Don't fall for the Honeypot Promise
What honeypots are: “Invisible” fields or hidden instructions meant to trap non‑human scripts that fill every field. If a respondent answers a honeypot question, they expose themselves as a bot – at least, that was the idea.
Why they fail today: Multiple studies and industry experiments have shown that honeypots no longer pose a challenge to bots. In a paper published in the International Journal of Market Research, Höhne et al. (2024) tested four bots — two simple, rule-based bots and two AI-based bots— running each one through a web survey 100 times. Every single bot, even the simplest one, passed the honeypot traps without fail, scoring 100 out of 100. The authors conclude: „Both honey pot questions embedded in the source code do not represent a challenge to any of the bots.„
This finding only confirms what Storozuk et al. (2020) had already observed 5 years ago: honeypots are among the least effective methods for detecting fraud in online surveys.
The reason is that bots built with state-of-the-art frameworks like Selenium WebDriver ignore hidden elements, which prevents bots from being caught by honeypot questions.
So when someone claims their surveys are “bot-safe thanks to honeypots,” it’s time for a reality check. Even basic bots stopped falling for that trap years ago. Real protection and detection needs smarter, multi-layered defenses.
