Fill Out CAPTCHAs, Digitize Books At The Same Time

alphadogg wrote with a link to a Networld article about a noble endeavor: putting CAPTCHAs to work for the good of humanity. A scientist at Carnegie Mellon is looking to create a new type of security check that will assist in a project meant to digitize and make searchable text from books and printed materials. Above and beyond that, the offering would probably be more secure than most current systems. "Instead of requiring visitors to retype random numbers and letters, they would retype text that otherwise is difficult for the optical character recognition systems to decipher when being used to digitize books and other printed materials. The translated text would then go toward the digitization of the printed material on behalf of the Internet Archive project."

Verification?

[traindirector]

CAPTCHAs work because the computers sending them already know what the text says; they start with it in text form and change it into a hard-to-read image. In the system discussed in the article, how will the computer verify that the user response actually matches the text? Sure, it could compare the response to its best guess, but if a program trying to guess the text was equally as sophisicated as the guessing computer, the guess would match.

I imagine the computer sending the picture of the image of hard-to-read text will further obfuscate the image in a way that makes it even more difficult for the computer on the receiving end to decipher, but the article doesn't acknowledge that this is one of the first logical questions in conceiving of / implementing this system in a functional way. The article really should cover this...

Re:Verification?

[greatgregg]

From recaptcha.net: "But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."

Re:Verification?

[mikee805]

I read the article trying to find an answer that. This system works for what they want. Get disrupted OCR done by humans, but does not seem to preform the job of a CAPTCHA.

Re:Verification?

[26199]

That was my thought. I suppose you could let the first five people through automatically, then use their answers to check everyone else; but what's the point of a CAPTCHA that lets a certain minimum portion through?

Turning people away when they actually got it right is worse, though; that way you potentially lose customers in trying to fight spam.

Seems like an interesting idea, but I don't see how it can work...

Re:Verification?

[anarchy_man3]

Yea that doesn't quite seem to make sense. I can only see this leading to poor transcriptions with no security benefit.

Re:Verification?

[Solder+Fumes]

What you said. Also, register-bots will destroy this because their OCR will come up with something close to what the serving computer already knows. And it'll put in incorrect results, which will pass security AND be added to the digital book, and now your precious digital book has more OCR typos than it would have in the first place.

Re:Verification?

[redwoodtree]

The article states:

"I think it's a brilliant idea -- using the Internet to correct OCR mistakes,"

Suggesting that the words have been OCR'd, and that the user is correct the mistakes. This goes on to suggest that there is a margin of error that takes into account OCR mistakes but will allow the corrected text.

With a little imagination, it's easy to think of many permutations to this, along with the idea of just asking for a new captcha if the first one doesn't work.

The article also states there's a speakable text version of itself for the hearing impaired.

Re:Verification?

[26199]

And poster above has explained nicely how it works. Thanks. They could have put that in the article... (or summary!)

Re:Verification?

[penguinbroker]

from the website :: http://recaptcha.net/learnmore.html

"But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."

Re:Verification?

[alstor]

I had the exact same thoughts when I skimmed the article...

Re:Verification?

[joek1010]

"But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct."

http://recaptcha.net/learnmore.html

Re:Verification?

[nwbvt]

Considering all the other people who asked that question, they really needed to make that clear in their press releases.

So if you want to screw with it, all you have to do is intentionally get exactly one word wrong each time. Yeah, it will often take two tries to get it right, but its not like CAPTCHAs usually work fine on one try anyways... And hey, if you just try for only one word (and leave the other blank), you will end up on average typing the same amount.

The article makes comparisons to SETI@Home, but thats a bit different since that is relying on the computer to do the work, not the actual users. That means its fairly consistent and you really are not impacting users all that much (with the exception of pegging their CPU when they are away from the computer).

Re:Verification?

