Nothing would stop a spammer cataloguing the questions and corresponding answers. It’s just that images can be decoded programmatically (e.g. OCR) whereas understanding-based tasks can’t (yet).

So to beat a funky-text CAPTCHA, the spammer only has to teach the computer to decode the text. To beat an understanding-based test, the spammer has to feed the computer each question and its corresponding answer.

You could use “What colour is an orange?”; “An orange’s colour is…?”; “The colour of an orange is what?” and numerous other variants and each would confuse a robot anew. And then you could spell “colour” without a U, if you must.

Speaking of which, unlike robots, humans are very good at understnading the real meaning of something. (That was a demonstration.) Human minds are fuzzier. So, you could randomly omit a letter from the middle of one or two words, or transpose a couple of letters. This would multiply the number of equivalent questions a spammer would have to teach their robot.

“Prove via CAPTCHA, prove via audio CAPTCHA or prove via some sort of sensory input challenge.”

*Non-sensory* :) The audio/visual CAPTCHAs are sensory. An “any one of multiple options” system would be a pretty accessible solution actually. However it might increase the likelihood of a robot being able to win, as they’d only have to beat one of multiple tests.

If you could implement something like this, that’s really quite accessible and well-thought-out, and then become the web’s de facto standard humanity detector, that would make people less likely to implement their own, less accessible system. This would be a Good Thing™.

Actually, “You’re A Human” might’ve been a catchier title. Your tagline could have been “Are *you* a human?”, to which people would have responded “Yes! Yes, I’m a human! Yay!”. Might’ve offended the dolphins though.

court3nay in the first comment on this post had somewhat the same reply but more focused around pictures again.

What would stop a spammer from simply cataloging all of the possible questions and then responding accordingly? I don’t have a good answer for it, I’m just mentioning it.

What would most likely be ideal would be to have several options. Prove via CAPTCHA, prove via audio CAPTCHA or prove via some sort of sensory input challenge. If you can do any one of those, you’re most likely a human. If we’re going to do a centralized “you’re a human” service, it makes sense to have multiple options.

Thanks for the thoughts on this Greg.

Besides, anyone discrediting an argument because one expression of it contained a use of The F-Word™ (even used only as an intensifier and not in its literal sense) is not someone I can be bothered to try to convince.

Yeah, gatekeeper was down for me as well, but I think in hypertext and so I felt obliged to link to it nonetheless. Essentially it involves posing logic questions rather than sensory-input-based challenges, i.e. “muse upon this” rather than “look at this and decode it”.

An example Eric uses is “What colour is an orange?”, to which the correct response is “orange”. The user has to not only read the question but also understand it, which computers find hard to do. What with having no mind and all.

As the W3C note points out, some people with cognitive disabilities would still have a problem with this. For some reason I find discriminating against mentally disabled people more justifiable than discriminating against physically disabled people. The latter is certainly more easily avoidable (although still a pretty subtle problem). Maybe I’m just evil.

BotBouncer couldn’t “suddenly” think you’re a bot.

Could Akismet?

Greg, profanation doesn’t contribute to the discussion. The language you’re using could make others disagree, no matter how good your arguments are (and they are).

I appreciate your suggestions and we can make the audio CAPTCHA even more usable by avoiding the Javascript. The link to Meyer’s wp-gatekeeper doesn’t seem to be available right now but I’ll check it out when it does come back.

Thanks for the comment.

Yours was the very first post that has ever been wrongly rejected. I’ve had over 6000 rejected spam posts since I moved to this blog in September. That’s a pretty good ratio IMHO. What did the Akismet people have to say the problem was?

BotBouncer couldn’t “suddenly” think you’re a bot. Either you fill out the CAPTCHA, or you don’t.

You mean “something that will help verify an OpenID as being a sighted human (and not blind).”.

If I were deafblind, this system would completely fuck me over. Something like Eric Meyer’s wp-gatekeeper (http://www.meyerweb.com/eric/tools/wordpress/wp-gatekeeper.html) would be a better system.

Also, using a “javascript:foo(bar)” hyperlink for the “accessible” option (or indeed any hyperlink) is not wise.

Please, read http://www.w3.org/TR/turingtest/ and don’t make the web any less accessible than it already is.

It’s funny that you mention Akismet, since, as you surely remember, just a couple of days ago I submitted a comment on this very blog, which then has been filtered out by Akismet. I had to exchange several emails with their support before I was able to comment on WordPress blogs again. What if BotBouncer suddenly decides I’m a bot?

As for the immediate need, I haven’t heard of any OpenID spam so far. It surely will pop up as OpenID gains popularity. However, by then we should have an openid.authority tag, as I already suggested.