Sorry about the CAPTCHA

A quick metablogging note. Those of you who comment on this blog (6700+ comments and counting, thank you all) have probably noticed that it now has a CAPTCHA, that little "please prove you're a human" test before the comment is posted.

I understand why. The MSDN and TechNet blog sites are high-value targets for unwanted commercial advertisers, for attackers who wish to attempt to influence search engines to drive traffic to their sites, and for vandals. The people who run security for this site have their hands full; we've experienced some pretty serious denials of service based on ham-fisted spammer attacks. Adding a CAPTCHA to regulate comments massively slows down the rate of successful comment spam.

That said, I'm not thrilled about this. I find CAPTCHA-style solutions distasteful for several reasons:

  • The benign commenter -- precisely the kind of person we want to encourage -- is forced to do additional work. This is a small but nonzero disincentive to writing comments.
  • Sometimes mistakes will be made; providing new ways that computers can tell us on a daily basis that we are failures seems irksome.
  • The assumption of innocence is changed to an assumption of guilt; the benign commenter must prove their innocence. Every time I have to fill out a CAPTCHA I feel a small but real insult; I'm a trustworthy person, so trust me already. As Joel Spolsky once pointed out, it's like walking into a train station and the first thing you see is the NO SKATEBOARDING NO PANHANDLING NO THIS NO THAT NO THE OTHER THING sign. Its unwelcoming. It makes you feel attacked and guilty and reminds you that there is evil in the world.
  • There are accessibility concerns. Not everyone who uses computers has decent vision but that doesn't make them evil robots. They deserve as much as a chance as everyone else to contribute and have to overcome plenty of obstacles already; let's not throw more in their way.
  • And so on

So, sorry about that, commenters. I don't like it any more than you do, but there's not much I can do about it; I don't run the blog servers. The only thing I can control is how purple the text is.

Comments (20)

  1. Fede Azzato says:

    As a new commenter, I’ll just leave this comment so you don’t feel so bad about the captcha issue.

    Your blog is definitely one of my top fives.

    Thanks, and keep it that way.

  2. Jeff Lorenzini says:

    Well, my captcha is 782, so it’s not like i’m trying to decipher crazy lettering like on some captcha’s where even i can’t read them.

  3. Adam V says:

    > The only thing I can control is how purple the text is.

    And Jeff Atwood probably still wants you to reduce the purpleness.

  4. configurator says:

    I don’t know why Jeff hates purple so much. It’s quite easy on the eyes.

    That said, at least it’s not one of those Yahoo CAPTCHAs that you have to actually stop and wonder "which letter is that? It looks like a webding!"

    By the way, my computer-illiterate friend couldn’t get past a CAPTCHA a few days ago because he didn’t know that he was supposed to copy the letters… It seems we really should find a new way to annoy users because this one is too difficult for some of them to pass.

  5. Vaibhav Garg says:

    There is just one issue. Some braindead policy prohibits me from accessing any URL with "live" keyword in it. Priliminarily, it seems, that some of the CAPTCHAs are delivered using URLs containg that term and hence, are noit visible to me at work. All I see is a generic red X in its place.

    It follows logically that I can not comment on several of the blogs that I follow regularly.

  6. Joe says:

    Captchas can be annoying for all the reasons you listed, but what other tools are there at present?  At least it’s better than having to register and sign in just to post a comment.

    Like the sign in the train station, when I see a Captcha I think of it not as a personal affront, but rather an indicator that the caretakers of the public space are making at least some effort to create a comfortable environment for everyone, including *me*.

  7. Jass says:

    >The only thing I can control is how purple the text is

    LOL! 😀

    Atleast the captcha is not all that bad, many websites have severely twisted characters for captcha that make me think "Am I the only one who din’t get that ? Maybe I am not human enough"

  8. Daniel B says:

    I am so used to Captcha’s that I do not really find them offensive at all.  I’d prefer the minor annoyance of a Captcha to the massive annoyance of having to read spam comments.  Or the thought that you had to spend time deleting spam comments when you could be writing more brilliant blog postings!

  9. Kevin Eshbach says:

    Captcha’s can also make a great bozo filter.  If you can’t figure out how to use it then you probably have nothing of value to add to the conversation.

  10. Mike Van Til says:

    Captchas can be used to convert visual scans of old books into text data.  If you’re not familiar with the concept, google reCAPTCHA.  It may be a little annoying, but we can make knowledge more accessible through CAPTCHAs.  Although, I assume this is not the case with the CAPTCHA used on MSDN.  I got "000".

  11. Michael says:

    Eric, you’re worth the hassle of a 3-digit code any day.


  12. This can be mitigated.  For instance, if you used something like OpenID to allow people to identify themselves then you can set policies.  For instance "Anyone who has submitted a comment in the past which was not then deleted for being spam will not get a CAPTCHA in the future."

  13. Denis says:

    The one problem I did have with the CAPTHCHA, just once, was that someone managed to use the code displayed for me while I was still ironing out the text of my comment; consequently, when I tried to use the same code, it told me I was some evil agent Smith from the Matrix, or something, and I had to refresh the page for a new code. 🙂

    WOW!!! Here it come again: a second time!!! 😀

  14. aaron says:

    Wow, and it’s not even a very *good* captcha, I think i’ve seen that one on the list of captchas broken by grad student projects.  I tried 3 times, and each time it spits back an un-obsctured slightly static-y 3 digit number.  

    Sorry man, we feel for you and understand it’s out of your control.

  15. Sachin says:

    The problem with captchas is that most implementations are broken and can be easily hacked by someone who is willing to; with a minimal amount of effort. For instance, every community server site that uses Captcha stores the captcha text in the plain text cookie (on this site the cookie is called AreYouHuman), all a bot has to do is read the cookie’s content and submit that along with the spammy comment and there ya go, the entire purpose of Captcha is defeated.

  16. David says:

    I once had a similar thought when I visited London and used the trains. Train stations there do not check your ticket before you get on a train, there is a presumption of innocence and it really speeds up the process when the train arrives. Periodically an attendant walks down the aisle of the train and punches tickets. However there are times when you get to your stop before you ever see an attendant. This means *some* could get a free ride, however I loved this system because it is unlike what we have in the U.S. where you have to stand in line and pass through a turnstyle before you can get into the station.

    Anyways, the moral I always got was, better to give everyone the benefit of the doubt and punish the violators than to presume everyone is guilty and ammortize the punishment so it affects everyone.

  17. TheCPUWizard says:

    @David – That is noit specific to London. It works the same way at many locations in the USA [specifically: Long Island (New York) Railroad, and New Jersy Transit).

  18. Dave R. says:

    @David – you’ll no longer find that to be the case. The majority of stations now have ticket barriers, so there’s that suggestion of guilt again.

    As for the Captcha here, it’s woeful. I’m sure it could be broken easily with current tech. A more mature offering like ReCaptcha would have been far better, but I guess that couldn’t happen because Google just bought them out 😉 You’ll also find that many Captchas have assistive tech for people who are, for example, partially sighted. It’s pretty shameful that Microsoft don’t in this case.

  19. David Walker says:

    I realize this is an old topic, but I prefer entering a CAPTCHA over being required to "register" at every random site I would like to post a comment on.  Registering is more onerous than entering a CAPTCHA.  (Granted, TechNet and MSDN are not the run-of-the-mill sites.  At many other sites, I'll abandon my comment rather than registering.)

  20. Newell Henry Clark says:

    "The only thing I can control is how purple the text is." Lol! That right there just made my night 😀 I'm adding it to my facebook quotes.

Skip to main content