[bugnuts]

The problem is that any unsophisticated captcha interpreter can spit out the text that's known, and make a (bad) guess at what is hard to read. Then, if there is any significant amount of spammers, we end up with exactly the same issue - computers having trouble with OCR.

e.g., /. puts in a captcha to translate the following two sections:
12345
l1il1

The captcha software knows the "12345"
but it doesn't know the "l1ill1". A human could figure out both.

But spammer captcha deciphering can figure out 12345, and is allowed to incorrectly guess 11ii1 for the 2nd part. End result is

• a spammer is posting something as indecipherable as this message except insults your penis size
• some OCRed book is now committed to a false interpretation
• I have to change the password on my luggage.

Re:Verification?

[codename.matrix]

http://recaptcha.net/security.html the words are additionally distorted and they add lines and warps so that a computer cannot read it.

Re:Verification?

[Bjarke+Roune]

This is not a problem if the known word is a hard image that has been solved by humans in previous captchas. This scheme works as long as the system has a small pool of known images to start the process off.

Re:Verification?

[Falkkin]

"So if you want to screw with it, all you have to do is intentionally get exactly one word wrong each time."

Well... sort of. Multiple agreements are required before the system will accept that it knows the spelling of a previously unknown word. So you're not going to singlehandedly subvert the system; at the very least you need a cabal of friends. But with millions of words available in the system, the chance that you and a bunch of friends will all get the same word and write in the same bogus data is pretty close to zero. I'm not saying it this system is impossible to game, but I think it'd be heck of a lot easier (and more rewarding, if it's the sort of thing that floats your boat) to vandalize Wikipedia instead.

Re:Verification?

[Mr.+Underbridge]

This is one of the most creative ideas I've heard all year. Human-based distributed computing with captchas? Awesome!

Re:Verification?

[autophile]

Yeah, but it's not like you're only allowed to present a given unknown word once. Present it many times, and use the word with the most hits.

--Rob

Re:Verification?

[jambarama]

That sounds fine, but I'd still be worried about the accuracy of the read. As long as we're going to have users read and answer two captchas, why don't do this: present the unknown captcha to two people, if they agree on the answer accept it, if not show the same captcha to a third person. Accuracy is probably more important than speed for books that still haven't been digitized.

Re:Verification?

[InakaBoyJoe]

Exactly, it doesn't make sense to automatically "trust" a user's entire response based on one correct word.

Why not show the same image to multiple users, and assume the response is correct only if two or more of them concur? This has the effect of doubling (or tripling) the effort required to solve, but gives you at least some verifiability. Sort of like using google as a spell-checker.

Of course, you'd still have to fall-back on the "one correct word" idea for verification when the user makes the entry, but in terms of adding text to the database, some statistical verification would be a good thing...

Re:Verification?

[DeathElk]

RTFA's TFA

Re:Verification?

There's always someone that doesn't get it and they have to question the article with faulty logic.

1. The spammer doesn't know which is the known word and which is the unknown word.
2. You have a huge sample size for each word.

Re:Verification?

[nwbvt]

It doesn't need to be planned. For instance if the given text is very close to something dirty, a lot of people will get the same idea and will put in the same text. And if you doubt the power pranksters like this can have, look back at the Google bombing episodes.

The Wikipedia is a bit different as you have to make an effort here. People are not required to write Wikipedia articles to sign up for an email account or post on a message board. If they were, the resulting information would be even less consistent than it currently is.

Re:Verification?

[poopdeville]

Because nobody wants to wait around for another person to verify the CAPTCHA before posting on /. That is, you need two CAPTCHA images because you still want them to work as a CAPTCHA.

Re:Verification?

[Endo13]

Um... did you even read all of the post you're replying to?

The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct. That sounds like a pretty good system to me.

You do realize that "a number of other people" here could refer to even several dozen or several hundred?

So clearly it's not going to be just one person that determines the answer for unknown captchas.

Re:Verification?

