Why I’m not on Facebook anymore

DisconnectedSeveral folks have recently seen that I’ve disconnected from Facebook. Since I deleted my account there, I figured I should let folks know why it’s gone…

Facebook has never been good about privacy, I’m well aware of that, and had been willing to put up with the stupidity of their constant screw-ups until now. But this time was the last straw, and I’m not putting up with it any more.

Recently, Facebook updated their Data Use policies in a way that I do not agree with, and will not stand for. In short, they are allowing friends’ application to share your data with other people – who many not be on your friends list.

I have – or rather had – a lot of info in my Facebook profile that was public. I had no problems with applications sharing that data, but data that was marked as “friends only” or “private” should stay that way until I choose to share it with someone. And if I do choose to share it with someone, it should be limited to that person, not to anyone using the same apps as they are.

The Washington Post has an article that explains the new changes to the Data USe Policy, but the one point I have a major objection to is this:

Data use is further defined under the “Sharing Your Content and Information” section, which explains that applications you have downloaded have the right to see your content, given that you downloaded the app and gave it that permission. Now, it clarifies that an application your friend has downloaded also has the right to your information because you’ve allowed that friend to see your content.

I specifically have a problem with the second part of that statement, where friends’ apps can get access to non-public data on *my* profile. You want to give your information to Zynga, go for it. But you do not have the right to share my data with them unless I say I want to share it with them.

I’m sorry, Facebook, but because I chose for a friend to see some data does not mean that I want any application they use to see it – and harvest it – as well. I don’t want Farmville and dozens of other spam-friendly games to have access to information and be stuck in a situation where I cannot explicitly block them from having it.

And anyone who thinks that games and apps won’t take advantage of this to harvest info is just being naive.

The additional decision of the big F to think they can trademark the words “book,” “poke,” and several others is just insult to injury at this point. Yes, I’m aware they did it because some unsavory sites were using those words to create an implied link to FB, but let’s not incinerate the bath to get rid of both the bathwater and the baby – and the house too.

Nope, I can’t abide Facebook making private information public through applications that friends have installed. So I’ve done what anyone can do – stopped using Facebook. I’ve instructed them to delete my account, and in about another 8 days it will be gone. I’m also not alone, apparently international users are up in arms over this one, and governments may get involved. Personally I think government interference isn’t the answer, just stop using the service and Facebook will figure out that they’re loosing too much revenue to not change the policies back to a reasonable, sane setting.

Remember, our data is their product. Remove the data and you hurt their revenue. Hit them square in the pocket-book and they’ll either change or die out. There’s plenty of competition out there to take over if they cannot adapt to their users requirements.

Speaking of which, join me over on Google+ – at least they’re open about the fact that they’re evil, and they rarely ever allow apps.

Photo Credit: erix!

Klout: What’s in a number?

43Most folks who use Social Media know about Klout – the ubiquitous rating/ranking system that shows what you’re influential in. Love it or hate it (and there are equal numbers of people on both sides of that argument) most folks just plain don’t understand it.

There are many rating and ranking systems for Social Media, from Kred to Twitgrader and back again. Klout seems to keep its status as the perennial favorite though, and many writers, employers and pundits are beginning to look at Klout scores to see if someone is really as big as they say.

The first major question I get is “Do I have a Klout account?” followed closely by “I didn’t sign up for this! Why is it there?”

Everyone who has a *PIBLIC* Twitter account, and most folks who have G+ and/or Facebook accounts, also have a Klout account by default. Your score gets tracked based only on PUBLIC information you share on those networks, and nothing more. They’re not doing anything illegal, and without you specifically signing up and confirming who you are (Klout uses OAuth to confirm identity), no one can give you +K or otherwise interact with you on Klout. You just have a public score, nothing more. Note: You can get rid of even your public score by opting-out if you want to.

Once you do log in, you can see your score, and see how you appear to be influenced and what you’re influential in yourself. These metrics are managed by the Klout numbers and algorithms.

But, how do they get to those numbers?

Unfortunately, the ranking systems used by Klout are proprietary and confidential. They’re also subject to change at any moment – and a recent change that knocked most people’s scores down about 10 points created a near exodus from the service itself. There are, however, a few things we know Klout looks at:

1 – Your number of followers, and the ratio of how many folks you follow to how many follow you back. This means you can’t bump your score up by just getting 1000 bots to follow you, and also that you can hurt your score if you follow significantly more folks than follow you back. Again, the equations are a closely guarded secret, but these metrics appear to influence your score.

