Slashdot Mirror
Spammers Learn to Outsource Their Captcha Needs
lukeknipe writes "Guardian Unlimited reporter Charles Arthur speaks with a spammer, discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas. In his report, Arthur discusses Nicholas Negroponte's gift of hand-powered laptops to developing nations and the wide array of troubles that could arise as the world's exploitable poor go online." From the article: "I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business."
Damn those developing countries, stealing all the decent jobs from the hard working Americans.
are nothing to do with business its just personal. I would be more more then happy to plead guilty if I ever got cought for beating the fuck out of a spammer.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
If I am not mistaken, there have been several stories on this kind of thing on Slashdot...
Ayway, the bottom line is that spammers have been doing this for a long time, and I'm not sure if the $100 laptops will make a difference either way. Will these $100 laptops all have internet access?
This is deeply troubling. What can be done to stop it?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
The question becomes if the spammers filling in captcha's for blog comments will win or lose over the spammers creating fake blogs. Will some spammers (not the sharpest knives in the drawer) end up paying one set of people doing captchas for new blogs and another set to junk their own blogs by choking them with fake comments?
In any case, the economy of spamming changes fundamentally once it's no longer cost free to do.
Trust the Computer. The Computer is your friend.
Cory Doctorow wrote some time ago about an umbeatable way to solve captchas: have a the captcha-circumventing bot connected to a free porn site, inline the images in the gateway pages to the photos and videos, and have the porn-seekers gain access by solving the images. They would have the same infrastructure that they would need if they used developing world click-workers, without the hassle of having to arrange payments.
http://barrapunto.com/ - News for nerds, en español
1. The cost of computing and Internet access have truly dropped to a point to where it is nearly "universal".
2. The Human solution sometimes is the best.
What's going to be interesting is threefold: how do we conquer this problem, and how long until "sweat spam shops" have opened up, and how long until the outsourcers become the main branches? Much like the Cory Doctorow story revolving around sweat shops of MMO players, it might not be long until automated scripts are combined with "sweat shop" style workers, who's only job it so enter in the proper "human" data to fill spam.
On the other hand, as outsourcing has taught us, it is only a matter of time before the outsourcees become the suppliers as they get the training they need. Once the "local guy" starts making up the scripts, it's only a matter of time before he/she goes to open up their own spamming sweat shop. Which is a good thing in a weird way as the article points out - it encourages new business at the expense of annoyance.
The next phase of solutions might have to focus on more detailed question/responses - but there's a danger in this in finding the "sweet spot". You want to make it as expensive as possible for spammers, but not so annoying for your "true customers". Much like my new bank's online service, perhaps, where they made me select my "security image" and more personal questions so I had to enter 2-3 things to truly "log in" the first time.
52 Weeks, 52 Religions with John Hummel
I think people should not just be upset with the spammers, but those who buy from spammers. Spammers just fill a market need. If nobody was buying penis pills, you would never be spammed.
quis custodiet ipsos custodes
This rises some other problem I think. If there is people filling in captchas manually, the only think that could help to stop the madness is to ban the IPs or subnets where the person is working from. This is what I do in my server anyway. From time to time sombody just fills my captcha and spam my guest book. Not a big deal. i just ban the IP and sometimes he's whole subnet. But i see a problem if there are a million persons doing that. A million IP's or subnets banned is now kind of hard work to enter in my ban list :-)
It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
If a spammer wants to pay me a few dollars a day to fill in thousands of words, where do I sign?
I couldn't give a shit if some fat, rich, American nerd who has to reallocate some time playing World of Warcraft gets more stressed over this than the way his government's lobbying of the WTO is retarding prosperity in my country. Let him cry like a little girl who has lost her lipstick thinks it's the end of the world.
"I love my job, but I hate talking to people like you" (Freddie Mercury)
It's pretty depressing when one of the primary worries of bringing the third world on-line is that it will drive the cost of breaking anti-spam measures to zero.
In fact, there is a lot of good, low-end on-line work low-skilled third-world labor can do once they are on-line. That's a good development: it gets work done that otherwise wouldn't get done, and it gets people jobs that beat the back-breaking, dangerous work they'd otherwise have to do (provided they aren't too old, weak or ill to do it in the first place).