[Bluedove]

it's even easier than that. the same captcha gets presented randomly to two people (quasi-)simultaneously. Unless both parties type the same word, neither is verified. This gives an added incentive to people to type what it really says. Of course, it leaves open some room for the sub-class of assholes who will gleefully spend hours typing the wrong answer to captchas, just to fsck with the other guy. That's why you always have to give a failed verification a couple of chances. Hey, sometimes i mistype my password a few times, too. It's no big deal.

Re:Verification?

My submissions to this system have already included the words:
Cunnilingus, Prostate, queer, twat, Cock and Cunt.

Re:Verification?

[delinear]

As the other poster stated, the image is distorted so that standard OCR technology won't be able to make a very good guess with any certainty. Additionally I think a double-blind is used, where two words are displayed, one the system knows in advanced and one it doesn't. The OCR would have to get the first one exactly correct in order to distort the results of the second one (since if the first verification check is failed the suggested word is discarded completely and ha no skewing effects on results). If OCR was already capable of that, captchas would already be pretty useless, so it seems like a fairly secure method.

Re:Verification?

If they solve the one for which the answer is known, the system assumes their answer is correct for the new one.

That's a REALLY bad assumption. I get capchas wrong all the time. Sometimes I swear a computer would have an easier task than me on some of these damned capchas, particularly when you have a capcha that is one letter off from a completely different word.

Computers don't get drunk, stoned, or tired. I do. And I haven't had enough coffee yet.

Is that capcha "matter" or "natter"? With no context it's nearly impossible to tell. I'll just have to takle a guess...

-mcgrew

Re:Verification?

[spikedvodka]

Why not have the CAPTCHA look something like this: (use K for a known character and U for an unknown character)
KUKUKUK (or some other random permutation of K & U in the desired length)

This way, you can
a) check all the K's for validitity, if so, then ACCEPT
b) Break up words so that they aren't as easily recognizeable
c) Still allows you to compare different people's answers for U's, as you aren't using them for validity
d) I would think that this method would reduce the number of "Jackasses" because you never know which characters are K's and which are U's

My thought would be:
If all K's don't Match, die('Sorry, wrong, please try again')
else
store the user entered value for U[n] in a list
When number of entries in list for any given U >= $StatisticallyRelevantSampleSize & Conformity of results >=95%, accept result and move the U to a K, as we now know the correct value
if number of entries in list for any given U > 3*$StatisticallyRelevantSampleSize, & Conformity of results 90%, remove U, and send it to a "Trusted Human" for analysis.

This reduces the work load on the "Trusted Human", but it also assumes that the computer can find character boundries

Re:Verification?

[poot_rootbeer]

it's not like you're only allowed to present a given unknown word once. Present it many times, and use the word with the most hits.

True. But captchas generally require prompt feedback; you want to know right away whether or not the user has passed the Turing test, not leave it unknown for a couple hours until a sufficient number of other users have submitted their answers to establish a consensus.

Re:Verification?

[GuldKalle]

That's why you use the first word (also a digitized word, but one that has been verified by the technique) for the turning test, and the second word to extend the turning test vocabulary.

Re:Verification?

Using your notation, consider the two CAPTCHAs:

KKKKKKKK, and UUUUUUUU.

The idea as presented in the article is to have the user fill out both of them, and use only the known one as verification for CAPTCHA-correctness. Remember, the user won't know which is which. Assuming the known CAPTCHA is passed, the user's data for the unknown CAPTCHA is stored for later statistical analysis.

Your idea is a variation on this. But it won't work as well because of kerning and ligatures.

Um

What's the point here? If the can obfuscate the word, they know the word. What am I missing?

CL4 VS CL5

Hello,

Last week I bought 4GB of Kingston HyperX DDR2-800 memory running at CL4. I'm pretty happy with it, except for one thing: I want 8GB.

So I started looking around at the same store (in order to do an exchange) for a replacement and I discovered that the 4GB kits are all CL5.

Does anyone know what sort of hit I should expect from moving to CL4 to CL5?

Thank you in advance!

(please refrain from commenting on 4GB vs 8GB, that would be off-topic)

Better links

[Falkkin]

The article is lacking some information. Here are some better links:

Official reCAPTCHA site
Hide your email address with reCAPTCHA (super easy!)
A more detailed blog post about how the system works

Disclaimer: I work with Luis von Ahn, who's the professor running the reCAPTCHA project.

Re:Better links

[inKubus]

Also, Amazon has a pretty cool program where you can perform HITs (Human Intelligence Tasks) for a few cents each. They have a lot of stuff like transcribing podcasts, identifying stuff in satellite images, etc.

Re:Better links

[JonathanR]

identifying stuff in satellite images, etc. I hope George Tenet is not the director of that business unit...

Re:Better links

[Arancaytar]

HITs (Human Intelligence Tasks) for a few cents each

Brings to mind a dystopian (and fictional) future where robots lord it over us but still need us to process large amounts of data for them. Like the Matrix, but without violating the laws of Thermodynamics. That'd make a cool SF novel, I think...

How does this help?

[werdnapk]

The typed in text has to be verified against some known text, so wouldn't the source material already have to be known in order to verify that the captcha is correct. If the source text is already known then this process doesn't seem to accomplish anything. Perhaps I'm missing the point.

Re:How does this help?

Er, how about reading the actual idea? Or at least a few comments explaining it?

The concept is as follows: the software has a list of known words(graphical data and transcriptions) and a list of unknown words(graphical data). As a CAPTCHA, it presents one known and one unknown word. If the user transcribes the known word correctly, they pass the test, and data is contributed for the unknown word, which will eventually by this process make its way into the "known words" list.

OK, how to defeat -

[wsanders]

- Just replace every word with "BUSH IS AN IDIOT - OBAMA IN 08!".

Now, EVERYONE has to do this for this hack to work ....

Re:OK, how to defeat -

if you wanted everyone to do it, you shouldn't have used something political. at least you went with a likely majority...

Re:OK, how to defeat -

[wsanders]

OK, for the humor impaired:

BUSH IS AN IDIOT

then you can leave off the Obama part.

Oh, come on, somebody mod this funny - it's even on-topic. Puhleeez?

Re:OK, how to defeat -

If you can tell me what Obama's platform and beliefs really are, then OK, fine. But I'm not even sure Obama supports know anything other than that he seems to be a smart guy.

Bush may or may not be our best selection ever (definitely not the best, but he's in office and we need to support him not make his job harder so you can spout more reasons why he sucks), but it sounds like you'd vote for the donkey.

Re:OK, how to defeat -

Bush may or may not be our best selection ever (definitely not the best, but he's in office and we need to support him not make his job harder so you can spout more reasons why he sucks), but it sounds like you'd vote for the donkey.

We do? I don't remember many Republicans supporting Clinton during the Lewinski affair. Nor do I remember many people supporting Nixon during Watergate -- and rightfully so. Bush has done worse to the country than either of them.

Official reCAPTCHA site

[traindirector]

I originally missed the link to the official site - D'oh. The article also doesn't mention that the system is already in use! http://recaptcha.net/

Re:Official reCAPTCHA site

[caffeinemessiah]

There's an interesting solution to this problem -- the "scientist at Carnegie Mellon" is Luis von Ahn who was recently awarded a MacArthur genius award. In optical recognition tasks like this where the "true" answer is not known, how do you verify that a human agent correctly did the recognition? Just see if a bunch of other users type the same thing. It's a clever twist on consensus voting, and was recently snatched up by Google as "Google image labeler" here.

Re:Official reCAPTCHA site

[MindStalker]

Problem is, for the first few people seeing a new Capatcha the computer will have to let you through even if you guess wrong, so the lock feature of the Capatcha doesn't work.

