I think using Google's implementation winds up being enough, but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets. Any recommendations would be appreciated!
>but anything homebrew/self-hosted (to avoid tracking) is usually not going to protect high-value targets.
Is it really realistic to expect advanced attacks on CAPTCHAs with visual recognition or Mechanical Turk? I think you'd have to be a very high value target. I wrote a little PHP captcha when I was 15 and I've been using it ever since, and I never got any spam on my (admittedly very low-traffic) sites.
I actually wanted to implement visual perturbations based on perlin noise, but I really never got around to doing that. Would be an exciting little project.