Hey, maybe that third world labor can also do the spam classification, manually. I'd be willing to pay for that.
http://it.slashdot.org/article.pl?sid=06/09/06/121 7240
Poor people filling in catchphas is not the problem.
Spam is the problem.
Why does spam exists? -> Because it works
Why does it work? -> Stupid people exist
Why do stupid people still exist? -> Not enough selection pressure.
So the real question is, how can we select against stupid people?
I suggest spamming a new miracle weight loss diet that calls for eating 2kg of sodium chloride per day.
Slashdot had an article about this a couple of months ago.
Bogtha Bogtha Bogtha
The very point of spam is it is almost zero cost to the spammer. When you pay people to answer to captchas the zero cost factor disappears. I don't think cheap computers and internet will make the problem dangerous
Not everyone in the third world is going to get computers
Every computer is not going to get internet connected
Not everyone on the internet is going to be spamming
Also consider the fact how much can a single person spam. If the dude with the new cheap computer answers captchas for even 15 hours a day they would hardly generate over a 1000 spam messages which is likely to get the spammer one or two hits. Do you think the spammer is stupid enough to pay for this much profit?
When someone sets up a fund that pays out to the first person to brutally murder a spammer and hang his head on a lamp post using cat5, it's not personal... it's just business.
Spam will never be stopped as long as the perceived gains > perceived risks. Unless there is a holocaust of stupid people, there will always be people dumb enough to buy from spam, so you're not going to solve this equation by reducing the left side. So raise the right side... Put $10 million into ten Swiss bank accounts. Then get the message out: First ten times a known major spammer is brutally murdered, the first party to provide evidence of their involvement gets the location of a buried bank account key.
I don't usually believe in violence to solve problems, but when you're dealing with people who've demonstrated that there is nothing so depraved they won't do it, and the alternative is governments regulating the 'Net... *shudder*...
Now, speaking seriously (okay, more seriously - hearing that Alan Ralsky got brutally tortured to death on the evening news would KICK ASS), as long as everyone with a brain is absolutely determined to not respond to any spam the problem will never be solved. Why? Because as long as that is true, the S-N ratio at the spammer's inbox will be favorable, because you can never block 100% of spam, and unless you DO, idiots will get it and will click it.
So, e-mail clients should be programmed to automatically respond to EVERY message they get (or at the very least, every message flagged as spam) with an ad-libbed "O rly? tell me more", unless the e-mail came from a known-good mailing list or contact. Result: If even 1% of recipients responded and didn't buy, the signal-to-noise ratio at the bastard's inbox plunges by a factor of a hundred. Everybody responds, and spam-friendly ISPs implode under a digital tsunami of replies. The SOB pumping out 100 million messages can't possibly sort out the 1000 buyers from the 99,999,000 fakes.
And for spammers who use links to their websites: Users submit suspect sites to open database of spammer sites. Sites are voted on; After 100 votes, if the guilty verdict > 90% the site it put in the "to DDOS" list for a client script to retrieve and wget entries from. Certain disreputable hackers, whom the database operators want nothing to do with, unfortunately rent botnets and install this client program on millions of hacked windows boxes. Would that be an immoral action? Yes. Spammers have all the moral restraint of Nazis, and they're winning the spam war - playing nice is no longer an option.
Unfortunately, it won't happen. MS, Google, Yahoo, and Firebird need to incorporate this into all their clients, along with whitelisting utilities, all at once - NGH. Because of the sheep mentality, no one will want to be the first to stand up. In short, like the decay of diamond into graphite, it's *should* happen but has far too high of an energy barrier to actually happen.
Okay, I'm ready - someone ^C^V that stupid checklist.
They tk r jebs!
Infinite time means everything that can happen, will. You being you is absolutely incidental. You do not exist.
I always thought that there are many other ways we can help the poorer nations than giving them technology. With $100 you could almost feed a village for a year, so why waste that sum on a laptop? But now I see the laptop idea could actually work in solving poverty if the people are going to be paid to create havoc..... Obviously though, they're going to need an internet connection which is either going to be very difficult or very expensive in the poorer areas of Africa
Death and taxes are both inevitable, however, death doesn't get worse year after year.