2 – How you interact with others, and how they interact with you. This means Likes, ReTweets, Replies, etc. Klout is looking to see if people actually read what you tweet and post, or if they’re just following you and never actually looking at what you share.

3 – What topics you appear to influence. This is the most confusing topic – based on questions I get asked all the time about why people appear to be influential in one topic or another. It’s not what *you* tweet about, it’s what the people who interact *with you* are tweeting about most. If the majority of folks who follow you tweet about cars, Klout figures that you must be influential about cars, since the folks who specifically follow you are talking about that topic a lot.

4 – How influential your followers are. Not only do you need to interact with other people, but you should interact with influential people if you want a higher Klout score.

All that (and – according to the company – some more too) gets put into a mathematical formula that attributes different weights to different components. This spits out your current Klout score.

In addition, what you appear to be influential about and those you appear to influence on those topics (as well as those who appear to influence YOU on those topics) are calculated.

Then, when you visit your Klout page, you see a readout of your current score, the topics you seem to be influential on, and who you appear to influence and be influenced by. Klout doesn’t say when scores are calculated, but I have never noticed my score being updated more than once a day or so.

Now, what does all this mean? Not much really, in the grand scheme of things. You can happily ignore Klout entirely, and even opt-out of the scoring completely if you want. However, if you want to see what you appear to be influential in, Klout can be one (of many) ways to find out that information.

How to use Klout is another story. You can give someone who influenced you a nod by giving them +K on the topic they influenced you about. If they don’t show up on your influencer list, you can search for the person and give them +K that way. As you gain more Klout, you can even add topics to other people, but they (and you) always have the ability to remove any topics from lists. Other folks can give you +K and add topics for you as well via the same methods.

With enough Klout in certain topics, you can become eligible for perks. These are discounts and free stuff from advertisers who want you to see and play with their products and services. You’re never under obligation to accept a perk, and even when you do you are not required to say anything about it online unless you want to. It’s entirely up to you if you wish to participate in any given perk, and you can tweet and post whatever you want about it afterwards.

Personally, I’ve found some perks useless, and said so on Twitter and other places. No advertiser has ever come after me for doing so – though a couple of times they did indeed try to reach out to help with whatever was going wrong. I’ve also had great perks and tweeted about how good the item or service was – so advertisers know they can get free publicity through Klout.

One last thing, you should avoid spamming your Klout interactions whenever possible. I, personally, limit myself to 3 or 4 Klout tweets per day at a maximum, to keep the timeline manageable. I’ll give +K to a few folks each day, and acknowledge one or two of the folks who gave me +K as well, but that’s it. Spamming your score, metrics, and/or 10-20 +K’s each day is a great way to ensure your Klout score will go DOWN as tons of people unfollow you – so remember to use it wisely if you choose to use it.

If you don’t want to be part of it? That’s fine! You can ignore any Klout-related posts and just ignore the whole thing if you want, or you can opt-out if you really hate the idea. For the rest of us, it’s a fun way to see who and what we influence. Nothing more, nothing less, and nothing to even pay attention to if you don’t care.

Photo Credit: Sean Rogers1

Do’s and Don’ts – Twitter

Twitter newbird boxed whiteonblueTwitter is one of the first places people think about when you say the term Social Media. While Twitter didn’t start the web 2.0 revolution, they did have a pretty big hand in shaping it.

So, what are some guidelines for using Twitter as an Information Worker?

Do’s:

– Do get an image. Using the default “newbie” icon for Twitter is always – ALWAYS – a bad idea. Find an image that is small enough to fit as a user icon, and that represents you, then use it. You can change this on the Profile or Bio page of your account. Remember to respect copyrights and trademarks and only use images you have the right to use.

– Do tweet about all kinds of things. Sticking to just corporate news is a sure way to lose followers fast. Try tweeting about things going on in your life that have some connection to your work. For example, if you make auto parts, talk about the work you’re doing on your own car outside of the parts you sell yourself.

– Do know what you can tweet about. Many companies have strict policies on what can, and cannot be said on Twitter by employees who are affiliated with the company. Make sure you only tweet information that is cleared and ok to send.

– Do remember it’s a conversation. Twitter is not a one-way communication tool, and so you should reply to people, start and participate in conversations, and generally remember that you don’t want to sound like a guy on a street-corner with a megaphone.

