Return to Answer

1. Human solvers

All mentioned here solutions are circumvented by human solvers approach. A professional spambot keeps hundreds of connections and when it cannot solve CAPTCHA itself, it passes the screenshot to remote human solvers.

I frequently read that human solvers of CAPTCHAs break the laws. Well, this is written by those who do not know how this (spamming) industry works.
Human solvers do not directly interact with sites which CAPTCHAs they solve. They even do not know from which sites CAPTCHAs were taken and sent them. I am aware about dozens (if not hundreds) companies or/and websites offering human solvers services but not a single one for direct interaction with boards being broken.
The latter do not infringe any law, so CAPTCHA solving is completely legal (and officialy registered) business companies. They do not have criminal intentions and might, for example, have been used for remote testing, investigations, concept proofing, prototypong, etc.

2. Context-based Spam

AI (Artificial Intelligent) bots determine contexts and maintain context sensitive dialogues at different times from different IP addresses (of different countries). Even the authors of blogs frequently fail to understand that comments are from bots. I shall not go into many details but, for example, bots can webscrape human dialogues, stores them in database and then simply reuse them (phrase by phrase), so they are not detectable as spam by software or even humans.

The most voted answer telling:

• *"The theory being that:
  • A spam bot will not support JavaScript and will submit what it sees
  • If the bot does support JavaScript it will submit the form instantly
  • The commenter has at least read some of the page before posting"*

as well honeypot answer and most answers in this thread are just plain wrong.
I daresay they are victim-doomed approaches

Most spambots work through local and remote javascript-aware (patched and managed) browsers from different IPs (of different countries) and they are quite clever to circumvent honey traps and honey pots.

The different problem is that even blog owners cannot frequently detect that comments are from bot since they are really from human dialogs and comments harvested from other web boards (forums, blog comments, etc)

3. Conceptually New Approach

Sorry, I removed this part as precipitated one

1. Human solvers

All mentioned here solutions are circumvented by human solvers approach. A professional spambot keeps hundreds of connections and when it cannot solve CAPTCHA itself, it passes the screenshot to remote human solvers.

I frequently read that human solvers of CAPTCHAs break the laws. Well, this is written by those who do not know how this (spamming) industry works.
Human solvers do not directly interact with sites which CAPTCHAs they solve. They even do not know from which sites CAPTCHAs were taken and sent them. I am aware about dozens (if not hundreds) companies or/and websites offering human solvers services but not a single one for direct interaction with boards being broken.
The latter do not infringe any law, so CAPTCHA solving is completely legal (and officialy registered) business companies. They do not have criminal intentions and might, for example, have been used for remote testing, investigations, concept proofing, prototypong, etc.

2. Context-based Spam

AI (Artificial Intelligent) bots determine contexts and maintain context sensitive dialogues at different times from different IP addresses (of different countries). Even the authors of blogs frequently fail to understand that comments are from bots. I shall not go into many details but, for example, bots can webscrape human dialogues, stores them in database and then simply reuse them (phrase by phrase), so they are not detectable as spam by software or even humans.

The most voted answer telling:

• *"The theory being that:
  • A spam bot will not support JavaScript and will submit what it sees
  • If the bot does support JavaScript it will submit the form instantly
  • The commenter has at least read some of the page before posting"*

as well honeypot answer and most answers in this thread are just plain wrong.
I daresay they are victim-doomed approaches

Most spambots work through local and remote javascript-aware (patched and managed) browsers from different IPs (of different countries) and they are quite clever to circumvent honey traps and honey pots.

The different problem is that even blog owners cannot frequently detect that comments are from bot since they are really from human dialogs and comments harvested from other web boards (forums, blog comments, etc)

3. Conceptually New Approach

Sorry, I removed this part as precipitated one

Spam bots automatically register, activate accounts, OCR recognize and decipher images, send screenshots (or webpages) to human solvers when they cannot solve themselves, fill profiles and even gain reputation.

I know the only CAPTCHA service that prevents both context-sensitive spamming and transmission of CAPTCHAs to human solvers (third parties). It is conceptually new KeyCAPTCHA service (though requiring additional time for understanding of unfamiliar concept at the first use).

A visitor of webpage has to solve captcha by playing with" (now drag&drop but it is customizable) KeyCAPTCHA's objects matchings them according to specified criteria.

It is completely free of charge service. Other CAPTCHAs webservice-based services, like Disqus, Akismet, Mollom, et al, all acharge a fee after exceeding certain monthly limit of comments .

I shall not go here into all details but just tell that it was created by former spambot developers having a few levels of protection. And it is believed to be unbreakable by bots (what has been verified by offering a reward for being passed by a bot)

A) Illustration Example of "Puzzle" KeyCAPTCHA Assembling:

• A.1) Initial (with cursor hovering over it) state, after (re)loading:

• A.2) After some messing (drag&dropping):

• A.3) Correct solution (note the objects should not be perfectly matched)

B) Illustration Example of "Pair of Objects" KeyCAPTCHA completion:

• B.0) Initial inactive state (with

• B.1) Initial state with cursor on it

• B.2) After some messing (drag&dropping):

• B.3) Correct solution (note the objects should not be perfectly matched)

Update:
The new Jigsaw puzlle type of KeyCAPTCHA was released on 25 of December, 2011.
It is supposed to be intuitive and usable without any instructions though one can see a video lesson demonstrating how to pass keycaptcha "pairings" (basic and the most protected) type and install plugin.
The section from 0:25 sec to 0:29 sec part of the film demonstrates how to pass keycaptcha by visually (color) deficient visitors. Upon pressing the wheelchair (handicap) button, KeyCAPTCHA offers to match (embed) shapes of graphic elements instead of colors

Note that it is a platform permitting to change the type of captcha without necessity to reinstall previously installed plugins on protected webservers.

Sorry, I removed this part as precipitated one

Update:
The new Jigsaw puzlle type of KeyCAPTCHA was released on 25 of December, 2011.
It is supposed to be intuitive and usable without any instructions though one can see a video lesson demonstrating how to pass keycaptcha "pairings" (basic and the most protected) type and install plugin.
From 0:25 to 0:29 sec of film illustrates passing of keycaptcha by visually (color) deficient visitors, upon pressing on wheelchair (handicap) button, which requires to match shapes of graphic elements instead of colors

Update:
The new Jigsaw puzlle type of KeyCAPTCHA was released on 25 of December, 2011.
It is supposed to be intuitive and usable without any instructions though one can see a video lesson demonstrating how to pass keycaptcha "pairings" (basic and the most protected) type and install plugin.
The section from 0:25 sec to 0:29 sec part of the film demonstrates how to pass keycaptcha by visually (color) deficient visitors. Upon pressing the wheelchair (handicap) button, KeyCAPTCHA offers to match (embed) shapes of graphic elements instead of colors