I suggest death penalty to spammers!, I hope it will resolve all the spam problem! My Gmail has filtered 900 spam mails in my new account, and my inbox only contained 800 mails! I get more spam then emails! and that's my not published account! I suggest death to spammers, terrorists and bad people ;P
"As long as there's sex and drugs, I can do without the rock and roll"
I'll be able to help poor people in Africa just by putting a captcha controlled access to blogs and stuff, spammers will pay them.
---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
...and on crack/warez sites too. It's an easy win because it's easier to solve the captcha than finding another link, and it's still free as in beer. Still, I'd say the number of captchas would be far lower than just pumping out spam. Then again, in a crappy case of market economics if you block 95% of the spam the remaining 5% get much more valuable.
I'm currently hiring 3rd world citizens to kick spammers in the crotch.
To the spammers: it's nothing personal. You have to understand: it's just business.
Yaz.
As a moderately successful finance professional, I make almost $33 per day. That is, 6 days per week, 9 hrs per day and no overtime pay. It rhymes, so it must be good.
As physical boundaries dissolve, equity will prevail increasingly. It is already making life harder (read: costlier) back here, with all the money flowing in to workers in call centres, BPOs and software.
Chat with other atheists http://secularchat.org
"discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas"
Who are you kidding? They ARE paying people to fill captchas. I have a business that runs large free e-mails systems, we have like 5 million users. About two years ago we started getting caught in RBLs. What happened? The spammers were getting through our captcha, which appears after the Nth email sent in a day.
Solution? Not one we liked, but we set out outgoing spam filters into paranoid mode, and still had to block whole netblocks from Nigeria and Israel because they were sending a surprising amount of custom-made spam.
It's almost unthinkable that people would have such jobs. I tell you, we are in the third world ourselves (living in a mud hut and drinking foul water, and being glad if we even have any, as we are happy to learn every time there's an OLPC story here on Slashdot), but even for our economy it's unthinkable there would be labor that cheap. I'm impressed with Nigeria. And I'm even more impressed with Israel.
Scenario: You're a spammer and want someone to fill in a captcha for you.
Solution: Offer a porn-page, where you can "unlock" a picture by filling in a captcha for you.
That captcha comes from a captcha-protected site, of course, and your user solves it for you to see his inspiration material.
I'd wager that would be even cheaper than paying $100 laptop users. I mean, people even pay money for porn, you'd probably have more people wanting to fill in captchas for you than your spam machine can handle.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. The spam did not originate from India. It originated from the US. Somebody, probably a US citizen paid Indians to do his dirty work. So it is a crime against your own people. Care to name it?
2. Indian citizens too are suffering from spam. Therefore, it is a crime against another sovereign nation.
3. The vast, vast majority of Indians have no part in, nor lend support to, this scam.
4. How many problems have you solved with bombing?
5. Vietnam
6. Korea
etc.
etc.
n-3. Iraq-I
n-2. Afghanistan
n-1. Iraq-II
n. Hiroshima and Nagasaki?
So whom should you bomb now?
Chat with other atheists http://secularchat.org
Do all those compromised Windows machines in use as spambot networks have anyting to do with the current spam infestation and not some people in developing countries.
davecb5620@gmail.com
I've being wondering for a long time weither spammers actually make enough money to justify the effort. I'm sure some do, but the scams that they send are so obviously frauduent that there must be a lot of spammers that don't make any money at all. So, why do they do it? I think it's the same reason why people vandalise public property, just because they can, and they enjoy fucking things up for other people.
Basically, it's vandalism of the internet. Spamming isn't just e-mail you know, many wikis and forums are regularly spammed so much that they have become unusable.
Software like this http://www.botmaster.net/ claims to decode many popular captchas anyway - do they need humans to do it for them? With tools like this even an idiot can spam sites protected with captchas, though they'd have to pay through the nose to do it (400 USD!!!). I'd love to see sites like this which profit from stupidity shut down, but as an individual it's hard to see how to do it.
The spam messages are messages that are sent to a gmail account that is close enough to the one you are using. Because these accounts do not exist, they end up in your spam folder.
Come on!, Remember the usual "Don't teach the poor to read, that would make them a threat"? This all sounds as "don't give the poor any access to the internet, they could become a threat" . And for god's sake it is not like captchas are any difficult for just a program to beat.
