Will Solve Captcha for Money?

alx_lo writes "Captchas are a nice idea to protect your blog or guestbook from being spammed by robots. But what good is this protection when you can hire "data entry specialists" to solve captchas for $0.60 per hour for 50 hours a week? Anyone here who can think up a solution that does not include drastically changing the global economy? How about captchas that require cultural background knowledge to solve?"

Unique Reg Form

[multiOSfreak]

I admin a PHPBB-based forum and the spam (from bots) was getting out of hand. They were going through the built-in CAPTCHA with no problem. The solution ended up being that I had to modify the registration form so that it wasn't just the default form. Throw a couple of oddball questions on the form, make them required, and bots can't deal with it since the bot script can't account for deviations from the norm.

Re:Unique Reg Form

[soliptic]

I actually did something fairly similar with my phpbb installation.

I noticed that bots were signing up but not actually posting, (I donno, maybe they were meant to post but that part of the script broke -- either way, they never posted, but it annoyed me having them there.) They were just there, with links to sites selling vicodin/viagra/etc. Which annoyed me somewhat, but one time a child porn link showed up which was really the straw that broke the camels back, and I decided to stop it. I noticed that 99% of the sites were *.ru so I altered the reg form to throw an error if it detected a *.ru domain in the website field. Then I just started getting non *.ru domains instead, so I just thought, fine, fuck it.... Now if anybody signs up with ANY website in the website field, it throws an error, and has a message along these lines:

I notice you have a website listed. To prevent spam bots signing up to link their websites, this has been disabled on registration. If you are not a spam bot, just complete your sign up with no website, you will be able to add it back in by editing your details once you have registered

Since then, no spam bots. w00t. Of course, that forum only gets a handful of signups per year, so I don't really care if it inconveniences people slightly, it's primarily intended as a "private"ish (real life friends) forum anyway.

SweatShopSoftware.com

[osgeek]

My team of fine Southeast Asian workers will remove spam from your web site/bulletin board/blog for a low low price of $.60 US/hour.

Incidentally, for those of you in the market to advertise your wares: My team of fine Southeast Asian workers will circumvent those inconvenient captchas on web sites/bulletin boards/blogs for a low low price of $.60 US/hour.

Here at SweatShopSoftware.com, we have a solution to every problem.

Re:no good solution for now

[hc5duke]

How about a mathematical Captcha that cannot be solved with a calculator. Well educated foreigners will not even work for $.60. Then again, how many Americans could solve these.

Thank you for signing up with Blogger! Before you continue, please prove P=NP.

Still hurts spammers

[ZachPruckowski]

This still hurts spammers, because spamming is otherwise pretty cheap. Once you've grabbed bots, all you have to do is upload a few hundred KB of scripts to an IRC channel. It's practically zero overhead. This adds some to the equation. Adding overhead puts smaller spammers out of business, and it's the way to win. We can't stop spam, just make it harder.

refundable micropayments.

[yourestupidjerks]

Refundable micropayments. Seriously. Require people pay $1 to post a comment, payable via paypal or whatever. Once you have checked their comment, you can add them to a whitelist that will never be charged again and refund them their $1. Spammers don't get their dollar back, don't get added to the whitelist, and have their comment removed. The result over the course of a large number of blog entries would be to significantly increase the cost of doing business for spammers, while providing only a very minor inconvenience for legitimate users.

Re:refundable micropayments.

[Scurra+UK]

So posting my 2 cents now costs $1? Guess that's inflation for you...

Re:refundable micropayments.

[BrynM]

Spammers don't get their dollar back, don't get added to the whitelist, and have their comment removed.

With the rates of credit card abuse and identity theft from where lots of spam originates (former soviet states, pacific rim), you can bet they wouldn't be spending their own dollar to post with such a solution.

Yeah, make your website more difficult.

[cowscows]

This issue quickly runs into the same sorts of problems that copy protection on software does. People who are dedicated to breaking the system will still be able to, but normal people trying to work with the system are just getting annoyed.

It's a mild pain in the ass to match a swirled up picture of letters (I've known the alphabet for about 25 years, and I still get them wrong sometimes), but I'll usually go through it. Make it much more difficult than that, however, and I'm pretty likely to decide it's not worth it, and go waste my time on another website.

The solution to this problem is not to make the visitor do more work, because you can easily drive your visitors away by making your website a hassle. The spam needs to be filtered on the server side, or just deleted as it appears.

I've encountered this problem on my own neglected website, and I haven't found a good solution that I have the skills to implement. I generally just delete the spam as it appears, and I turn off commenting on older posts. This works for my personal site, because it's low traffic, but I'd imagine someone who gets more readers and spam could find the motivation to set up some sort of filtering, similar to email spam filters.

Reputation ID

[robotsrule]

This is why I believe in the future there will be two Internets. The one we have now which is wild and wooly where you can remain anonymous, and one where you can't do anything without a Reputation ID that is tied to a biometric identification method (fingerprint, voiceprint, etc.). There will be third party companies like Google that have Reputation ID accounts and will handle the authentication. The Reputation ID based Interent is where eCommerce, government and medical records, etc. based web sites will live.

I hope to heaven that instead of a biometric authentication, someone can come up with a card reader for driver's licenses or some other ID method, but current events seem to indicate biometric authentication will prevail. Even in that case, I hope it is a "authenticated-user" token passing scheme so that the web site that you want to visit never knows who you are, just that you are a valid user that owns the account ID you claim to own (the Reputation ID web site acts as middleman and privacy shield, pray they are never hacked).

By the way, I don't like the thought of privacy problems and Reputation ID spoofing scenarios this implies. I just don't see any other way way to build an Internet with a high degree of trust. As I type this I am looking at the SlashDot captcha box for comments.

Re:no good solution for now

[mgblst]

What is the square root of 2 then? And no approximate answers.

Solution using existing websites

[Facouille]

To register, you have to be a "confident" user of a parternship website, like say ebay, paypal, amazon, yahoo, hotmail, google, etc, etc. They can proof that you are a real user, and an open api allows 1-1 relations between your accounts. If you are not registered to any of those website, you have to get X points using Folding@Home to be trusted.

Re: no good solution for now

[Gospodin]

Wait... I've got it!

To prevent inexpensive foreign labor from solving CAPTCHAs, simply ask easy math and science questions... but only only provide access for wrong answers. This should let most Americans through.