– Do keep your ratio. There’s a great temptation to follow a large number of people, but this is not a great strategy. If you’re following hundreds more people than follow you back, most experienced Twitter users will shy away from following you. The reason for this is simple, mass-following is a well-known technique employed by spammers, so you get hit with guilt by association. Start out by following no more than 25 people than follow you back, and stay at that ratio until you’re over 500 followers, then you can open it up to 50.

– Do balance your tweet types. It’s always best to mix up what you’re tweeting. Send some text, some links and some ReTweets (RT’s), and not too many of any one type. Mixing your content types allows others to see that you have a lot to share, that you’re not just spamming press releases, and that you interact with the community.

– Do keep multiple accounts for work and play. If you think you might want to tweet about stuff that isn’t acceptable to your boss, create a different account to do that. This account should clearly state that it is yours, and not affiliated with any particular company at all.

Don’ts:

– Do not spam, ever. Though the temptation is to blast your message out to everyone all the time; keep in mind that Twitter is a conversation and make sure you’re not just spamming links to random people.

– Do not engage in “link building behaviors.” This one is critical. Many so-called Twitter “experts” will tell you to follow thousands of people, then unfollow anyone not following you back. That’s bad for a large number of reasons, not the least of which is that you’ll lose any legitimate followers you were going to get and be left with a huge list of followers who don’t listen to your message anyway. Avoid buying followers or using faulty methods like “TeamFollowBack” and the like. Be a real person, the followers will… well… follow.

– Do not DM on Follow. This is a massively annoying habit most so-called experts still engage in. Direct Messaging someone just to say “thanks for following” – or worse, pelting them with your links and ads, is a sure way to get people to immediately UN-follow you. DM’s are typically sent to mobile devices and generate alerts on the desktop, mobile, etc. This is quite annoying to anyone who gets them and finds out that they’re nothing but a “hello” message.

– Do not sweat it if people don’t follow back. You’ll find that some people don’t follow you back. Don’t worry about it. Keep doing all the things you should do, and many folks will follow you. Annoying one person who doesn’t follow you with @Replies is a sure way to ensure that many more people don’t follow you – so it’s counterproductive.

– Do not tweet on behalf of your company. That is, unless you have express permission to do so, of course. Remember that you’re someone who works *for* that company, you are not officially representing that company. Many folks have gotten in a lot of trouble for speaking on behalf of their employers.

– Do not EVER forget that Twitter is public. Even DM’s can become public in some circumstances, and if you’re tweeting for work, then your boss is looking. A lot of headaches due to this can be avoided if you follow the “Do” about keeping work and personal accounts separate.

If you’re looking for a much more comprehensive list of what not to do on Twitter, have a look at Snipe’s page on why you should not be a “Social Media Marketer” – NOTE: it’s not safe for work.

Photo Credit: Twitter

Why your company needs a clear Social Media Policy for employees

SMPolicyEvery organization is made of people. That’s both good and bad. People make the company what it is, and that’s good. People also have opinions – which is usually good, but can become bad if they’re not representative of your brand and organization.

You can control access to the official corporate Twitter feeds, Facebook pages and LinkedIn accounts, but what happens when employees tag, retweet and link to those pages from their own accounts? That’s where a clear and comprehensive Social Media Policy (SMP) comes into play.

The SMP needs to clearly state what is acceptable and unacceptable for tweets and posts that are linked or tagged to the corporate identities. In other words, you should have language in the policy that clearly states that anything that goes against company policies (like disorderly conduct, HR violations, etc.) should never be linked or tagged to a corporate identity. Ever. For any reason at all.

The policy should also detail what rights and responsibilities an employee has if they choose to affiliate their personal accounts with the company via logos, images, re-tweet streams, etc. If you believe you have control over any account that has your company logo on it – for example – you need to state that very clearly and directly to avoid problems later on.

Of course, if your firm is particularly conservative in these matters, you may simply have a blanket policy that says that only the corporate identities can have anything to do with the company on Social Media. That’s usually a very bad thing to do, as it will severely limit your ability to take advantage of a lot of opportunities that leveraging employees can bring to the table. However, if that is indeed the way you want to operate, every employee needs to know it as soon as possible to avoid confusion, embarrassment and bad blood.

Finally, don’t make the mistake of believing your current employment agreements have you covered. If those agreements haven’t been updated in 3-5 years, you need to revisit them and ensure that the sections on intellectual property and corporate ownership of resources have been updated to operate in the digital age.

Photo Credit: Mr. Norris

Remember, it isn’t private, ever.

MegaphoneWhen using social media services, the biggest mistake folks make is to believe – even for a minute – that anything they say is private. That leads to embarrassment, possible employment termination, and lots of other consequences.

