Slashdot Mirror
Will Solve Captcha for Money?
alx_lo writes "Captchas are a nice idea to protect your blog or guestbook from being spammed by robots.
But what good is this protection when you can hire "data entry specialists" to solve captchas for $0.60 per hour for 50 hours a week?
Anyone here who can think up a solution that does not include drastically changing the global economy? How about captchas that require cultural background knowledge to solve?"
I agree with the parent post...put up a captcha picture of a PDP-11/40, PDP-11/45, PDP-11/70 and I can identify all of them within half a second.
However....my wife will correctly identify it as a "PDP" but probably won't identify the model
My sister (who is smarter than me) will say "it looks like a computer of some sort"
My niece will identify that it is something electrical
I don't want to see captchas that start to depend on a specific culture to use.
This still hurts spammers, because spamming is otherwise pretty cheap. Once you've grabbed bots, all you have to do is upload a few hundred KB of scripts to an IRC channel. It's practically zero overhead. This adds some to the equation. Adding overhead puts smaller spammers out of business, and it's the way to win. We can't stop spam, just make it harder.
these things are really the worst idea ever, its already bad enough if you can barely even make out what letters they spell, but what if you're blind or just have bad eyesight? As far as using this new cultural background idea, it sounds more like a way to block people out based off of race (that's racism folks). What if I but don't much care about my cultural background or simply have not learned about it, what then?
I wish they would go away. It usually takes me 2 or 3 tries to get them right. I guess I over analyze it. I see stuff and think "wow - is that a one or an L" and so on. Normally after I've gone through a few, I get to see some of the characters I'm confused about in different images and finally figure it out.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Perhaps a solution is making the captcha time-intensive? If it takes an additional 30 seconds of 45 seconds, it might cut down on the number of captchas a person could solve in an hour.
This would probably work better for sites where you only enter the CAPTCHA once, say for creating an account.
Maybe I missed the memo/boat on this, but aren't CAPTCHAs here specifically to stop automated spamming, automated account creation, etc.? After all CAPTCHA == Completely Automated Public Turing test to tell Computers and Humans Apart.
So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.
Then the "other side" will volly back with an image algorithm to thwart CAPTCHA, then we'll get CAPTCHA 2.0 with synergistic AJAX-enabled authentication, and then we'll have Terminators ruling the world.
:wq
This issue quickly runs into the same sorts of problems that copy protection on software does. People who are dedicated to breaking the system will still be able to, but normal people trying to work with the system are just getting annoyed.
It's a mild pain in the ass to match a swirled up picture of letters (I've known the alphabet for about 25 years, and I still get them wrong sometimes), but I'll usually go through it. Make it much more difficult than that, however, and I'm pretty likely to decide it's not worth it, and go waste my time on another website.
The solution to this problem is not to make the visitor do more work, because you can easily drive your visitors away by making your website a hassle. The spam needs to be filtered on the server side, or just deleted as it appears.
I've encountered this problem on my own neglected website, and I haven't found a good solution that I have the skills to implement. I generally just delete the spam as it appears, and I turn off commenting on older posts. This works for my personal site, because it's low traffic, but I'd imagine someone who gets more readers and spam could find the motivation to set up some sort of filtering, similar to email spam filters.
One time I threw a brick at a duck.
I highly doubt that most American, or people even could compute a square root without a calculator. I don't even think they teach that stuff in school anymore.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
It would be a fine idea if you were trying to keep access down to certain sub-cultures (ie, a captcha showing a picture of Linus Torvalds and one of Linus from Peanuts, asking what they have in common), but on a larger scale it just isn't going to work.
US Democracy:The best person for the job (among These pre-selected choices...)
and that my friend, is why the capture should require the user to post on Slashdot and get modded 'insightful'. Only then would they then be granted access.... Sadly, I'd be left on the street along with all the first posters...
How about captchas that require cultural background knowledge to solve?
