Slashdot Mirror

← Back to Stories (view on slashdot.org)

Baffling the Spam Bots

Posted by michael on from the change-addresses-every-six-weeks dept.

dumpster_dave writes "Scientific American is running an article, Baffling the Bots on techniques to outsmart and subvert spam bots and their chat-room cousins via CAPTCHA. You have probable seen this in the form of images containing text as gate-keepers to various on-line services. The latest evolution is using non-words and distorting the text such that even the best AI systems cannot decipher them, yet humans can not help but do so [cf., Gestalt Psychology]."

15 of 350 comments (clear)

  1. Blind Users by X-rated+Ouroboros · · Score: 5, Insightful

    I've often wondered how these types of systems can be made handicapped accessible

    --
    Simple Machines in Higher Dimensions
    1. Re:Blind Users by EvilNTUser · · Score: 3, Insightful

      "Then you have to worry about those with poor or no hearing, as well as those with poor or no sound equipment. Why not have someone solve a riddle or puzzle"

      Because then you'd be discriminating against stupid people, and keeping them off the internet.

      Oh, wait...

      --
      My Sig: SEGV
    2. Re:Blind Users by vidarh · · Score: 2, Insightful

      Big problem with this: Let's say this type of challenge is given 1 out of a 100 times. It has the MASSIVE weakness that word lists with classifications are readily available (hint: computational linguistics - academics have spent decades preparing computer readable databases of stuff like this for use in their research), and if not can relatively quickly be built (think parsing dictionary.com output, looking for the category keywords). Say these method will solve 1 out of 10 of the challenges, which I think is very low given both the possibility of scanning a dictionary entry and availability of specialized word lists. That means 1 in a 1000. Which means somebody will hammer your registration server, and still be able to register 100's of accounts a day that they can abuse.

  2. I've always thought by Sir+Haxalot · · Score: 3, Insightful

    that just using johnsmithword-AT-hotmail.com works fine (where word is taken out and -AT- is replaced with @) I use that and have yet to have a single spam email.

    --
    I have over 70 freaks, do you?
  3. Keep tabs on where your address goes by bigberk · · Score: 4, Insightful

    Everyone should know this by know, but you can control spam by keeping tabs on where your email address goes.

    The address I use to post to USENET is completely disposable. The 'swen' worm in fact picked up my USENET addy and spammed it with about 40,000 emails. The address is now dead, but I saw that coming.

    I have a public address which I give to casual contacts (who may not be totally trustworthy). This address changes yearly, and this keeps it spam free.

    My well guarded private address, which I only give to my closest friends, has gotten no spam for 5 years. I receive about 20 emails per day at that private address and there is 0 spam.

    1. Re:Keep tabs on where your address goes by penguin7of9 · · Score: 2, Insightful

      Well, lucky you. However, most people actually have some sort of public existence: they run a business and want clients to be able to contact them, they are teachers or professors and students need to be able to find out their address and contact them, etc. Hiding one's address simply isn't a solution.

  4. Big problem by Lord_Dweomer · · Score: 2, Insightful
    I've always thought this was an incredibly creative solution. However...sometimes it works a little too well. I've encountered sites where I can't make out what the word is no matter what I try. And I'm not even colorblind/blind. The problem is....this filter does a good job of filtering not just computers who would have difficulty piecing the information together visually, but humans who might have problems doing that as well.

    One solution might be to offer multiple ways of deciphering. Such as an audio clip that could play a distorted version of the phrase that you could then type in. Or even ask simple questions, such as "What color is the background?".

    Then there's the other issue of the code not being visible simply because I'm using Mozilla....but thats a whole different can of worms.

    --
    Buy Steampunk Clothing Online!
  5. Could baffletext be used here ? by Rosco+P.+Coltrane · · Score: 2, Insightful

    Slashdot could benefit from such a human checker, each time someone posts, so that idiocies from crapflood scripts could be kept in check.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Could baffletext be used here ? by BrainInAJar · · Score: 2, Insightful

      Problem with that is that even though trolls seem subhuman, they're actually just extremely stupid humans

  6. Aren't they trying too hard? by danila · · Score: 3, Insightful

    Am I the only one having troubles deciphering the second word on the second picture?

    --
    Future Wiki -- If you don't think about the future, you cannot have one.
  7. And I thought the eye tests were hard enough... by Ron+Bennett · · Score: 3, Insightful

    I'm not sure about others, but I have a difficult time with sites which use distorted numbers on a nearly matching background...and I'm not even color-blind.

    Sound is better, but even that sometimes can be difficult to understand - also, I don't have speakers hooked up on some machines I use; some folks disable sound due to abnoxious websites/ads that blast sound unexpectedly.

    Anyways, many of my relatives and friends can't get into sites that use distorted numbers, etc at all and are basically locked out; sometimes they get lucky and find a similar site (likely a competitor) to the site they desired, which doesn't use such nonsense...

    Seems to me a better way is use geotracking (too many inbound connections from similar sources [IP ranges, routes, browser config, etc), email verification, etc... ...and perhaps even requiring the person to call a phone number to activate the account - ideal for financial-based sites such as banks, payment
    sites, etc.

    With good heuristics (really the key to stopping automated bots in my view), any decent website should be able to filter out much of the bots and other junk - it's no accident really that many of the largest sites don't use distorted numbers, pictures, etc - how do they do without them?...perhaps be a good Ask Slashdot item :)

    Ron

  8. Re:This is stupid. by jollis · · Score: 2, Insightful

    1. Block all email that contains HTML.. I mean how exciting can a text email be :)... Kills the marketing BS.

    Agreed, this is an immensely useful measure; HTML e-mail simply isn't too useful. This'll also kill all the tracking bugs.

    2. Institute a block all email except where you have whitelisted the sender...

    Powerful, but a huge sacrifice. Feels like throwing in the towel to me.

    3. Allow the sender to get prioritized by requiring them the first time to respond to an email and identify who they are and why they are contacting you.

    Challenge-Response causes backscatter to innocent bystanders. Think of worms and spam with falsified from: headers. Using C-R makes you a part of the problem, not the solution.

  9. Spam isn't that much of a problem ... by DaneelGiskard · · Score: 2, Insightful

    I use my email address for everything, including usenet. My provider runs a spam filter which reduces my spam / day to about 10 pieces. Of course, it filters out about 100-150 spam mails / day. When I'm bored I go through these filtered spam mails, but I did not find a false hit yet, so it works pretty well for me.

    This is convenient, I don't have to care where my email address goes, I just use it.

  10. What's wrong with this picture by hey · · Score: 2, Insightful

    How about those kid's puzzles where there is an image where many things are "wrong". Like the water from the tap is flowing up. These are easy to solve by people but very hard for machines.

  11. Re:Baffling the spam-bots are easy... by CaptainBaz · · Score: 2, Insightful

    Yes, but this would also baffle users who browse without JavaScript. There are lots of them, and they have a variety of good reasons for doing so.