Hobos are Cheap Robots

I've hated, since time began, most web-based "verification" services: those that require you to enter your age, to click a link in a "return email" (or to even enter your email at all), to read some fuzzy letters in CAPTCHA (hopelessly inaccessible), and so on. The topic of verification and login came up in today's development chat of Drupal (the best CMS eveerrrR), and my stance was, simply, that I didn't want to ask for email addresses at all (I don't care for 'em, so why should I even store 'em?), nor perform verification on them. The immediate response was "Well, how will you tell a robot from a human?". My reply was simply:

Vertification with CAPTCHA, or anything else, can be easily broken by waving a twenty at a hobo.

This prompted one person to sway their opinion. There are, of course, many other approaches to the verification issue: for example, "how would you stop duplicate accounts?", to which I'd reply (cunningly and without a solution) that the mass availability of free accounts prevents the email address metric from even being considered.

Drupal developers want to give administrators choices: to allow them to customize the login process as they feel is appropriate, and to streamline it so the user can take advantage of the Drupal goodies as soon as possible. I'm fine with choices: hell knows I love clicking little boxes. But, give me the opportunity to choose no choice at all: to disable email collection and verification of any sort. Then I'll be happy.

Tags: