who were supposed to be protected. Why don’t create an antispam protection system that bothers machines instead of people? I though on a crypthographic solution, maybe using JavaScript (AJAX). But it wasn’t necessary. A Computer Science Senior already had that idea and has created WP-HashCash, which does exactly that.

I’ve installed it on my system and disabled Captcha!. It’s woking perfectly. No Spam, no Captcha, and no user problems. 🙂 So why keeping on developing Captcha!? Is it worth the hassle? No, it doesn’t.

Captcha! does not give me any revenue. I don’t earn money for this but spend a lot of time giving free support to people. In fact, I ended up giving support to people and maintaining this blog rather than posting articles (which is supposed this blog is for).

Maintaining Captcha! is tempting. Even though I stop using it, other users might still want it. Since I started developing XSPF player plugin and Captcha!, my web got lot of visits. I could keep on developing Captcha! simply to keep being more visited, but I won’t. It’s the power of the link and the ego as I explained in a previous post what compelled me to do that: To be visited, to be known, to become famous 😀

But giving free suport during my spare time is not worth the hassle (I already get paid for that in my current work), because it prevents me doing other things I’d like to do, e. g. writing posts! 😉 There are other ways to attract visits to my blog, and developing plugins is not a good one: when people get here looking for Captcha! or XSPF Player, they won’t stop to read other areas. Instead, they just download the plugin and won’t get back unless they get into trouble. I have my inbox flooded of messages asking and sometimes *demanding* support for what it’s suppose to be a hobby to me (nobody even makes a donation, by the way). And I ended up feeling a slave of giving free support to people I don’t even know, instead of spending my time in fixing up my own problems. Many people want things quick and easy (modern times) or they get frustrated and upset. I also need *my time*, and developing Captcha! took me many hours a day this last year. I have two systems to test it, but there are lots of alternative blog configurations there on the internet completely different to my ones: different PHP versions, Windows/Unix hosts, memory limitations, other plugins interacting with my this one, and so on and so forth.

Don’t misunderstand me! 🙂 I’m not serious on this. I simply think there are more interesting things to be done.

Regarding Spam, WP-HashCash and its derivatives are methods that will eventually fail in the future. This is because those methods can be made automatic (it’s possible to make a program which interpretes JavaScript, the same way current browsers do, and sends Spam; I’ve already seen 2 ways to do that in Internet). It’s only a matter of time.

Any test made to detect whether a user is a human or a machine, will need human intervention (like Captcha! currently does). Otherwise, the test method could be made automatic and, thus, programmable on a machine. 😉 So, only when current plugin (WP-HashCash) has been beaten, I will resurrect Captcha! again.

There is a Wiki in which I’ll be writing things about Captcha!, but this plugin, at the moment at less, is discontinued unless needed again.

Share