I administrate a site with a vBulletin forum, and every once in a while a bot posts messages. Registration requires passing a captcha, in fact, I decided to just remove the captcha, it was seriously not helping stop the spam and was just making the registration harder FOR HUMANS.
BTW: I noticed that Russian bots are more likely to beat captchas.
Copyright infringement is "piracy" in the same way DRM is "consumer rape"
Maybe I'm totally stupid, but what if in your submit forms you add an invisible field named like "username" an make it hidden in a paragraph with css?
probably the spambots will fill it, then you check data from incoming form, if it's filled, it's spam.
kain
icoretech.org
I think you get where I'm going here.
Actually, I doubt you would actually beat one. Not meant as an insult, but I believe that you don't have what it takes. If you had, you'd already be either in jail, or a CEO, or chief of marketting or various other positions suited to people able to think "it's just business" when harming others. Or in his place making a good living sending spam and 419 mails.
See most people are quite able to speak/cheer about and for beating others up, killing others, war, etc, as long as it's just talking. They might even actually do it, if a fit of rage disables their sanity for long enough. But fits of rage aren't something you can plan and execute whenever you wish. And otherwise when you actually have to do it, there's this interlock against harming other humans. It's partially "what if it was me in his shoes" education (even if you logically know it would never be in his place spamming) and partially that interlock most animals have against harming their own more than strictly necessary. (Even when cats or dogs fight their own there is always a mechanism to signal "I give up" and the other _will_ cease.)
It's a strange world, really. The same people who could be shaking a fist and screaming for war against X at the top of their lungs, would actually have trouble looking one of X in the eyes and squeezing the trigger. A lot of PTSD cases in war aren't just people getting shocked by being shot at, but shocked by having shot other humans.
There is one cathegory that can cheerfully think "it's only business": the sociopaths. They live in a strange world in which the others are NPCs: the others don't matter, they're not the same, "it could be me in his shoes" doesn't apply, etc. They can lie, cheat, murder, torture, whatever, and be perfectly able to look themselves in the mirror after it. Because the other guy didn't matter.
And, sad to say, if you weren't born one, I doubt you could actually beat this guy up in cold blood. If anyone gave you a baseball bat and this guy tied to a chair, you just couldn't actually do it.
And it's probably better that way. I'm thinking we as a society would do better to just start recognizing sociopaths for what they are, and the damage they can do. This guy, for example, is a sociopath, plain and simple. He's not just "being smart", he's not "just doing business", he's not "just doing what's needed", or the other things these guys like to pose as. He's just someone who doesn't even see you as a human being, much less his equal.
A polar bear is a cartesian bear after a coordinate transform.
So basically with all that IP checking and all, you've just said (in so many words) that the spammer must use a proxy.
Basically if machine A is the server, machine B is doing the spamming, and the paid peon cracking captchas for a living is on machine C, then it can jolly well go on like this:
- the peon's machine C connects to one of the many machines B doing the spamming (it can also be the other way around: machine B could initiate a connection and wait for the human to be ready. Works great if machine B is behind a firewall too, since outgoing connections typically get through just fine.)
- machine B connects to the server A, gets the image, the cookie and everything
- machine B relays this to machine C
- the peon does the captcha on his machine C, in the chinese sweatshop where he works
- machine C relays this answer back to machine B
- machine B now gives it to your server, together with the cookie and all. It comes with the right cookie, from the right IP, etc. So _how_ is your server going to know about all the proxying behind it?
- machine B now proceeds to spam with impunity, since most servers don't ask for a captcha for each and every single message sent
It's not even a new idea. Exactly this kind of relaying, in various forms (including this, and using unknowing visitors to a porn site to crack proxied captchas thinking they're logging in to the porn site, etc) has been discussed ever since the first lemming thought that captchas are _the_ ultimate, unbreakable solution.
Except every time it prompted a barrage of weird "well, it hasn't happened yet, so it's not possible" and similar, and the lemmings went back to pretending that proxying doesn't exist, and machine recognition is obviously the only way to crack a captcha. In fact, back to solving the wrong problem.
Well now it's happening exactly as predicted. In a way I feel vindicated, even though it's sad that something harmful has to happen for people to finally pry their heads out of their asses and acknowledge reality.
