Captcha was never good at stopping bots. It was always used to identify who is a human. In other words exactly the opposite of what you think.
Edit: because I see confusion, maybe a language barrier, here is an example of what people think it is and how it works:
https://youtube.com/shorts/rme6PT7-CRI
Which is wrong on many levels.
Seconded, websites with logins are practically unusable without the tool. We had to disable it once and our database got flooded by unverified accounts. Absolutely awful.
Not easily, and not at the time, no, it really was a very easy way to quickly reduce bot problems at the time.
You’d get random spam for stuff that could flood your forums or etc, and setting up captcha had an extremely immediate and palpable effect on reducing the spam that came in from random bot farms and shit.
I can personally confirm that when I implemented captcha on my forums i maintained 14 years ago, it pretty substantially reduced spammers by a huge degree.
There’s no point in arguing what once was. Things have changed. CAPTCHAs are now less effective, far more invasive, and for many people, far more troublesome.
Cling to them if you like. I no longer use them on any of my sites, because I care about my users.
What will be effective depends on the nature of the site and that of the bots causing trouble. For example, a forum can limit posting privileges until an account builds a reputation, a paid goods/services site can restrict access until a purchase is made, a web service can use revocable credentials, and a data download site can use rate limits. (That last one is actually useful in a variety of situations, and can be done at the network level instead of or in addition to the application level.)
There is no silver bullet, but there are lots of small measures that can be very effective when applied thoughtfully, without turning a site into a frustrating-to-use surveillance tool for Google at the expense of the humans who want to or have to use it.
Even a small, locally hosted, activate-only-once, simple image or text-based CAPTCHA would be preferable to the ones operated by third parties.
It’s a free service that’s been provided to website makers to easily add a way to reduce bot spam. And for a very long time, it worked
Captcha got tonnes of free training data, and in return website maintainer got an incredibly handy free tool to help secure their site.
Captcha 100% could have charged licensing for their tool, could charged money for developers to use their service.
They didn’t, and I think it’s perfectly reasonable they got the training data as “payment” instead.
Your favorite free websites you use get to have another part of their architecture stay free.
The website maintainer get an awesome free tool.
Captcha got training data to profit off of.
That’s good internet where everyone wins without the need for bullshit licensing and fees and royalties and subscriptions.
Would you have rather your Netflix account cost an extra 15 cents per month or whatever to offset yet another licensing cost for some captcha tool?
Err… couldn’t the corporation just make less profit but still provide the service as-is?
Then how would line go up?
That’s the neat thing; it won’t.
Right let’s get everyone to reinvent the wheel
Captcha was never good at stopping bots. It was always used to identify who is a human. In other words exactly the opposite of what you think.
Edit: because I see confusion, maybe a language barrier, here is an example of what people think it is and how it works: https://youtube.com/shorts/rme6PT7-CRI Which is wrong on many levels.
Here is a better explanation of what I meant: https://youtu.be/VTsBP21-XpI
Hope this explains it better than my original comment.
I can personally confirm it very much did help curb botting issues on my website.
Seconded, websites with logins are practically unusable without the tool. We had to disable it once and our database got flooded by unverified accounts. Absolutely awful.
I have edited my original comment, but this will explain it much better and showcase my statement much better: https://youtu.be/VTsBP21-XpI
That doesn’t make sense. There are only bots and humans. Identifying humans is stopping bots, and vice versa.
I have edited my comment. You can check this video which will explain it much better than myself: https://youtu.be/VTsBP21-XpI
CAPTCHAs make web sites awful to use, and waste the limited lifespans of billions of people.
There are other ways to manage bots.
Not easily, and not at the time, no, it really was a very easy way to quickly reduce bot problems at the time.
You’d get random spam for stuff that could flood your forums or etc, and setting up captcha had an extremely immediate and palpable effect on reducing the spam that came in from random bot farms and shit.
I can personally confirm that when I implemented captcha on my forums i maintained 14 years ago, it pretty substantially reduced spammers by a huge degree.
There’s no point in arguing what once was. Things have changed. CAPTCHAs are now less effective, far more invasive, and for many people, far more troublesome.
Cling to them if you like. I no longer use them on any of my sites, because I care about my users.
I’m not a website administrator so I’m out of the loop. Other ways to manage bots? Like what?
What will be effective depends on the nature of the site and that of the bots causing trouble. For example, a forum can limit posting privileges until an account builds a reputation, a paid goods/services site can restrict access until a purchase is made, a web service can use revocable credentials, and a data download site can use rate limits. (That last one is actually useful in a variety of situations, and can be done at the network level instead of or in addition to the application level.)
There is no silver bullet, but there are lots of small measures that can be very effective when applied thoughtfully, without turning a site into a frustrating-to-use surveillance tool for Google at the expense of the humans who want to or have to use it.
Even a small, locally hosted, activate-only-once, simple image or text-based CAPTCHA would be preferable to the ones operated by third parties.
So all I need to do to bot your sites is to farm accounts? Easy enough, people do that on Instagram at huge scales.
Good luck. You’ll find that your farmed accounts can’t do much of anything, and will be quickly and automatically deleted.
Thank you for the thorough reply!