Possibility to use reCAPTCHA instead of TextCHA

Would it be possible to include reCAPTCHA as an alternative way of protecting against spammers? I find TextCha really really annoying. I know, image-based CAPTCHA creates issues for blind people, but I find TextCHA really, really annoying. And it takes way longer to answer some of the questions for example on MoinMoin.in, than it would be with reCAPTCHA. I know, questions are customizable, but still they are really annoying;)

Plus, reCAPTCHA helps digitalizing books :)

(!) The point of a captcha-like thing is to avoid bots doing bad things (usually spam), while making it not too hard or impossible for interested humans to work with it. It is nice if reCAPTCHA helps digitizing books, but this is just a nice side effect.

A general problem I see with centralized services like reCAPTCHA is that if they are broken, they break on a global scale - every site using them will suddenly be a spam target and every spammer will be able to detect that and to exploit that. A site operator basically won't be able to do anything against this except using some other captcha method / provider. Even if there is no breach in the sense that someone writes an algorithm that cracks the captcha, there can be a global breach involving unsuspecting humans (you just require those humans to answer a captcha to view the next picture, play the next round of a game and they will help the spammer solving the captchas). Also, if you use some external service, you depend on it being available. What is if reCAPTCHA service is offline for some hours (or some days)?

Thus, the textcha stuff with questions being configurable by site admin is far superior:

So, as some of this might not be obvious to every site admin, I don't see much usefulness in offering worse methods than the one we do offer already.

(!) If you have problems with some site-specific textcha questions, maybe just read the front page of that site. If you still think the questions are impossible or bad somehow or you gave a valid answer and you were rejected, it is time to speak to the site operator about it (preferably via email). He can easily remove a bad question or make it accept additional answers. For moinmo.in, that is: talk to me. :) -- ThomasWaldmann 2009-03-25 08:38:08

reCaptcha has its place

I believe that reCaptcha has its place in the toolbox of a wiki-defender.

A MoinMoin wiki I use on occasion has a problem with automated vandals rather than spammers. A few minutes recording questions and answers to your site and Perl's handy =~ operator will enable a vandal to automatically deface pages with abandon (the script loads the edit page until it sees a known question). The site administrator can defend by creating new questions. But the vandal can then harvest answers again. Creating new questions every day or two is a major drain on time. reCaptcha is not subject to this type of replay attack.

reCaptcha is primarily an image based captcha (and thus accessible to the deaf), however, it does have an audio component for the blind (transcribing old radio shows), and thus it is accessible to them also.

An algorithm that cracks reCaptcha is unlikely because the images in reCaptcha are the images that state-of-the-art OCR algorithms could not interpret in an ongoing project to digitize the worlds great libraries. Someone who can reliably crack them can make a lot more money than spam will pay (and probably has better things to do with their time than write website vandalism scripts.)

The unsuspecting human (or room full of low-wage workers) attack works against all captchas. TextCha can also be broken that way; unless the answers are so domain specific that only experts can add to your wiki, a casual read through the wiki will reveal the answers, thus the room of low-wage workers can solve your captcha and a motivated vandal will have no problem. As an example of a motivated vandal, 4chan members spent a week solving captchas to game the Time 100 poll to spell "Marblecake also the game." The purpose of a captcha is to make misuse more expensive or difficult. It cannot eliminate it.

reCaptcha or any external service becoming unavailable is a good point. However MoinMoin's offering could easily address that problem by providing an alternate local textCha as a backup - or even allowing the administrator to designate a list of fall-backs.

My dilemma is this: I want to make it easy for random humans to edit, so I don't want to make the questions too hard. Yet I am wasting time with spam. This makes me think hard about continuing to use MoinMoin for new sites. I am lazy and don't like to have to deal with spam. If reCaptcha is just a "set it up and it works" solution, I would go for it in an instant. It takes too long to come up with good questions that foil spammers and are easy for humans to answer, and people are more familiar with answering captchas anyhow. -- JohnGoerzen 2010-09-29 13:40:42

Codereview about this: https://codereview.appspot.com/70400043/ (see feedback there)


CategoryFeatureRequest

MoinMoin: FeatureRequests/ReCaptcha (last edited 2014-05-04 12:53:40 by ThomasWaldmann)