I think the article misses the point of Captcha's, and I think he's incorrect in his conclusion because of that. The point of captcha's isn't that they are unbreakable, the point is that you want to raise the transaction cost above zero for creating a new account.
Spammers rely on massive accounts/contacts and get a very small return. Let's say you need to send out ten million e-mails to get a single response, and maybe you can get ten thousand e-mails out of an account before it's banned. If the cost of creating a new account is zero, or limited by zero, then it doesn't matter if you have to create 10, 20, 100, or even 1,000 new accounts to get the e-mails out so you can get one response and make a 5 dollar commission. If you can automate that hell out of it, who cares.
On the other hand if it costs you 5 cents to break every captcha, those costs really add up in the aggregate, but the transaction cost is so low for a single use that it really is almost inconsequential.
So as with all security, it's not about making it "unbreakable", it's about raising the transaction cost high enough to make it less attractive or even unprofitable to circumvent it.
I think the article misses the point of Captcha's, and I think he's incorrect in his conclusion because of that.
The site is actually written by a woman, Amy Hoy. I think it's a good sort of historical introduction into the issue for someone who doesn't know anything about it, but the article really doesn't seem to impart anything new to those who do.
I gather Amy Hoy is primarily a graphic designer who also does some dev work. I think most of the content on her site reflects this. As a person who has the same kind of split focus in a lot of their work, I have sometimes found content on her site interesting.
Spammers rely on massive accounts/contacts and get a very small return. Let's say you need to send out ten million e-mails to get a single response, and maybe you can get ten thousand e-mails out of an account before it's banned. If the cost of creating a new account is zero, or limited by zero, then it doesn't matter if you have to create 10, 20, 100, or even 1,000 new accounts to get the e-mails out so you can get one response and make a 5 dollar commission. If you can automate that hell out of it, who cares.
On the other hand if it costs you 5 cents to break every captcha, those costs really add up in the aggregate, but the transaction cost is so low for a single use that it really is almost inconsequential.
So as with all security, it's not about making it "unbreakable", it's about raising the transaction cost high enough to make it less attractive or even unprofitable to circumvent it.