As others mentioned this system gives you a known then an unknown, though I think its stupid that it further makes it difficult by putting a slash through it and making it wavey. Helloo, if you system had a hard time recognizing it why do you want to make it harder to recognize. I saw several in the examples in which the word was nonenglish and I had a hard time guessing the correct spelling because I couldn't make out a letter. There needs to be a I don't know button as well :)

Re:Official reCAPTCHA site

[Pollardito]

There's an interesting solution to this problem -- the "scientist at Carnegie Mellon" is Luis von Ahn who was recently awarded a MacArthur genius award. In optical recognition tasks like this where the "true" answer is not known, how do you verify that a human agent correctly did the recognition? Just see if a bunch of other users type the same thing. It's a clever twist on consensus voting, and was recently snatched up by Google as "Google image labeler" here. it was also previously available as The ESP Game, from...(wait for it)...Carnegie Mellon

Re:Official reCAPTCHA site

[maaskaas]

There is a Google Techtalk with "this scientist" available here: http://video.google.com/videoplay?docid=-824646398 0976635143. This way of using simple techniques are so innovative, because it can perform really complex tasks that no one thought about before. Some of his other projects include online "games" (Peek a boom) which collects relevant data from the users playing it so that a computer can determine what kind of object is in a digital picture, and where it is located. It is really a big step for innovative and smart computing...

Re:Official reCAPTCHA site

[name*censored*]

No, because the "lock" feature of the captcha isn't the word that is being digitised, it is an unmodified run-of-the-mill captcha (GPP). This merely adds a little bit of work for the user (and I'm assuming once the mystery word has been verified by consensus, they'd begin to exclusively use the mystery word). They may even just take the mystery word in the original text (the one being digitised) and couple it with the one before/after that *WAS* translatable, but was then captcha-tised for regular captcha use. This would help the user by providing some for the word (that might appear to be one of many solutions - as you said, they're sometimes indecipherable).

Re:Official reCAPTCHA site

[neongrau]

ok, so they "ripped off" the concept of /. meta moderation ;)

sue them!

j/k

Re:Official reCAPTCHA site

[evilviper]

how do you verify that a human agent correctly did the recognition? Just see if a bunch of other users type the same thing.

I'm not going to type in a captcha and just wait around on the page for an hour until X other people try to answer it... This system of yours gives priority to the answers of the first few people that see it, which may well be the OCR system of some spammers.

Even more, once you've got the first few answers, then it's just a typical captcha, as you already have had it entered, and know what it says.

And if you want some hybrid approach... Where the first word is known, and the second one isn't, you're making twice as much work for the people, with a captcha that is only half as dependable at catching spammers. In addition, I miss-type things like captchas all the time... If my typo is in the unknown word, this whole system is hosed.

If you want people to transcribe a book... just ask them to volunteer a few minutes their time. There's no shortage. If, however, you want to do a captcha, do it the normal, reliable, old fashioned way.

Re:Official reCAPTCHA site

the "scientist at Carnegie Mellon" is Luis von Ahn who was recently awarded a MacArthur genius award

Cool! I Feel I received that award too. Upon reading the /. headline I asked myself "uh oh!? how do they know if/when the answer is correct then?". Then I thought about it for about 5 seconds and realized: "easy, simply ask to several people" (solving the "first answer" problem being left as an exercise to the reader).

So I guess I qualify for that genius award.

Five seconds.

Re:Official reCAPTCHA site

[GeneJoker]

So I take a try and google image label, and the SECOND GODDAMN PICTURE was furry porn.
I hate you internet.
(I'm sorry I didn't mean it we'll never fight again)

Re:Official reCAPTCHA site

[rholliday]

There needs to be a I don't know button as well :)

There is. If you take another look you'll note there's a button to reload it and get a new one, as well as one to get an audio challenge.

Exactly what I was wondering

[raygundan]

They need a way to verify if the answer is correct... if they know the answer, they don't need help digitizing the hard-to-read text. If they don't know the answer, it won't work as a CAPTCHA.

