on May 7th, 2008
A CAPTCHA Nightmare
What distinguishes an effective CAPTCHA from a poor CAPTCHA is the ability to make things hard on non-humans without making things hard on humans. Most of the CAPTCHAS I see out there fail in one of those two features.
But while I thought I had seen the worst CAPTCHAs ever, I stumbled across RapidShare’s new CAPTCHA. Now in the past I have actually praised their CAPTCHA because of it was so user friendly. It wasn’t case-sensitive and when there were ambiguous characters (number 0 vs letter o), it always seemed to work.
Obviously the CAPTCHA was flawed and a number of people wrote some bots and other tools to bypass it. RapidShare felt a need to tighten things up a bit so they came up with the Cat CAPTCHA:
Now it is important to note that if you are not a RapidShare member you often have to wait to be able to download a file. In this case I had to wait three minutes before I even got to the point where I could enter the CAPTCHA. Already thinking this was an annoying CAPTCHA I also grabbed a screen shot.
Now if you look closely, it says to enter all letters having the image of a cat. Looking at the image, I saw both numbers and letters so, while it made me pause and think more than most CAPTCHAs would, I figured the answer was NTPS. The caption says there are four letters, the text box limits your input to four characters, everything was all caps, and so I figured I was all set.
It turned out that NTPS wasn’t the correct answer and it put me back into the queue to wait another three minutes. After the timer finished counting down, RapidShare presented me with another CAPTCHA to solve:
This CAPTCHA was all letters and they all had little cats on them so this seemed easier, but as I started typing I remembered that the text input box only allowed four characters. So which four are the answer? I tried the first four but that didn’t work.
Thinking it might be a browser issue, I tried different browsers,but quickly discovered that after three failures it locks you out. And it doesn’t do this based on a cookie it’s based on your IP address! Being behind a NAT’d connection I guess I just locked out my entire ISP from using RapidShare.
At this point I did some searching and found out that I am just one of hundreds of people blogging about this.
It turns out that I wasn’t being too careful because what RapidShare doesn’t tell you is that some of those images on the letters are actually dogs, not cats. I must be a bot.
Looking (very) close I finally determined that the correct answer to the CAPTCHA above would have been NERW. Geez, they could at least start showing the CAPTCHA during the countdown so you can get started working on it.
This CAPTCHA fails in so many ways it is amazing:
- They rely too much on their description, which pretty much eliminates anyone who doesn’t speak that language.
- They lock you out by IP address.
- If you have to squint or enlarge the picture to figure out the CAPTCHA then something is probably wrong. Try entering this thing on your iPhone outside in the sun.
- If someone needs to post on Yahoo! Answers to figure out your CAPTCHA then something is probably wrong.
- If a Yahoo! search for “rapidshare captcha” returns 79,500 results, then something is probably wrong.
RapidShare’s response to the issue is this:
“As every free user should have noticed, we are experimenting once again with the CAPTCHA system. The reason is that RapidShare is popular enough for people to create tools to download from RapidShare as a free user as if they were a premium user. This has a negative impact for our paying premium users, since they expect a fast download.”
In the meantime they are probably losing a lot of visitors and completely destroying the already fragile user experience with CAPTCHAs.
