Slashdot Mirror
Baffling the Spam Bots
dumpster_dave writes "Scientific American is running an article, Baffling the Bots on techniques to outsmart and subvert spam bots and their chat-room cousins via CAPTCHA. You have probable seen this in the form of images containing text as gate-keepers to various on-line services. The latest evolution is using non-words and distorting the text such that even the best AI systems cannot decipher them, yet humans can not help but do so [cf., Gestalt Psychology]."
I've often wondered how these types of systems can be made handicapped accessible
Simple Machines in Higher Dimensions
that just using johnsmithword-AT-hotmail.com works fine (where word is taken out and -AT- is replaced with @) I use that and have yet to have a single spam email.
I have over 70 freaks, do you?
3p biotch
Hotmail's spam filter has gotten really smart in the past few months. Yahoo's filter used to be the best among web mailers, but Hotmail has improved to the point that I don't get any spam in my hotmail inbox anymore.
I'm not one to go about shouting the praises of Microsoft, but someone over there's got their head out of their asses.
I find little satisfaction in the fact that the arms race between the spammers who want to get into my inbox or forums, and those who want to make it more difficult them to do so, might some day result in a machine that appreciates how small my penis might be, and empathically seeks to address this "short coming" with the helpful offer of an herbal supplement.
and include the 'key' in plain text in the title of the message? Bots can't process the text, mail readers can be customised to decode the messages basd on the 'key' in the header.
-
If you keep throwing chairs, one day you'll break windows....
This is a losing battle.
Smart humans will outsmart computers for quite a while. The average human is already dis-comforted with such a test (what's the middle word in the second image?!).
But those systems should work for the dumbest (within reason) humans. They're trying to design a test that's passed by the dumbest of six million, yet makes the smartest of a few (bots) fail.
I give in.
*comment about spambot overlords*
-1 SFAC
We are having to put so much effort into technological solutions to the spam problem that it has begun to have a serious detriment on the ordinary functioning of the internet.
This is not a technological problem. It is a societal problem. It is a societal problem because it is a problem of business. The spammers are not performing a technological action; they are performing a societal, business action using technological means. We can stop their technological means using technological solutions, but the spammers can usually find some very slightly different means. Our technological solutions don't help becuase it is the societal, business actions we want the spammers to stop.
We need to start addressing this at a societal level. We can't legislate technology, but we CAN legislate sales. We can pass laws about people who sell things in certain ways, and since this is technically what spammers are, they cannot escape these laws. They can move outside of the U.S., but if they wish to do business with people inside of the U.S. they have to obey our laws.
We could vastly increase the penalties for selling products through any spam firm which forges e-mail headers or otherwise attempts to block attempts to trace. We could follow a do-not-spam list. Most likely, we could institute mandatory labelling of unsolicited commercial e-mail. There are a number of things which could be done with pretty much zero collateral damage. But we will not do these things.
In the meantime, we are simply trying to shut off, one by one, each of the many possible technological means that the spammers could use to persue their undesirable business actions, and with each new "solution" to this problem we come up with, the collateral damage mounts higher and higher...
-- super ugly ultraman
Why not employ a system such as... "what item is in the picture below?" and have randomized pictures of cars, boats, irons, etc, etc. I suppose there could be some androgyny about it (typing "car" or "automobile" or "sedan" or "Toyota"), but this sort of system would cater to the visually impaired leagues better then the morphed words!?
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
Not news, and neither is the parent.
Everyone should know this by know, but you can control spam by keeping tabs on where your email address goes.
The address I use to post to USENET is completely disposable. The 'swen' worm in fact picked up my USENET addy and spammed it with about 40,000 emails. The address is now dead, but I saw that coming.
I have a public address which I give to casual contacts (who may not be totally trustworthy). This address changes yearly, and this keeps it spam free.
My well guarded private address, which I only give to my closest friends, has gotten no spam for 5 years. I receive about 20 emails per day at that private address and there is 0 spam.
