Some bots save cookies
Js isn't enabled by all users

Try playing with css ;)

¥

What could CSS do?

So I'm thinking then to do the following:
1. Have the cookie check and javascript check.
2. Have the cookie check and if javascript is disabled have a reCaptcha check.

If the user has cookies disabled, they don't get to post a comment.

Seems like that would enable the majority say 95%+ of users to post comments without any annoying fields, and 5%- to have to use a captcha.

Any use cases that this would fail for besides say captcha recognition and human helper bots?

CSS can tell you if it's a bot or a human without the need for (re)captcha / cookies / js. Although the ability to use cookies makes life easier ;)

¥

Ok, now you've got me wondering. As you always do.

I wanna know, wise one, how can CSS distinguish usefully between bot and hume?

Bot's can't parse css successfully, normal usage is to have multiple inputs, only one of which is "visible" to a human. Fill in any other box and you're a bot.

Get a tad more imaginative and you can kill the ones that parse css as well ;)

Only failure is you can't detect bot versus screen/text reader :( but you can kill captcha/cookies/js/other hoops. I detest any hoop that humans have to jump through to prove they're not a bot, so I prefer to move the goal posts.

¥

Hrmm.... I would have ruled that option out due to bots brute forcing the different fields?

And if the correct field changes randomly? ;)

¥

¥åßßå wrote:

And if the correct field changes randomly? ;)

Well, if they brute all the possibilities, doesn't matter, they still get it through...

Lol, if you allow them to brute force your form then you really need to rethink your method ;)

¥