Suggestions for the future on your web site: (was cookies, and

Mike A mikea at
Thu Jan 24 16:25:34 UTC 2013

On Thu, Jan 24, 2013 at 11:00:50AM -0500, Andrew Sullivan wrote:
> On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
> > A CAPTCHA doesn't need to be successful against every possible threat,
> > it merely needs to be effective against some types of threats.  For
> > example, web pages that protect resources with a CAPTCHA are great at
> > making it much more difficult for someone with l33t wget skills from 
> > scraping a website.
> Well, yes and no.  Lately, AFAICT, most CAPTCHAs have been so
> successfully attacked by wgetters that they're quite easy for machines
> to break, but difficult for humans to use.  For example, I can testify
> that I now fail about 25% of the reCAPTCHA challenges I perform,
> because the images are so distorted I just can't make them out (it's
> much worse on my mobile, given the combination if its small screen and
> my middle-aged eyes).
> So it's now more like airport security: a big hassle for the
> legitimate users but not really much of a barrier for a real
> attacker.  A poor trade-off.

"A Modest Proposal": Maybe we need to turn it around and fail on successful
recognition of the CAPTCHA, then?

Mike Andrews, W5EGO
mikea at
Tired old sysadmin 

More information about the NANOG mailing list