Wedge

That's the thing, it's long been possible to figure out which is the known word and which is the control word. Either way it's a fuck-up.

If the street number is the control word, you have a maximum of something like 10000 permutations to cope with and even then it's possible to drastically cut that back with a bit of imagination in the code.

If the street number is not the control word, nothing changes and you break the control word much as you do now with convention OCR.

This is the thing people don't realise, I can tell you *at a GLANCE* which is the control word in a normal reCaptcha. I will likely be able to tell you with the same glance which is which with the new setup, but on top of that it is more likely they will use the street numbers as the 'unknown' rather than the control value anyway.


This is the fundamental thing with reCaptcha: you get two words and you only have to get one mostly right, the other can be failed without any ill effects. So you actually spend more computational effect figuring out which is which, and now that just got a lot easier.

weQ&A is even better though, heh ;)

For single language sites, which is most of them to be fair, it's just not an issue.

But for multiple language sites, sure, we can look at extending that in some fashion. I might even be persuaded to allow admins to define multiple answers that are acceptable, e.g. variant spellings. Which would also allow you to write the same question in - say - two languages, and define both answers as allowed.

Except that KeyCaptcha, like several of the other CAPTCHA solutions is also going to limit those with visual or motor impairments, or various browsers such as certain mobile browsers.

As opposed to writing a question for your forum which has no such limitations.

Sadly the concept of allowing multiple answers to a single question is not a new idea and it isn't mine, but the approach I have in mind is more what I described than what already exists.

Specifically, there's a mod that allows you to define a regex to match against rather than anything else, so that you can declare multiple variations through a regex rather than multiple discrete answers. Effective? Certainly. Intuitive? Not so much.

They're a complex beast. I wouldn't say I've mastered them, but I do know how to wield them for general cases (Nao's the regexpert around here), so I'm not fearful of using them, though I can readily see how others might be.

That's part of the problem, it's been billed as a 'magic bullet' back from its Carnegie Mellon days, back when it actually was pretty much a magic bullet. Now, of course, it's long since been beaten.If you mean putting both the instructions and puzzle in the image, surely that will be even worse for usability than just having the puzzle in an image? (Note that bots were breaking reCaptcha by its audio puzzle for a while because that was easier!)That's nothing new, especially given the CAPTCHA-solving farms. This is partly why I made animated CAPTCHAs, so that CAPTCHA farms would take a little longer to beat them.

But a CAPTCHA is not really a solution and hasn't been for a while; it's a simple automated defence - but a proper defence does involve better things like having Q&A.