Well, yes and no. Lately, AFAICT, most CAPTCHAs have been so successfully attacked by wgetters that they're quite easy for machines
I wasn't aware that there was now a -breakCAPTCHA flag to wget. The point I was making is that it's a defense against casual copying of certain types of protected content and other stupid tricks that used to go on. Someone who has made a business out of copying web sites and has arranged to defeat CAPTCHAs is not a casual attacker.
to break, but difficult for humans to use. For example, I can testify that I now fail about 25% of the reCAPTCHA challenges I perform, because the images are so distorted I just can't make them out (it's much worse on my mobile, given the combination if its small screen and my middle-aged eyes).
I agree that this problem has gotten worse; as time goes on, it seems likely that the computers will be able to read CAPTCHA's (and then solve the new generation of CAPTCHA's) more easily than many humans.
So it's now more like airport security: a big hassle for the legitimate users but not really much of a barrier for a real attacker. A poor trade-off.
Don't think we're quite there yet. However, it is certainly moving in that direction. However, Ace Hardware still sells hook-and-eye latches, and that's something to think about. One of the businesses we run here had a "problem"; the website had a "contact us" page that had been recycled out of some script with changes to hardcode where mail went, which didn't stop some exploit script from finding it and then trying to spam through it, which meant all their spam went to the company contact address. The coder who maintained the website noted that only a particularly stupid spammer (or completely automated system of some sort) would try to exploit a script without bothering to check if the mail was being delivered to victims, so he figured that the correct fix was to put a very simple CAPTCHA on it. I was skeptical, since even five years ago I saw the effectiveness of CAPTCHAs as being in severe decline, but you know what, he was right. The CAPTCHA is VERY readable, even has ALT text so you can use it in your favorite text browser, because the point WASN'T to make it impossible (or even difficult) to abuse, but rather to address a particular problem. It helps to keep your perspective on things. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.