If the captcha does not itself contain all the information required to solve it, some legitimate users will be unable to solve it.
Now, simple riddles would at least require mastery of the language instead of mere character recognition skills. However, requiring language only raises the $/hour cost of solving them a little. More importantly, even easy riddles are much harder to generate for captchas than random strings. E.g., "What word is fourth in this sentence?"
"We reject as false the choice between our safety and our ideals." --The American President (20.1.2009)
One thing I did just 2 days ago has stopped the CAPTCHA attacks cold. I modified my registration page just slightly to alter it's URL. Now, if some lackeys are manually doing every phase of the registration, this is no help at all, but they're trying to be more efficient than that. They don't make their lackey's click the "register" link, and then click on the link confirming they are over 13, etc, etc. Rather, they have tools that automatically traverse these paths or mimic their traversal, and those tools require your installation to literally be identical to all PHPBB installations, as it is their syntax it is capable of parsing and triggering.
The result is that no lackey, apparently, is ever getting rushed right to where s/he sees a CAPTCHA and has a textfield into which to type its text. I've fallen off the radar by opting out of a monoculture in a very tiny fashion. I'm glad to think I've turned the spammer's trick (obfuscation to defeat automated tools) against them.
tone
tone
What about reducing it to a single problem again by accepting comments only via email? Then you can bring the usual tools to bear - forcing server retries, greylists, whitelists, blacklists, analysis, etc.
Just provide the comment email address at the bottom of the article and a uid in the address would make it post to the proper article/story/whatever. Reply to email addresses would have a different uid as well.
Make the mail server moderate for you.
You are checking your backups, aren't you?
you can bet they wouldn't be spending their own dollar to post with such a solution
Even if the dollar they spend is stolen, it's still theirs in the sense that they can spend it. They have to choose whether they want to spend it on advertising or on real-world goods that they get to keep, so they still have to decide whether they're likely to get more than a dollar back from their posts.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I'm curious... 'cannot be solved with a calculator' ?? The closest I can come is algebra, but then... I could write a script in several languages that would do the algebra, once it was pulled from the image. And quite a bit quicker than a person could.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
I think the key is to have the captchas ask questions such as:
What is the minimum in the United States ?
a) four peanuts and a kick in the nuts per day
b) $5.15 per HOUR, that's right, HOUR as in 1/24 th of a day
How much does a spammer pay on average for each solved captcha ?
a) less than a penny
b) more than a penny
What is Falun Gong ?
a) an evil conspiracy to enslave old people into doing calesthenics in public parks
b) a competitor to the brainwashing cult of communism
c) all of the above
The goal would be to get the captchas blocked by the great firewall, trick the workers into doing a google search that will get them arrested, or cause them to rise up and eat their employers still beating heart when they realize how exploited they are.
Ignoring any issues about offensiveness or whatever, that's not the problem with it. The problem is that it's easily broken.
How do you break it? Easy. Just pick a random number between one and the number of options you have. For a three option CAPTCHA, you have a one-in-three chance of getting through. You're a spammer remember, so these odds do not deter you, all you have to do is run your automated script three times and you'll be close to sending out the same number of spamvertisements as you would have sent without the CAPTCHA.
Realistically no multiple choice system, as advocated by a number of posters here, will succeed unless it has so many choices that it's improbable a real user will be able to use the system without issues.
CAPTCHAs are a bad idea in general. Yet again they're a poor, unwieldy, temporary "solution" to a problem the inventors barely understand that causes more problems than it fixes. Like 99% of anti-spam solutions. The only thing worse than a CAPTCHA is what'll replace them.
You are not alone. This is not normal. None of this is normal.
I prefer the Bilbo line of questioning.
"What's this in my pocket?"
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
How about taking a page out of "Last Crusade" and having multiple "submit" links, only one of which works. In plain text near the links, say something like "click the blue triangle submit button to not have your post marked as spam." As long as there aren't too many choices to wade through, users won't be terribly inconvenienced.