A polar bear is a cartesian bear after a coordinate transform.
A bit of a long shot of course, but when captchas start asking difficult questions it forces the solvers to educate themselves one way or the other. At the same time they might find out how bad the work they do is and what other opportunities in IT there are for making money. Some of those people might/will eventually put some rules and infrastructure in place against the people that don't learn that captcha breaking and spamming is bad.
If the spammer in the article needs Humans to decode the captchas then he seriously needs to upgrade his software http://www.botmaster.net/pictocod/
I would auction off the rights to beat the fsck out of the spamhole with a baseball bat on Ebay. I could make a lot of money that way. After all, it's not personal, it's business.
Looks like it is time to implement KittenAuth.
KittenAuth presents a series of pictures, and you have to select the ones that are kittens, in order to prove you are a human.
----------------
http://www.chrismay.org
What do you want, a captcha that asks the reader to solve a differential equation?
Not going to fly.
I would also suppose that there is no need to accomodate existing infrastructure in 2 ways:
1) No competion for space, e.g. when running cable in a location where old cable exists you need to be very careful where you dig. Also, if going wireless there probably isn't much competition for desirable locations from cell phn, radio, or other wifi operators for space.
2) Interoperability with older technologies isn't as much of an issue. Since there aren't any. So working out the kinks to get older and newer technology to play nice with each other does not need to be done.
You would in fact be working from a clean slate in non-developed areas.
I've noticed the same effect when comparing old line Fortune 500 type companies with new startups. The new start up can roll out the latest technologies without concern as there is no need to accommodate older tech. The existing infrastructure in a large company must be accommodated by newer technology as the investment and reliance of business processes on the existing infrastructure makes throwing that infrastructure away suicide. So the start up can adopt newer tech faster.
Though after a couple of years, the start up matures and at that point thier infrastructure gets frozen in place as well, and they find themselves in the same situation as an older company.
putting the 'B' in LGBTQ+
The first I heard about this was by a Google tech talk with Luis von Ahn. That was in July; the video is very interesting. The talk is mainly about tagging images as a game.
Support costs money. 877 numbers cost money.
Email is easier to type, but it doesn't always get a response from the recipient.
The poster wasn't trying to justify actions. He was merely explaining how it simply is with those who act in such a way. And of those who cannot. That's all. And it's true.
Again, no justification of being a sociopath was being made.
After reading your post I just realized that every time I fill out a captcha for a slashdot or craigslist post, it could mean a spam in someone's inbox. Thank you for making me paranoid, mr Opportunist.
Real humans will solve this so that they can kill kittens.
Should both discourage use of CAPTCHAs and put money in the hands of the poor. Sounds like a win-win situation to me.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
The solution is simple: ask simple questions about the US that the typical outsider would know. This would filter out spammer AND incredibly stupid US people at the same time. Of course, this only works for US sites and US citizens but I live here so that's all I care about lol. *runs off to ban more "foreign devils" from his server* ;)
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
*sinister Mr. Burns fingertenting*
Excellent.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
A big goateed Texas punk, in Plano, who ran and hid behind a Waffle House after I tracked him down all the way from California. I was obsessed enough to take 3 months to find him.
He was too embarrassed to call the cops and have everyone find out he got the h to the e to the double hockey sticks kicked out of him by a California blue stater.
He went and spammed again but this time some Russian teen rape spam came through his conduit. You can imagine what happened next, sadly I wasn't there to see it.
--- Grow a pair, liberals... stop letting the Republicans bully you!
The sociopathic view of depersonalized action, unfortunately, doesn't always hold water. First, consider a few responses that you might pull out of a freshman's psycholgy/sociology textbook.
1971 Stanford prison experiment ( http://www.prisonexp.org/ )
Milgram "shock" experiment ( http://en.wikipedia.org/wiki/Milgram_experiment )
Third Wave experiment ( http://www.vaniercollege.qc.ca/Auxiliary/Psycholog y/Frank/Thirdwave.html , http://en.wikipedia.org/wiki/The_Third_Wave )
Blue Eyes/Brown Eyes experiment ( http://www.janeelliott.com/, http://www.pbs.org/wgbh/pages/frontline/shows/divi ded/ )
Kitty Genovese case ( http://en.wikipedia.org/wiki/Kitty_Genovese)
Bystander effect ( http://faculty.babson.edu/krollag/org_site/soc_psy ch/latane_bystand.html )
These experiments strongly suggest that average people have the capacity to be phenomenally callous, vicious, and even violent when they are exposed to minimally appropriate (inappropriate?) circumstances.
