Account name is no longer mention in the mail sent on account
creation to prevent too easy account creation by robots
(please read task #2876).

(Browse SVN revision 6329)

Also: the account name should be deleted from the mail automatically sent on account creation.

Yes, this was added per user request.

But if we remove it, a bot will be able to create several account at once without wasting time by searching the actual proper account name to fill in (doable, but still he will have to remember what he previously filled in)

On the other hand, some humans may not like having to wait some time before getting to work :)

But maybe delaying would be a good path. It's a lead.

In fact, the big issue is the fact that we are trying to implement a logic thing that we expect robots to be unable to understand. But if we can implement it, robots can learn it,
there is no doubt about.

So far, the idea that seems the better to me is my apple thing in comment #2. But I could easily find ways to break it. It is just a matter of finding the mapping between images and words (well, the more image we have, the harder it is... but the harder to maintain it is also) and then making md5sums of each images. Then downloading images, finding their md5sums and voilà the answer is know.
Well, indeed it makes way more complicated the spam process. But it is just escalation one more time.

Interesting to read about the whole issue:
http://www.w3.org/2004/Talks/0319-csun-m3m/slide6-0.html

Another approach would be to ask friends to confirm that the users is human. Kind of web of trust idea. The obvious issue is that it requires manual intervention. Painy.

We need to be able to forbid robots to create accounts. There are already robots that know how to spam savane anonymously. The next step for these robots is to learn how to create an account.
The mail confirmation is apparently not enough to prevent this.

I do not like the option of printing an image with a text and asking the user to enter the related text. It just increase the cost of spam chasing, as generating images cost CPU time, it causes troubles to blind people, and in the end will just lead spammer to improve their robots in regards of OCR.

I have simpler idea: for any non-logged in form submission (that includes account creation form), we print a sentence and the user is ask to find a string contained in it.
As such, we need a list of possible sentences and system clever enough to be easily understable only to human.

For instance, you would have a sentence, or a list of words like
"Caricatures de Mahomet: la crise rebondit à Gaza, le Danemark ne s'excusera pas" and the question would be "the 4th word from the left is". The form would be valid only if "la" is found. The question could be also "the 5th word from the right after le".
Indeed, if we write an algorythm able to find the proper word given the args, robots could just grab our code.

So I guess the way it should work would be to get a string first, to encode it via md5, to add it in the form (as hidden field), then to add randomly others words to the left and to the right and to write the question according to the number of words added. On form submission, we just have to compare the md5.

Indeed, this solution is not perfect:
- the robots could simply md5 each words and find the one that is expected
- the robots could learn to understand our question

- For the first problem, we may not put the md5 in the string but put it in the form_id table instead.
- For the second, I'm trying to think about something still easy to understand for a human but more complex for a IA to get. The problem is the fact that the question must simple logic, anything else would not be user-friendly. But simple IA can understand simple logic.

Feedback welcome.