For example, many users believe that their Twitter direct messages are not shared with anyone but the recipient. That’s not necessarily the case.

When you DM someone on Twitter, the message can be seen by everyone who subscribes to their timeline if:

– There is an image attached to the DM – image services are not private, and will carry the text of the message as a caption to the image on the photo-sharing site.

– There’s a link or you use a tweet shortening service (like TwitLonger). This one burns people even more than the image services, as you may have a shortening service enabled for all tweets in a 3rd-Party Twitter product on your desktop or phone. Bit.ly links and other URL shorteners are also public, so links in tweets can become public very easily.

– They retweet it. Twitter will try to stop them from doing that, but there lots of ways around that.

– You accidentally replied instead of sending a DM. It’s easy to do, and you’d be surprised how many times it happens.

On Facebook, all the default security settings make nearly everything in your profile and posts public information. Even if you think your data is shielded, a change to profile information policies can flip things to public without warning – it’s already happened several times.

The same goes for Pinterest and other sharing sites. Even though you can try to keep everything private, the sites are designed from the ground up to share, and with one wrong click the world can see whatever you posted.

Just before this went to post, Eileen Brown posted an article that proves the point. Twitter is allowing 3rd-Party companies to mine historical data from their archive, which means that your tweets could be used by another company. While they don’t seem to want to expose DM’s, one poorly-coded script could make that happen.

So, use social media wisely. Remember that it’s supposed to be SOCIAL, and that sites and networks are designed to facilitate public communication. Even if you think something is private, there’s a good chance it’s not – or it may become public later.

Photo Credit: floeschie

Yep, I got hacked!

HatchetWell, that happened faster than I thought.

Yesterday, I spent quite a few hours rebuilding my blogs, as nearly all of them managed to get hacked. It was a porn-site redirection attack, inserting javascript into each and every PHP page in the WordPress system.

It started with one blog, but by midday, it had spread to three of my four sites. The site that got hit first was the newest one, so it was surprising that a site with very little traffic was indeed a target to someone out there.

While this issue is never fun to deal with, I expected it would happen at some point, and took the appropriate precautions. They saved my bacon.

Luckily, I have a few friends in the security world, who had armed me properly for how to identify and overcome an attack like this. They also had me prepare to block such attacks, but in this case the hacker found a way around the defenses. That’s not unusual, as new attacks are created every day, and tools like WordPress firewalls and exploit scanners only update so fast.

So, how do you prepare for a potential attack?

1 – Prep your site. Install plug-ins to ward off the more common attacks before they hit. The WordPress Firewall and Exploit Scanner can help quite a lot with this. Both tools were able to deflect quite a few attempts to access my sites before whoever got there yesterday found a back door.

2 – Know what’s on your site – always. There’s a great plugin called WordPress File Monitor that scans your files regularly to see if anything has changed, and alerts you by email when it finds anything that has changed. Sometimes, it gets annoying, but this time it let me know that all my WordPress files had changed at once. This was something that allowed me to address and fix the problem so much faster than I would have been able to do otherwise.

3 – Back everything up. There are plugins that can back up entire WordPress sites – with their content databases – to Amazon S3, DropBox, or your hard drive. Use them! If you do get attacked, you will have to restore from a backup, and so you better have one handy. I had been backing up, but a configuration error meant that many posts ware lost. I have copies, but that will take some time to restore manually.

Luckily for me, I saw the attack happen, confirmed it, and started cleaning up everything all within hours of the actual attack. That kept my readers safe and my headaches limited to the fact that I mis-configured my backup and lost some posts.

And if you do get hacked?

@Snipeyhead – a noted WordPress Security expert – has posted a great guide on what to do next. You can find it via this link. [Note, she does not pull punches, verbally or visually, so her site is very mildly NSFW] The article is a bit old, but the strategy is sound, well researched, and spot-on still today. Follow the process she shows in that post, and recover what got hit before your visitors get infected by drive-by downloads or you lose face due to defacing of your sites.

Remember, change ALL passwords, including the FTP/sFTP logins and your web host login. That’s in addition to the site logins, database logins/users, and any other security info you have on your site. If you can’t identify how you got hacked, then play it safe and change everything.

Now that everything is back online, I can say I weathered the storm. It can be MUCH worse, and it’s never fun, but you can indeed overcome attacks against your site quickly and effectively if you prepare ahead of time.

Photo Credit: neoliminal

How Spammers Get Around CAPTCHA

I’ve written in the past about CAPTCHA, the technology that shows you a picture of a group of letters or words that you must type in before you can log in to some sites, or sign up for free services like Gmail. As annoying as CAPTCH is, the automated Turing Test has stood for several years as a standard way of ensuring that a real person is trying to access a service, instead of just some kind of automated system.

The problem is that spammers and scammers have found more an more ways to get around the CAPTCHA tests to ensure they have access to these systems just as easily as legitimate users do.

Initially, the bad guys just used sophisticated character recognition engines to look at the images digitally, and figure out what the letters or words were. This worked for a time, but then site owners started skewing the letters or adding in “noise” – dummy lines, dots and other static that made it more difficult for a scanning tool to figure out what was part of the CAPTCHA code and what was not.

So, spammers have taken a new route to getting around CAPTCHA. Since the codes are designed to only be human-readable, they’ve been employing humans to read them. Yup, that’s right, you can now hire someone to break CAPTCHA by solving thousands of codes a week for you to use to send spam. See this article for more information on such services.

Social Networking is no stranger to this problem, as thousands of fake blog comments, even entire blogs and RSS feeds full of fake information, are common. Spammers set up thousands of fake Twitter accounts to blast out spam, malware and fake gift certificates, only to create yet more new accounts as soon as the existing ones are flagged and banned. The same thing happens on Facebook, Windows Live and just about every other social network out there, as the spammers simply change their tactics and continue doing what they do, no matter how good the technology to stop them seems to be getting.

How do we stop this? Simple, make it economically inefficient to spam. Most of my readers already refuse to click links in email, or accept links/codes/certificates from anyone they don’t know on Twitter, G+, etc. Now we have to spread the message. Make sure everyone you work and play with knows that they shouldn’t accept offers, click links, or approve blog comments that come from anyone they don’t know. Those coming from people they know should even be suspect.

Set your blogs to require approval for all comments, and weed out the spam. Approve comments but remove URL’s if you’re not sure. If you see tons of spam comments in a blog, alert the author that they need to turn on approvals or they’ll lose a reader.

If you have the ability to flag posts as spam, do it. Same for Tweets, Posts and other social media sharing. Don’t be abusive or obnoxious about it, just flag them and move on.

Eventually, the cost of successfully spamming the world will become greater than the revenue generated by the spamming. Money talks, folks, and if it’s too expensive to make money by spam, people will stop spamming, but not until then.

In the meantime, ignoring links and flagging spam posts and comments will keep you safe from a lot of the malware running around out there.

Photo Credit: yandle

Get an Image

When you go online, visual experiences are some of the most powerful. Video speaks louder than audio alone. Blog postings with pictures tend to have a better impact on readers than text alone.

This holds true to your profiles as well. As you can see on my own home page, I have an icon image that I use for my online profiles. Mine was done for me by a web-comic artist (Woody Hearn of GUcomics.com) and wasn’t free, so not everyone will be able to have this kind of profile picture set up for them. That’s not to say you can’t have anything!

Even if you’re not paying for someone to make a profile picture for you, that’s no excuse for having the default “person” or “egg” icons that services like Twitter and Facebook provide. You need to change the default profile image to something that represents you, as soon as you can.

Now, this doesn’t mean you have to draw it yourself, or even use a real photo if you’re uncomfortable doing so. You just need to get something in there that is not the default icon that brands you as a new user.

For example, the image at the top of this post was created by John Kovalic (who writes Dork Tower, another online comic). He did it to show just how easy it is to create simple, but powerful user icons without a lot of technical expertise.

Here’s a few more of his icons – that he’s made available to anyone who wants to use them, free of charge:

With just a few clicks in some simple graphics programs (that you most likely already have free of charge on your PC or Mac) you can create a cute, funny icon that is clearly not the “default user” graphic.

So why don’t you want the default icon?

1 – it brands you as a “newbie” – a person who just started and has no clue what they’re doing. Even if that’s true, you probably don’t want the world to know that if you can avoid it =)

2 – It’s unprofessional. If you’re using Social Media for your job, the last thing you want is others discounting your opinion because you didn’t change the default user icon.

3 – Spammers use the defaults. Spammers create dozens of spam accounts at once, therefore they tend to not even bother to change the icon (after all, the accounts are going to get blocked pretty quickly). If you keep the default icons, many folks will instantly suspect you of being a spammer.

So get an image! Build it, buy it, or borrow it (make sure you have permission to do so, though).