Why not use a photograph of something very destinguishable by a human, IE a picture of a horse, or car, etc. It would be much more difficult to program a bot to detect what is in the picture. Or better yet, use that and the CAPTCHA text located in the corner of the photograph. It doesn't seem like it would be that much more trouble to enter in two pieces of information instead of just the CAPTHCA text.
You will be moderated down.
Mod parent + Funny!
... and include the 'key' in plain text in the title of the message? Bots can't process the text, mail readers can be customised to decode the messages basd on the 'key' in the header.
If a mail reader can be customized to decode the message, why couldn't a bot?
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Because the bandwidth problem caused by spam will go away by bloating our emails with WAV files.
Earthlink has an optional system like this, where unknown senders are blocked by default. They receive an autoreply giving them a URL to go to where they must enter the text from a CAPTCHA.
Unfortunately, the system does not work very well. My dad sells on eBay, and a buyer of one of his auctions had an Earthlink account, which blocked the message that told how much the shipping would be, where to send payment, etc. When my dad went to the specified URL, and entered the CAPTCHA text as requested he would simply get an error message that he had entered it incorrectly. He forwarded me the Earthlink email and asked me if it was just him; it wasn't; I couldn't get it to work either. The random string of numbers and letters was very distorted, and there were four possible meanings; I tried those plus at least ten more with no sucess. The message never got through.
There are many problems with this type of system. Consider: what if both parties have CAPTCHA-enabled accounts, from different providers? The confirmation messages from both parties get blocked. Smarter systems whitelist people as messages are sent to them, but as in the eBay case, the recipient had no way of knowing my dad's email until AFTER a message from him was received. It's a Catch-22.
And for people who are visually impaired, universal deployment of this system this makes email essentially impossible. Earthlink's page had a link "if you cannot see the picture, click here" and when you got to that they said to call their 1-800 number if you have any problems. Right.
Adding CAPTCHAs to everyone's email systems is NOT the way to solve the spam problem. We need a more realistic, permanent solution. For example, cryptographically authenticating the sender (the "From" field) at the level of the originating ISP (and rejecting messages from senders it cannot authenticate, by password or whatever means), and then having each relay in turn authenticating the previous relay if it trusts it. Headers can be inserted in the emails, signing the previous headers with private encryption keys with their public counterparts obtainable from the ISPs by simple DNS lookups. This will build a chain of trust, which stops when a message gets outside of the sender's network, and therefore allows the original sender to be properly identified back through their ISP. Once we know who messages are from, people can be held responsible. And at that point, anti-spam laws can handle the rest.
It's hard for thee to kick against the pricks.
I just pegged Layne Staley's guestbook!
HERE
Who du man? Even if you didn't like Alice in Chains' work, we will never miss the dead members. Ha!
One solution might be to offer multiple ways of deciphering. Such as an audio clip that could play a distorted version of the phrase that you could then type in. Or even ask simple questions, such as "What color is the background?".
Then there's the other issue of the code not being visible simply because I'm using Mozilla....but thats a whole different can of worms.
Buy Steampunk Clothing Online!
Slashdot could benefit from such a human checker, each time someone posts, so that idiocies from crapflood scripts could be kept in check.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
If a computer became sentient and developed the ability to read these images, would lawyers argue for its right to exist?
---- "If we have to go on with these damned quantum jumps, then I'm sorry that I ever got involved" - Erwin Schrodinger
A big problem with CAPTCHAs is that they can be "broken" with some vigilance and know-how, although not 100% of the time. Yahoo!'s has been broken by a UC Berkeley group, they claim a 92% success rate. The UCB algorithm looks at the image then searches through a dictionary to find the most probably matches and spits them out (you can actually see on the site how it chooses and how close it gets when it misses, mistaking 'grip' for 'slip' and so on).
:)
What is really needed for a *good* CAPTCHA is not pure image obscurity, but rather something that combines hard-to-read images with aspect about language that humans know intuitively, while at the same time being very difficult for computers to sort out. Take word associations, for example. You probably learned how words are associated with each other in 1st grade, so for humans it is a very simple task to pick out words that have a common theme. Computers are a different story. Have a CAPTCHA randomly spit out 10 words to the screen and have the user pick the 3 that are associated with one another, say for example HOUSE, LOG, FRONT, CAT, BROWN, DOG, CART, RUNNING, HOUR, MOUSE.
