Monday, January 14, 2008
I'm Using a New CAPTCHA Engine
I've been using Captcha Control by Jeff Atwood (the brilliant mind behind from CodingHorror.com) for a little over a year now on my sites and I've been very happy with it. In case you don't know what a captcha is, a captcha is an acronym (often seen CAPTCHA) which stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". People like me use captchas on signup/etc pages to stop automated scripts/bots from submitting information (such as spam on a forum).
Like I said, I've used Jeff Atwood's freely available Captcha Control (get it here) for a while here on our sites and been happy with it. It is solvable so it isn't 100% foolproof (judging by the automated signups I get) but it probably stops 99.9% of the spam. But it has one recognized problem - if you are visually impaired, it stops you more effectively than it does the spammers. Yikes - not what I wanted :( You see, Captcha Control doesn't feature an audio-only version of the captcha; if you can't read the already-hard-to-read letters, you can't register (or, in my case, download a free video since I use captchas to protect our bandwidth). I've gotten a few comments/emails/phone calls in the past month from people who wanted to download a free video but they were unable to solve the captcha and thus weren't able to download. So I began the hunt for a new captcha engine.
First question I had to solve is the, "Is it better to buy/use third party or build it myself?" Easy - buy. Building and maintaining a captcha engine is tough and requires insane algorithm knowledge - I had no intention of building. Next question - who to use? I ultimately settled on reCAPTCHA (get it here) which is FREE, thus making it quite attractive :)
What I like about reCAPTCHA (other than the cost) is that it is sooooooo easy to use both as a developer and as a user. It has tougher-than-average captchas to solve, it features audio captchas, and lastly it is a community effort - solving captchas with reCAPTCHA actually goes to a good cause. From their website:
About 60 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that's not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? reCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into "reading" books...
... how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.
Very cool - we all want to help out, right?
Tomorrow I'll record a series of videos on how to add captchas - both Jeff Atwood's control and reCAPTCHA - to your ASP.NET applications but, in case anyone is paying attention, I wanted to give you a heads-up and let you play with the captchas on the sites. If you want to try them out, just append "/FreeVideos/" onto the end of any of our domain names like this:
* http://www.learnsqlserver.com/FreeVideos/
* http://www.learnsharepoint.com/FreeVideos/
* http://www.learnexchange.com/FreeVideos/
* etc....
Let me know how you like it by dropping me a line through our Contact Us page here!