Now, let's put the "spammer" case into focus, since I'm playing the devil's advocate anyway. Let's say that you and a squad of 5-6 techies and other vigilantes get together and start doing the internet research, paper-mining, and footwork necessary to track a couple of these lumps of simian excrement down. After somewhere between 3 and 8 months of free time spent looking for Mr. Hub, you finally sift past a couple layers of zombie networks and brain-dead script weenies to find someone in charge of a spam network, and -- let's play pretend -- the jerk is actually living in a semi-civilized nation. You and a couple beefy associates hop a plane, arrange room and board, then drop by the slum-side cyber sweat-shop and server farm the jerk is living out of. You corner him and haul him in. Again, let's be idealistic and say the police/feds/whatever accept your citizen's arrest prima facie and hold him while they check out the case against him (using your research, no less). A month goes by; you're an expert witness for the case, so you're stuck waiting around for a summons to go to court (which you're happy to comply with). The docket rolls around, and you hop a plane again, carrying a freshly-ironed suit. You show up, and lo and behold, Mr. Hub's pond-scum attorney found a way for him to duck punishment without giving you so much as a chance to say "your Honor." Out the door his smirking face goes. Now, you know that Mr. Hub's going to vanish within a day into some mole warren and pop up a week later in No-juristan doing the same garbage all over again. Now, you have a few options:
A) Curse the wretchedly backward system that let Hub go. Optionally, lobby for legal reform (if you have local citizenship/contacts). Hope to latch onto a bureaucrat/politician savvy enough to recognize the difference between a modem and a mouse and fresh enough to call for change.
B) Try to catch Mr. Hub in the act again, praying you can snag him in a jurisdiction that gives a crap. Good luck catching him red-handed in such a place.
C) Try to find a new Mr. Hub and nail this one for dealing dope/missing taxes/breaking click-through EULAs.
D) Wire Chet and Steiger credit for plane tickets, corner Mr. Hub the instant he jumps jurisdiction, and put his fingers through a meat grinder/throw his (be creative) into a pig sty/"beat him up with a baseball bat" with the understanding that if he comes within three degrees of contact of an SMTP server you'll be back faster than a Google search f
First, this is an old, old,old problem, see G Hardin, the tragedy of the commons
/. wont be abused.
second, why on earth does anyont think that an open free public blog/post spot, like
In the old days, they solved this problem in a very, very, very simple way - $ for subscriptions.
perhpas we are seeing the natural evolution of the web back to the paid/publish model that sustained newspapers for nearly 200 years or so
(I'm sure the old timers remember when the web would revolutionize everything, and it has turned, mainly, into a marketing tool for large corporations [wiki has substantial corp funding, once removed, as did open office])
after all, if you ain't willin go pay for it, how much can it be worth ?
Spam filters on my email seem to work pretty good, a few get buy but no big deal. Now with all these scamps going around who will be the most vulnerable? The poor folks who never had a computer before now gets one with a hand crank and suddenly they are booking a trip to Nigeria to meet the disposed prince who's gong to set them up with a fortune that awaits in Switzerland... Or they get a job processing international checks. Then they get EBAY accounts and they click on the first email from another ebayer that claims they never recieved their merchandise or they click on a phish telling them to update their account. So we might start seeing the worlds impoversed masses start screwwing each other, that would be a hoot
Paul E. Bahre
Spammers have been able to do this for some time. After reading this article, I wrote one that does a basic job in about an hour. (demonstrated at http://www.brandonchecketts.com/capdef/). If I can do it in about an hour, then I think it's safe to assume that spammers have had the capability for quite a while now. Since most sites that use CAPTCHAS seem to be quite satisfied with them, I think that it's safe to say that spammer's aren't using methods like this. The major appeal of spam is that it costs virtually nothing. Introducing a cost by having to pay somebody to solve CAPTCHAs seems to be deterrent enough to stop it pretty well.