Even if the algorithm was to correctly identify all 10 words, it would still have to figure out what the association is and then correctly identify the words that fit the association. Assuming that it did correctly identify all of the words, at that point random guessing would yeild a success rate of 0.83%, less if it misidentifies even just one of the words. Combine something like this with a slightly smarter word obfuscator and I think it'd be something that would be very hard to beat...unless you're human, of course
It doesn't even fucking matter if that cocksucking Captcha shit is dynamically generated. Rather than batching up the goddamn images, batch your motherfucking account creation requests. When a would-be wanker visits your lame-ass pr0n site, your server begins motherfucking trying to create a Yahoo account (or what the hell ever), and feeds the dynamically-generated Captcha image shit to the human processing bitch. Perhaps it will fucking slow down your cocksucking rate, but that's just a matter of advertising your pr0n site better... by motherfucking spam or google bombing from your cocksucking Yahoo accounts, perhaps.
I have a better idea : present a complex differential equation and ask the person to solve it in less than 10s. If he fails, he's human.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Hey, you insensitive clod. Have you ever considered that the fecal freaks really hurt inside? You'd hurt too, if you brain compelled you to munch nasty feces or - even worse - watch japanese scat/vomit videos every day.
Am I the only one having troubles deciphering the second word on the second picture?
Future Wiki -- If you don't think about the future, you cannot have one.
I'm not sure about others, but I have a difficult time with sites which use distorted numbers on a nearly matching background...and I'm not even color-blind.
...and perhaps even requiring the person to call a phone number to activate the account - ideal for financial-based sites such as banks, payment
:)
Sound is better, but even that sometimes can be difficult to understand - also, I don't have speakers hooked up on some machines I use; some folks disable sound due to abnoxious websites/ads that blast sound unexpectedly.
Anyways, many of my relatives and friends can't get into sites that use distorted numbers, etc at all and are basically locked out; sometimes they get lucky and find a similar site (likely a competitor) to the site they desired, which doesn't use such nonsense...
Seems to me a better way is use geotracking (too many inbound connections from similar sources [IP ranges, routes, browser config, etc), email verification, etc...
sites, etc.
With good heuristics (really the key to stopping automated bots in my view), any decent website should be able to filter out much of the bots and other junk - it's no accident really that many of the largest sites don't use distorted numbers, pictures, etc - how do they do without them?...perhaps be a good Ask Slashdot item
Ron
How bizarre would it be if some spammer, somewhere developped the brilliant algorithm to solve these complex computer vision problems, therefore gaining world-recognition and causing innovation leaps in Computer Science -- all for trying to sell non-existant cruise tickets to some grandma ..
- http://pakman.sytes.net/
Would it have a bank account? If so, yes.
How about we stop researching how to combat spam bots, and just get some forks, some torches, and go hang these spamming fucking bastards.
I use my email address for everything, including usenet. My provider runs a spam filter which reduces my spam / day to about 10 pieces. Of course, it filters out about 100-150 spam mails / day. When I'm bored I go through these filtered spam mails, but I did not find a false hit yet, so it works pretty well for me.
This is convenient, I don't have to care where my email address goes, I just use it.
I'm guessing that word association wouldn't work very well, because Google will probably make it very easy.
The problem with this is -- you would have the same "dictionary-size" problem as was mentioned in the article. That is, you would have to human-generate every test, and if you reused the tests, spambots could easily pick up on that and know the correct answers.
And if you think you can computer-generate the quizzes, well, then, I'm betting a computer could guess the answers, if it used the same knowledge web for the word associations. The text-based CAPTCHAs work because you can computer-generate them but not easily computer-decypher them.
I object to that article, and to the next reply.
<img src="it_says_kitten.jpg">
heh dumb bot
bite my glorious golden ass.
