We are still actively working on the spam issue.
Difference between revisions of "ReCAPTCHA"
Bathsubeki (talk | contribs) (→Controversy) |
|||
Line 15: | Line 15: | ||
===Controversy=== | ===Controversy=== | ||
− | + | As part of their new spam detection algorithms, Google will serve considerably more difficult CAPTCHAs to users who aren't logged in to a Google account. These harder CAPTCHAs offer zero tolerance on typing mistakes, forcing you to type both test words correctly, much to the bane of most 4chan users, who tend to enter gibberish for the OCR word. | |
+ | |||
+ | This happens when a certain API key requests too many CAPTCHAs in a certain time frame that go unsolved, as is the case with 4chan, since every pageload requests a new CAPTCHA from Google's servers. Moot has since fixed this behavior to only request the CAPTCHA when you type in to the comment box, but he was quickly crucified for it, and people quickly pushed dirty Javascript hacks to change it back. | ||
+ | |||
[[Category:Software]] | [[Category:Software]] |
Revision as of 04:45, 15 March 2014
reCAPTCHA is a service run by Google to both help digitise books, and prevent bots from spamming. It is used on 4chan to prevent bots from spamming posts or reports.
reCAPTCHA is not a silver bullet. Any sufficiently dedicated spammer can just hire some people from a poor country to fill out CAPTCHA problems for a few cents each. That being said, it's reasonably effective on most websites.
How it works
- The user loads the web page with the reCAPTCHA challenge JavaScript embedded.
- The user's browser requests a challenge (an image with distorted text) from reCAPTCHA. reCAPTCHA gives the user a challenge and a token that identifies the challenge.
- The user fills out the web page form, and submits the result to your application server, along with the challenge token.
- reCAPTCHA checks the user's answer, and gives you back a response.
- If true, generally you will allow the user access to some service or information. E.g. allow them to comment on a forum, register for a wiki, or get access to an email address. If false, you can allow the user to try again.
Controversy
As part of their new spam detection algorithms, Google will serve considerably more difficult CAPTCHAs to users who aren't logged in to a Google account. These harder CAPTCHAs offer zero tolerance on typing mistakes, forcing you to type both test words correctly, much to the bane of most 4chan users, who tend to enter gibberish for the OCR word.
This happens when a certain API key requests too many CAPTCHAs in a certain time frame that go unsolved, as is the case with 4chan, since every pageload requests a new CAPTCHA from Google's servers. Moot has since fixed this behavior to only request the CAPTCHA when you type in to the comment box, but he was quickly crucified for it, and people quickly pushed dirty Javascript hacks to change it back.