Like many web users, I am of two minds about Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHAs). On the one hand, I see their importance in fighting several types of spam. In particular, they are an important defence against the spam blogs that have become so prevalent recently. These sites are set up based on a high-value keyword. They then trawl through real blogs, copy content, and put it up. To Google, this looks like a real blog specializing in that keyword. People find it through Google searches, and sometimes end up clicking the ads that are invariably strewn across these robot-created sites.
When it comes to creating new blogs and email accounts, I find CAPTCHAs entirely reasonable.
Where I object is with more mundane uses, such as vetting comments on blogs. Using a CAPTCHA can seriously annoy readers: especially those who have poor vision, or who are using browser add-ons like NoScript for extra security. To me, when a blog owner chooses CAPTCHAs as a security feature, they are saying that they are happy to waste the time of all of their commenters, rather than invest a bit of their own setting up a spam filtering system and occasionally checking for false positives and false negatives. If your blog gets 5,000 comments a day, you have a good excuse. If it gets less than 20, it really seems like a combination of Akismet and some .htaccess rules should be just fine.
reCAPTCHA (which Google recently purchased) has at least two redeeming features. For one, it does useful work. Unlike most CAPTCHAs, which simply garble text for users to decipher, reCAPTCHA uses text from real documents being scanned. It gives users two words to decipher: one known word to perform the CAPTCHA function, and one unknown word for use in digitizing the book. This leads directly to the second good feature: since these books have already been scanned by the best optical character recognition (OCR) software available, they are fundamentally protected against automated CAPTCHA attacks. Of course, you can always pay real people a small fee for solving the puzzles. reCAPTCHA is thus a relatively robust system, against automated attack, with the additional benefit of adding to the sum of useful digitized information.
Hopefully, future CAPTCHA systems will be less annoying for users and more difficult for computers to game. Experimental forms have included tasks like picking out only kittens from photos showing a number of types of animals. This is apparently a task that is easy for humans, but quite beyond the capability of automatic image recognition software.
Personally, I prefer to think of them as Computer Automated Person Checking Algorithms. It lacks the Turing shout-out, but is more concise and comprehensible.