Fuck you, karma whore.
Several people have suggested simple riddles as a turing test. Is it possible to (automatically) create enough idiot proof riddles to prevent a 'cheat sheet' attack?
I'm sorry to break it to you, but of the ten words you gave in your post, I can make three three-letter combinations. (cat, dog, mouse; brown, log, house; brown, running, mouse; to be precise.) The problem with what you've suggested is that it will be difficult to create a pattern which is easily distinguished by the human mind, but not the algorithms of a computer program coded by a human.
~another lurker
I have serious doubts about Yahoo's committment to stopping bots. If they really wanted to do so, why would there be so many pr0n bots in Yahoo chat? Is it so hard to eliminate bots that say the same thing and have profiles with nude photographs and porn links in them? Maybe Yahoo actually makes revenue out of porn advertising in chat rooms.
Those first two just knocked out my mom and sister from the "human" category, and the first one my dad as well. Look, MOST humand can't find the roots of an equation. That is a damn math geek question and you should know it. Shit, that's not even something I can do anymore without giving it a considerable amount of thought, and it is actually something I learned how to do (but haven't done in years). Many people know NOTHING about advanced math and have no need to. If you haven't done a fair bit of algebra, you have no hope of solving number 1.
Now number two is much simpler, but still hugely problematic. While I'm sure it seems simple to a geek who has taken plenty of adnvanced calculus in university it is NOT simple to someone who has trouble grasping basic math. There are multiple types of intelligence and not all people are gifted at the type required to do well at math. Thus, even a word problem that your percieve as simple is out of their reach.
As for the third, this is the most reasonable of your propositions, but still problematic. While almost all normal people can solve this you still ahve now excluded a section adn that being the mentally handicaped. There are people who can function normally such as to be able to hold a job and use a computer, but yet cannot deal with logical inferences of this type. It is uncommon and is a disability.... as is blindness. So how is it better to exclude them than to exclude the blind?
Sorry, but your system is not better than obfuscated pictures, it merely excludes a different, and wider range of the population. What's more, I could easily write a program to defeat the math questions. It would not be hard to latch on to key tersm and structure to identify what is needed to solve the problems.
this will create a huge problem for the internet in the future and they will send someone back in time to stop it....crap, didn't happen.
Then again, as it is said before, this is not directly about not getting spam, but how to stop _sending_ spam.
But returning to your "eloquent" way of "protecting" your email addy, it is sadly antique in these days when mail forwarding servers (like sobig-XXX) collect adresses and forward them to sp4mh0sts. Et Cetera. As long as you send mail, your address can be collected. Period.
Only real solution for getting no spam, lies within ISP's and mail service providers. If no spam is send, and all spam-nets are restricted from mail then no spam goes to my, or your inbox.
In dream society, people could be given the ability to mod replies. In real life, it would be disaster.
You can download the complete script from my web site. Names are generated from a U.S. census database, and the distribution of first/last names approximates the actual distribution in the list.
Here is an example of what it looks like...
Folks, this is the bot-trap of the future!
And you wonder why you have no customers!
"That's it. What's your name? You're blacklisted. Now take yourself and your little bitch friend out of my store - and don't come back." I barked. Cravenly, they complied and scampered off.
So you're telling your customers to "scamper off", and then act surprised when your business is no longer profitable.
Hint: if you want to run a profitable business, don't chase your customers away!
This evening, my daughters asked me. "Why do the other kids laugh at us?"
Hmmm, maybe it's because the other kids know what a poor businessman you are... Even a lowly greengrocer knows that it's bad business sense to insult and chase away his own customers
"It's because they are idiots, kids", I told them. "Don't listen to them."
I really wonder who the idiot is...
I came up with [house; log; cart] (all three can be made of wood).
.. is that they can be brokered. If you give me a puzzle, *I* don't have to solve it; all I have to do is induce someone, somewhere, to solve it, and give me the answer. That means I can set up a CAPTCHA-solving factory in Taiwan, or field a porn site where users pay for their pictures in CAPTCHA answers. (*My* CAPTCHAs, the ones my script was assigned to answer in order to make Paypal transactions, not new ones I made up on the spot.)
