I have one which picks a bunch of random single-digit numbers and a math operator, then asks you to type the result.

I spent days trying it out with screen readers and tweaking it to work with as many as possible.

I had a lot of spam when I tried that. Questions of knowledge were more successful.

This seems like it would be very easy to game

Its very difficult to block an extremely motivated and targeted attack. With things like this, you aren't trying to necessarily block a highly targeted attack. You mostly need to just ward off the majority of low effort bot spam and random internet trolls. Having extremely tight security can be expensive and/or difficult for most organizations.

This is exactly why something like reCAPTCHA exists and is used prevalently.

To me, it sounds like your system is just security by obscurity. It wouldn't scale, if it did become used prevalently then it would be very easy for bots to circumvent.

I normally agree with concerns about security through obscurity, but I disagree here: this isn’t a security feature. It is spam protection. Everything that creates more work for any attacker here helps reducing spam, on top of that Google itself uses code obsfucation (”Security through obscurity”) in their Captcha for precisely that reason.

It won’t scale, because it mustn’t scale. It is a dead simple solution to a complicated problem and works as long as it works, without selling your user data and brainpower toone of the biggest tech companies there is.

If it should happen that the spam bots overcome it or your site becomes big enough to be targeted you just change it for something stricter, stronger or more sophisticated.

You probably don't have the world's spammers trying to get in like Google. There is money to be made creating Google accounts.