Photo Credit: John Kovalic

Why You Should Not Auto-DM on Follow

I’m noticing more and more of this lately, and figure it’ll make a good topic for my first “Do’s and Don’ts” column.

Many folks – even those who have been working with Social Media for a good amount of time – will DM every new follower on Twitter with a message. Usually it’s a “thank you” with a request to follow them on other networks.

I’m very much against this for a few reasons:

1 – Twitter is about public conversation and social sharing. Yes, there are some times you need to DM a person. Usually it’s to give out an email address or phone number or some other information you don’t want the world seeing. Links to your Facebook profile and fan page are *not* private information.

2 – It’s annoying. Most of us get DM’s on our mobile phones or via email in addition to our Twitter clients. That means that I’ve got alerts going off to tell me that you’re looking for me to follow you on Facebook.

3 – It’s useless. The vast majority of people I know will specifically NOT follow you anywhere else, and many will immediately un-follow you on Twitter, for doing this. In other words, you’ve done the exact opposite of what you were trying to do with the DM.

Now, this isn’t to say you shouldn’t say hi to your followers. You absolutely should! But do it with an @Reply instead of a DM. This allows more than just your new followers to find you on other networks, and opens a public conversation, instead of a private message.

You’ll note that if you try to send the same message (e.g. “Thanks, follow me here and here and here, too!”) to dozens of people, Twitter will stop you. They’ll attempt to keep you from posting the identical message to multiple people, and lock you out as a spammer if you keep trying.

So, if it’s not acceptable to send a message to each person in an @Reply, why would you do it in DM’s, where you’re being annoying in addition to getting flagged as a spammer?

Talk to your followers, share that someone followed you with your network, share your other networks with your Twitter followers. Just reserve DM’s for their intended purpose – sending one person information that you don’t want the entire world to hear.

Photo Credit: brainware3000

What is CAPTCHA?

Spam is a major issue on social networks, blogs and forums these days. Spammers have even resorted to hiring “human bots” to troll websites and post comments and postings just to get their site links a bit higher on search engine results.

To try to combat the problem, many sites have resorted to CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). This technology is simply the use of some manual test that a human being would have no issues passing, but a computer would be unable to complete correctly.

Generally speaking, the test takes the form of a series of letters and numbers that are rendered as a graphic (like in the picture above). A human has no issue typing the letters on the screen, but a computer can’t, since the computer only “sees” the image as an image, not as a series of characters.

The test gets its name from the work of Alan Turing, a computer scientist who spent a great deal of his life trying to figure out if a machine could ever think exactly like a human. The result of that work helped win World War II (he helped build the Ultra machine used to break the German ENIGMA code generator system); and also helped create a series of tests to see how “human-like” machines could get.

The so-called “Turing Test” is still used today against advanced computer systems. A human operator sits in an isolated room and sends a series of questions to both another human and to a computer. The operator then tries to determine which is the human and which is the computer based on the reactions, responses and answers they get from both subjects. If the operator cannot correctly identify the computer, it is said to have passed the test.

And so, in order to try to weed out automated computer systems trying to post spam to blogs, networks and forums, tech professionals often implement CATPCHA tests to block them.

While the idea is great in theory, the benefits to CAPTCHA are severely limited by several factors these days:

– Spammers are hiring human beings in depressed economies to answer CAPTCHA tests and post nonsense to forums and blogs, bypassing the test for a few cents per dozen posts.

– People with visual disabilities (such as being legally blind or color blind) have issues passing the tests. This is either because the CAPTCHA provider didn’t include an audible test with the visual one, or because the CAPTCHA itself is in non-contrasting colors that are difficult to read for someone who is color blind.

– The CAPTCHA’s themselves have become so intricate and complex that real humans can’t answer them correctly either. I’ve seen math problems, characters so twisted around they’re unreadable, so many intersecting lines that you can’t read the characters, etc.

– Computer systems are getting complex enough that they can actually pass the CAPTCHA.

While you will still see CAPTCHA on many websites, and while they still have some use in the overall war on spam, you should probably avoid forcing a CAPTCHA test for your blog or website.

Instead, require administrator interaction before a blog comment can go live, require registration before a forum can be posted to, and use other techniques that will help keep spammers away from your postings. Many content management systems (such as WordPress) allow you to permit those who’s comments you have allowed in the past to post without having to get permission each time; for example.

If you find a CAPTCHA that is unreadable, unusable, or both; let the site administrator know that they need to fix it or remove it.

Photo Credit: plindberg