Suppose that a human can solve your CAPTCHA in an average of five seconds. Suppose unskilled labor costs $6/hour. Then it costs a bit under a cent to find the solution to your CAPTCHA, assuming that I want to solve at least a few thousand a day. As a result it is impractical to protect a service worth more than a penny with a CAPTCHA.
Actually unskilled labor costs far less than $6/hour in some parts of the world, so if CAPTCHAs see wide use the value of the services they can protect is even lower. A tenth of a cent?
CAPTCHAs should be seen as a proof-of-work mechanism, like "hash cash", not as an oracle that can determine whether a transaction was initiated by a human or a machine. Unlike proof-of-worth schemes that burn CPU time, the value of a CAPTCHA won't be inevitably halved every 18 months by Moore's law; on the other hand, it could be suddenly reduced to zero by breakthroughs in image processing.
This example is a bit stupid - what stops a computer program from filtering out everything of the wavy background by just eliminating everything non-black? There seems to be so much contrast in the image that it would be a really trivial job.
While I know you ment that as a joke it's probably a good idea.
Just have a normal link and if they go to it in less than a second then they can't be human.
Spammers would write scripts and it wouldn't work but users would never notice.
I'm proud to have one of the most extensive Christian rock sections that I know of.
"Dude, I'm going to put this CD on the Internet right away."
"Yeah, dude, that's really lete [sic], you'll get lots of respect."
Huh? For any other domain than hotmail.com, perhaps. :-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
How about those kid's puzzles where there is an image where many things are "wrong". Like the water from the tap is flowing up. These are easy to solve by people but very hard for machines.
Include an external javascript-file with a function that makes a document.write() on the email-adresses that you want.
The spambots will never bother trying to run javascript, especially if it means downloading an external file. And using, for example, mozilla's command-line js-engine will not help, because without an attached browser most of the scripts will reference objects that does not exists (like windows and such).
Dynamically generated documents are a pain in the ass for web-spiders. I know. I have programmed spiders professionally for quite some time.
Opinions stated are mine and do not reflect those of the Illuminati
Are you sure that's hard? Have you ever seen Google Sets? A program could take each pair of these words (of which there are 90), ask google for more words from that "set", and note which three words most commonly show up together, close to the top.
Moreover, your solution may be quite difficult for people who are not native english speakers.
-Rob
-Rob Ewaschuk
What if everyone who received a spam clicked on the url for the product's page to check out the product, maybe checking it out twice or so?
Wouldn't that get expensive for the spam hosting site and their mark--I mean, "customer"?
Especially if everyone just looked without buying?
Might cost someone so much money that the business would be bankrupt rather quickly.
Or it might make an upstream provider so annoyed at the traffic to the spam site that they might pull the plug on the scammer--I mean, "spammer".
Well, perhaps we should just buy their stuff, instead of going to just look... After all, it is the right thing to do, no?
I'm proud to have one of the most extensive Christian rock sections that I know of.
Dude, that's really [sic].
The only kind of recognition the spammers would ever care about is the kind that gets their spambots past the test.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
I thought I read somewhere that the used cheap, cheap cheap labor in some third world countrie, and basically had people just sit at a computer and write down the answers to what they saw on the screen, thus by=passing this defense.
..........FULL STOP.
For example, show 4 pictures; three of them of the same animal (say, a tiger) and the fourth of a random animal (say, a rhino). Ask the user to pick the odd one out. Make them grayscale, so that a color histogramming technique can't be used.
Another example: show an analog clock, and ask the user to enter the time shown.
By deploying 100s of such little "CAPTCHAs", the site owners can make the bots' task that much more difficult.
And heck, if someone can develop bots that can still do well, I'd say it's a big leap for AI and Cognition! Give the bot-writer a tenured faculty position at CMU. :-)
How does your contribution relate to the specific subject of the parent post, the impact on blind people?
