Neopets Captcha

Neopets has implemented a Captcha, which you have to go through everytime you want to visit someone elses UserLookup or PetLookup. Neopets made use of the highly sophisticated “reCaptcha”, which is marketed by Google itself. This smart Captcha’s motto is “Tough on bots, Easy on humans” (though I think Neopians tend to highly disagree).

If you aren’t attempting to mass view lookups, than the captcha only requires a click of a button indicating you are not a robot, than you’re free to pass through. If you are accessing the lookup through a VPN/Proxy, or attempt to view multiple lookups in a short amount of time (indicating bot-like behaviour), than you’ll be prompted to select images that all follow a certain pattern.

Neopets Captcha

The implementation of this neopets reCaptcha has come under some serious scrutiny from Neopians far and wide. Initially the implementation was made so you had to go through this pain-staking process to view your own lookups, however this was quickly reverted to make it only applicable to lookups of others. On August 1, 2016 they decided to remove the Captchas altogether after weeks of complaints after complaints from the Neopians. However that didn’t last long, as they decided to reintroduce the Captchas again on August 25, 2016.

Neopian Reactions in Regards to the Neopets Captcha

I’d rather have the CAPTCHAs on a few pages I don’t visit often than insurmountable lag on every page so let me be the first to say YAY (I’ve been hoping they’d do this for a couple days now l o l)

aren’t captchas supposed to make the site safer too????? after they got rid of the captchas everyone’s accounts were getting compromised lol i’m glad they’re back, they shouldn’t have been taken out to begin with imo

If they are worried about bots just allow us to make private profiles and set every account that has been inactive for the past so long to private, thats a better fix…

In other words, they don’t stop accounts being stolen at all The only argument that can be made is that they make it less likely for non-famous players with lots of assets to have their accounts broken into. But that’s a rubbish argument, as it is effectively saying that it is better for poor players to lose their accounts.

The only reason this is an inconvenience for me is just because of how often I check my own pets lookups/my own accounts and it makes it a chore to check on side accounts when I’m on my main.

I am glad to hear others have them. i thought maybe I was searching for names too quickly or something and had activated some sort of spam filter lol

This bites. As Recklesse said “the only thing it contributed to actual security was by stopping us visiting lookups that might, or might not, have a cookie grabber. So because some people don’t know how to protect themselves we all have to pay. Take responsibility for your own account safety people. It’s all about the server load. Security is really just a convenient excuse. As Herdy said before, if they really wanted to make the site more secure there are things they can do to accomplish that but they refuse.

Ughhhhh – I loathe the reCaptchas. I can’t visit userlookups or pet lookups at ALL with them active, because one of my adblocks blocks google scripts, and so I’d have to disable it and reload my browser to get it to work. Plus with noScript and since I have my preferences set as ‘click to allow any flash whatsoever’ it takes ADDITIONAL steps to try the reCaptcha. They are an absolute pain in the keyboard.

I think the number one security problem on the site is cookie grabbers, not people looking for specific accounts to break into. CGs don’t target specific users but only the random person who happens on to a page with one on it. The captchas give people a false sense of security. They do nothing to prevent CGs. Captchas lessen the number of people going to ULs and petpages thereby perhaps lessening their chance of being CGed but mostly they lessen lag.

Finding accounts with UC pets or high avatar counts or big galleries or whatever doesn’t make it any easier to breach those accounts. If it did, then the solution would be to not have user lookups and pet lookups visible at all. While you’re at it, let’s make sure nobody’s active pet is displayed on the boards. Oh, and we’d better restrict everyone to default avatars too. Hide everyone’s achievements and there’s nothing to target (though for many there’s no longer much point in playing).

Don’t have much to add regarding the usefulness, but they don’t bother me. It’s two clicks. I don’t visit lookups often (disinterest) but I just spent some time clicking through things and the extra clicking was barely noticeable. Don’t care if they stay or go.

I may be in the minority, but I would honestly prefer if TNT would get rid of most userlookup/shop coding abilities if it meant extra account safety. Partially because it’s a complete and utter pain to visit userlookups with reCaptchas anyway, so I don’t spend a lot of time looking at people’s beautiful userlookups anymore. Well, at least we can still visit shops without reCaptchas, so I guess it’s great that they didn’t ad reCaptchas for that or something.

The Captchas were for two reasons though. The bots sifting through people’s userlookups looking for targets not only gave the hackers targets, but it also was contributing to the lag. Because multiple bots doing thousands of page views a day, is a strain to the servers. I love that people are willing to be willfully ignorant of this fact just to “hold up” their baseless arguments.

I don’t think anyone is ignorant of that? It’s quite observable that the presence of captchas reduces lag, aside from anything else. People are just attempting to address this false impression people have (and that JS have encouraged) that captchas increase security. That and, you know, lag is only an issue because JS have rubbish servers. It’s a solution to a problem they effectively created.

But this is really a stupid reason to put reCaptchas up. That only means JS is very bad at combating DDoS or they have a very lame server that can’t even handle requests that very likely didn’t even hit any high in Neopets record where we didn’t get much lag from those requests. And besides, again, they can have other ways to find targets and not like having your UN means you’re doomed.

Also, after the experience during the Altador Cup, where reCaptchas were added to user ranking pages (allegedly because of those same ‘bots’), only to be removed again when it was realised that those ‘bots’ were mostly legitimate players checking the page. Who’s to say the perceived ‘bots’ in this case aren’t just all of us visiting each other’s pet and user lookups, and their servers just can’t handle it? We don’t know.

To be fair to them there are most certainly bots looking at those pages in high numbers. It’s not a case of regular user curiosity. But again, the only useful information entirely unique to userlookups that cannot be mined from other captcha-less pages is Last Spotted. Many cheaters target abandoned accounts, because there’s less chance of the owner turning up and trying to get stuff back. So, you know, captchas effectively increase risk for active account users

Oh I don’t even argue against the servers JS set up for this are sub par. But if it slows down the bots I honestly don’t care. I honestly don’t give two craps about viewing other people’s lookups and pets. I rarely do because of slower internet. And the flash for pets has never been fast, even under Viacom. And tbqh, I don’t really notice much more lag now than I did when it was with Viacom. I mean they have major tv networks under their belts, which surely they devoted more servers to.

They are definitely a pain… but I don’t think I heard of many people having their accounts compromised while they were in place. But since they’ve been gone A LOT of users have been targeted/compromised/frozen. So if it really helps keep our accounts safe, I can deal with the hassle. :I

Buy Neopoints