Over 13 years ago I first addressed my dislike of the CAPTCHA. Back then I said that I disliked CAPTCHA to combat spam because spam isn’t the users problem. They’re not getting a bunch of your form submissions sent to them. They don’t care about your problem. The bad part of CAPTCHA is that it makes the end user solve your problems with spam form submissions. You’re making them do extra work to get in touch with you.

Now if you really don’t want users to get in touch with you, then using a CAPTCHA as a barrier to entry without really acknowledging that you don’t want to talk to your users.

CAPTCHA is not accessible either

Now let’s add to that the W3C notes on how CAPTCHA is not accessible and of course, we all hate doing them. When that image CAPTCHA asked for you to identify bikes and you see a set of images with both a bicycle and a motorcycle…which one do they want identified? Does the system think that they’re both “bikes”?

According to the W3C report, we CAPTCHA assumes that you can decode English characters or that you can hear English characters and make a distinction between them. Neither of these is an assumption that can be made for all internet users. Maybe you don’t speak English or write it so the text is as foreign to you as Chinese would be to me. If you have an auditory processing disorder, maybe you can’t hear the characters being said out loud to you. If you’re in a noisy environment, maybe no one can hear them because it’s simply too loud.

Ai can crack lots of CAPTCHA now

CAPTCHA was a way to be able to tell the difference between a computer and a human user trying to submit a form. But now it’s possible to solve some CAPTCHAs with a success rate of over 90% and ChatGPT has been known to find novel methods to solve them. In fact back in 2013 Google’s street view code was breaking their own CAPTCHA work.

So if the whole point of a CAPTCHA was to stop machines and it no longer works…maybe we should stop subjecting users to the heinous practice.

You’re Feeding Google for Free

First, there is theinformation that Google collects about you from a CAPTCHA to maybe give you the option to not fill it in. They’re checking to see if you have any Google cookies in your web browser already, which enhances their tracking of you across the web. They claim that this data is only used for improving the CAPTCHA service, but they also tried to “not be evil” at one point as well so this claim only stands as long as it’s not better for business to use the data elsewhere.

Every time you fill out a CAPTCHA you’re training Google’s code for free. We started by helping them translate books, and now we’re training their Ai for them by identifying things in images.

Is Google paying us for our extra labour? Nope.

Are they happy to charge us for the use of the Ai we helped train? Yup.

So How to Stop Spam Forms?

One of the fairly effective ways I’ve found to stop spam on customer forms is by turning on the Gravity Forms honey pot field. This has stopped much of the spam for our customers without forcing users into extra interactions.

There are more future possibilities outlined in the W3C document that started this post as well. In an ideal world no one would have to see a CAPTCHA and spam would just stop. Until then I’ll stick with honey pot fields.