Dude, if you were half a man you'd go get a real job and sell that lame-ass christian rock store to some twenty-something loser who can afford to live in a studio apartment and eat generic macaroni and cheese. Get a real job, pay your mortgage, buy your kids some clothes that won't get them beaten up, and stop whining. If you were a true business person, you'd know that you don't sell what is right, you sell what is hot.
*sigh* rookies
How many people are unwittingly giving away CAPTCHA answers? The link {to a CGI script which puts out image data} must take a parameter to tell it what image to display, since it can't return any data to the calling page {it's just an image and doesn't have a full set of headers, just a MIME-type} and can't use a temporary file {in case of multiple users accessing it in parallel}. That parameter is probably also present in a hidden field in the form, so that the form processor knows what the user should have typed {or the referring URL itself could be the hidden field}. You only need to see one image, then resubmit the form as though that was the image you were shown.
You have to remember that there are idiots out there who think all there is is IE and Windows. I have seen, and made use of, a few sites which have unwittingly given away access to premium services {hence the ACness -- gotta have that plausible deniability} because their security measures were either non-existent or depended on software I was not using. {I see it a bit like taking a few sheets of toilet paper from an unlocked privy; nobody's ever gonna miss it if they find it's gone, but they'll be annoyed enough to throw the book at you if they find out it was you that took it}.
Socially, people like to pick dumb passwords. Tell them what makes a good password...and they will nod and pick a dumb password...then loose it. So, demanding that people follow good practices is not possible (unless you make fools of people with poor passwords by sending out funny but embarasing email using the person's own account).
Key recovery systems (email me my password) help, though they usually send the password in clear text and require network access. Making it non-machine recognizeabe would be better, but still not ideal.
Use the algorythm that generates the obscured password as a human readable one as an alternate password itself. Instead of using a dumb password such as "mypassword" (clear text digits) generate the nonsense data from the dumb password atomically at the point of entry and transmit that.
Yes, this second idea would be useless on desktop computers (too easy to thwart using social methods or key trappers). It might be handy for key-based systems that require high security. For example, put the encoder in a small part of a smart card (used from next gen ATMs through to secure area access cards)
Debate...discuss...shoot holes in this. Should be easy!
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Why not generate text that looks real (heck, use excerpts from real email), and include images that advertise the latest scam product? After all, they are supposed to be incomprehensible to programs, and Bayesian filters are programs...
PHEM - party like it's 1997-2003!
I have young children who each have two email addresses. One address is the name of the kid @ our family domain. This address is only for close relatives and trusted friends. Spammers have not picked up these address.
But I don't run a real SMTP server, being on a less than completely reliable connection to the net. So I have our DNS provider forward these addresses to our cable ISP. We used "ATTBI.COM" addresses for them which have now been moved over to COMCAST.NET addresses. I have never given the ATTBI nor the COMCAST addresses to anybody. No one. They are just there to receive mail forwarded from the family domain. These addresses have somehow been harvested and they both get several Spam per week.
...Nothing interesting here. Just move along...
Has the RIAA sunk so low that it even starts trolling in totally off-topic posts on /.?
Just do a Burrows-Wheeler transform on your e-mail address. Comes with the bonus of preventing stupid people from trying to contact you.
What if a user cannot decode an email address or solve a riddle? What about the intelligence-disabled amoung us? They have rights too!
Conformity is the jailer of freedom and enemy of growth. -JFK
See if you can decode this hint without AI: l tr o l
Hopefully I didn't get beat to this one...
I fguierd out the pfercet way for saprmems too keep gitetng the mial psat the fetrlis. All tehy hvae to do is use the tneciquhe mnetoiend in tihs salhsodt alrcite aobut how the haumn barin rades txet
Mrogtgae - Variga - Gineltas
But in all seriousness...
I did get a spam this weekend, where mortgage was spelled...
rnor.tgage
Had to read it twice before I noticed what they had done.
Dr. Wu
"Yes, There's Gas In The Car"
I've been thinking lately of making a script that would generate fake email addresses and include it on a webpage; such that the fake email address list gets re-build on every hit. It would create addresses like xxxxx@yyyyy.com|net Where xxxxx is a random alpha-numeric sequence, yyyyy is a random alpha-numeric sequence. Or, perhaps yyyyy would be a random valid word from a dictionary or other list.
The goal would be to feed the bots so many fakes that they choke on the bounced undeliverables, or, they make note not to harvest there again.
But, maybe the bots look out for web pages containing more than X number of emails? Any thoughts on this?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Why yes, everyone understands word associations. Forest is to sunrise as wabi-sabi is to ...
You have 10 seconds.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I would indeed call it the solution to spam problems. By annoying the crap out of everyone who might possibly email you, no one will email you again, and you won't have need of an email address.
Challenge-response systems invariably fail in the face of forgeries, because SMTP simply has no accepted, let alone adopted mechanism to send back challenges. I block thousands of challenges every day sent to people who were unlucky enough to have the email address some email virus or another forges.
I've met a couple deaf and blind people. I don't know if they can use a comptuer, but I don't see how you have managed to help them.
Met in the loosest sense, I don't know sign language. It is facenating to watch them read sign language by feeling the hand of the signer.
F u cn red th mesg thn u r abl 2 d-cyfer non-wrds.
Btteer yet, why not tkae avdnatge of humnas abliity to isntcnictvely rarreange ltteers to mkae wrods out of nnosesne?
That would be the "brown log house", right?
Am I the only one who can't read the bottom two examples in the figure captioned "Baffletext?" I occasionally fail some of the more sophisticated CAPTCHAs. As this arms race escalates, how many of us will be cut off?
Ummm... This group's work would be baffled by the introduction of any non-dictionary words, such as random letters, numbers, other characters, symbols, or pictures. As you can see here, they freely admit to basing their attack on a dictionary of the 500 known words that Yahoo! uses. By the time their work ever gets too close, it would be trivial to change the test.
Um, it's trivial to build a delay into a script. Programmers do it all the time for any number of reasons.
Check the article and the webpage; CAPTCHAs that work from a word list appear to be vulnerable to attacks that compute a confidence for each word in the wordlist -- this is how the current generation of CMU CAPTCHAs can be machine-solved 90%+ of the time -- and the new CAPTCHAs at captcha.net use random letters instead of a wordlist.
:)
captcha.net also has "demonstration" image recognition CAPTCHAs, where the user must look at a picture of a cat and choose the radio button marked "cat". That would certainly require familiarity with English. On the other hand, it would require familiarity with English on the part of the CAPTCHA's *intended* audience as well
I think I see a flaw with that system. I mean, spammers could just use really slow computers that take over 10 seconds to solve the equation.
You are in a maze of twisty little relative jumps, all alike.
Slashdot.org because the best way to be idiot proof is to keep the idiots out.
I like to track what companies sell my email address to spammers by using a catchall email account. Basicly anything addressed to @mydomain.com reaches me.
So when a website or company require an email from me I simply use companyname@mydomain.com. This way I can track back to the company sending the email and jump down their throat.
I recently had trouble with the power-backup company APC. Even tho I had opt-ed out of recieving emails they started sending them to me. So I contacted them and they said my address would be removed in 2-4 weeks. 8 weeks later I was still recieving them so I sent a real nasty letter. The next spam I get from them goes with me to my lawyer to discuss my options. I figure APC should be good for a few bucks.
Greylisting is based on the idea of sending a temporary failure code the first time you get email from a stranger (someone with a from and IP you haven't seen before.)
.sig
It catches about 85% of spam.
In other words, just requiring the spammers to have a mailer that can retry is more than most of them can manage.
I've been running a challenge response system for a while now, and the challenge is nothing more than "please reply to this message".
A machine could answer it without difficulty, yet the only spammers to get through are the 419 spammers.
(I'm convinced that many of the 419 spammers actually have humans read the responses they get, so they would have no trouble dealing with CAPTCHA either)
And if you're going to filter, why limit yourself to questions that a random human can answer?
Why not a challenge like "Name two things I'm interested in."
-- this is not a
Anyway, you can use something similar to that with your email address. NATATA Anti-Spam Encoder will convert your whole email address into the code for each character. Browsers automatically decode these (just like the %20 in a filename gets converted to a space when you save it), but there's no email address in the source of the page.
@ is the code for @. To get the code to appear on an HTML page, you have to use "ampersandampsemi-colon#64". If you just type out the four characters, the browser will decode it into @.
. is the code for . if you want to sub that in also.
I realize that these aren't the end-all solution to stopping harvesting programs, but they do work well. I downloaded Atomic Email Hunter (the only free harvesting program I could find) and did some testing. After just changing every @ to @ it did not find any email addresses on the page. In contrast, putting in the URL to a phpBB2 thread yielded the email address of every person who had posted in the thread. With the codes, it looks exactly the same to users but at least some spambots are stopped.
Unfortunately, the more this is used, the more bots will be coded to handle these things. For now though, it does help.
The first thing I though of when reading the parent comment was the many minutes it took me and my cousin to get into LSL2. We were only 9 years old (+/- 2) at the time, and the "adult filter" - which consisted of questions which most older folks should know the answers - worked pretty well to keep us out.
They would have to be pretty idiot proof riddles to allow general access to a website. You've got to consider age, people where english (or the language of the site) is not necessarily strong, aptitude... pretty tough just to avoid spam!
Disclaimers: he's not a spammer, he's just a bright 13-year-old, and it wasn't a clever system, it was just a randomly selected word that was always in the same font.
:-)
It was funny because once he got it working, they changed the system so that every letter was in a different wacky font, and he thought he was beat. Then he realized that they were still using only one font, it was just one of those ransom-note style ones where every letter is different. The upshot was, his system started working better than it had before, because there was more variation between letters.
Cernegie-Melon is obviously moving a little past the state of the art in random young geek websites.
I don't remember the site, but I did notice that it had an audio option right next to the image box.
In an earlier article http://slashdot.org/article.pl?sid=03/10/19/211820 1&mode=thread&tid=126&tid=185 a near-future AI machine was foreseen as managing a call-centre. It's not too much of a leap to imagine that the world's first commercial application of AI will instead be to sell us more unnecessary junk.
And since I can't tell the AI apart from a human, let alone a sales-droid, I'll be doomed.
Now I feel like slitting my wrists.
Intelligent scanners pick that up. Some even use the IE ActiveX control to pick up embedded javascript (document.write shenanigans). That way they see what you eventually see. makes all those tricks useless.
Fuck Beta. Fuck Dice
Actually "Google Sets" does a good job of creating those "Human only" associations you speak of.
this set brings up "dog" (among others) when given "mouse" and "cat".
The only kind of rockets the US cared about were the kind that would get them past the Russians.
- http://pakman.sytes.net/
Go ahead, kids, try it. I bet you have spam in two months even if you don't use the address.
It's because of the pop-up ads, which recognize which account is currently being used from referrers.
hotmail is crap. Don't use it.
And god damn sir sucks-much-cock, why don't you lick a dick and split! WE HATE YOU HERE!!!
Now why was my reply "flamebait"!! Does agreeing with flamebait (not that it was) make you flaimbait too???
Now you've got me curious. What kind of questions will 10 year olds not know the answers to, but which the vast majority of adults will? It would also have to be a question that the kids can't just find an answer to on the internet, and there don't seem to be many of those left. Do you remember any of the questions?
log house
brown house
cat house
dog house
mouse house
cat dog mouse
?
Caveat Emptor is not a business model.
I _think_ some questions were political (something akin to who is the leader of the Republicans), maybe some about drink mixes, and I'm pretty sure music groups from the 70's were in there.
To be honest, I probably got that completely wrong, but I'm sure there are cheat sheets out there for LSL1 codes somewhere on the web.
LOL... However:
1. Solve this equation in 10 seconds or less.
(bot) sleep 11
3. PROFIT!
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
dumbass...