Am I missing something fundamental here?

Re:Exactly what I was wondering

[Falkkin]

The system serves two words to the user. The system knows the correct answer to one of these words -- this is the one used to test whether the user is a human or a bot. If the user got the test word right, then there's a good chance they also got the unknown word right. If a bunch of humans all agree on the same transcription of a given unknown word, the system will eventually "know" the correct spelling of the unknown word and can then serve it as a "known" word in the future.

Re:Exactly what I was wondering

[hpavc]

Likely has a good idea on 'unknown' word as well, the example "This aged portion of society were distinguished from" the OCR didn't cut it but it did did kick start a guess. At least on "This -> niis" it can see its not 'ZOMG' or 'Fark' easy enough.

Also it wouldn't take much to add some grammar to pad the guessing. While we wee two words the system sees them in at least two contexts.

Obviously it has the actual dictionary to help it basically spell check the words we submit to it. If the words we give it are completely garbage, its unlikely to go for it. Which is where knowing that "niis" needs a correction.

Re:Exactly what I was wondering

[camperdave]

It isn't being used as a captcha. It is being disguised as a captcha in order to get a person to translate:

Computer: [unreadable scribble]
User: Bartholomew
Computer: Please try again.
[Captcha image]
User:Red49
Computer: Access Granted!
Computer to OCR Central: [unreadable scribble]="Bartholomew"

They should put a million monkeys on this

They should put a million monkeys on this

A captcha doesn't have to function as a password

[aeschenkarnos]

It can instead be a "little job" that must be done before you get to the pr0n.

However the Iron Internet Law of "lolz > human decency" applies ... and we can look forward to books being translated as "chucknorrischucknorrischucknorrischurknorris..."

idea

[brunascle]

someone set up a database of what the words really say along with what we should type instead, and make it public. it'll be fun! like mad libs!

Re:idea

[Kaetemi]

Apparently it seems to be having some trouble with seeing the difference between "which" and "witch" ^^

the obvious question

Nicked from the appropriate webiste, should answer my (and likely a lot of other people's first question)

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

More than just digitizing text

[penguinbroker]

This would also be a great approach to a lot of NLP/Translation annotation tasks. Although these types of tasks generally require a robustness (knowing which answers to trust and which to ignore) that anonymity makes difficult.

http://yro.slashdot.org/article.pl?sid=07/04/03/22 11258

I believe amazon.com has filed a patent for a solution to this problem which attributes every annotation input to a unique user id. They then claim to use the average accuracy over the history of that user for whittling away the, 2 out of 10 i think the patent says, worst answers.

i'm sure some form of quality control/check will be needed and i wonder if such a solution would infringe on this patent?

Re:More than just digitizing text

[Chysn]

> This would also be a great approach to a lot of NLP/Translation annotation tasks.

This would also be a great approach to solving captchas on other sites. Wanna buy tickets with a bot but have a captcha in your way? Set up a third-party captcha server to have humans solve your captchas for you!

I got my digitized copy of the US Constitution

[Lord_Slepnir]

We, the people of EARTH LIBERATION FRONT UBER ALLES, in order to form a more perfect How cud tehy vote 4 Jordin!!!11, establish justice, Haha, spamming you....

Re:I got my digitized copy of the US Constitution

[multipartmixed]

Constitution, consititution...

Oh! You mean the "E. Plebnista?"

Re:I got my digitized copy of the US Constitution

[arodland]

I bow to you, sir.

Booger

[Tablizer]

What if the OCR cannot read a word because there was a booger on it during the scan? A human won't be able to determine it either because it will be mostly a blotch. How are they gonna know the difference between human-decipherable words and lost-cause words (such as booger blotches)?

Re:Booger

[penguinbroker]

they could offer a button that states : "this is not text" and then the user would be given a whole new captcha

Re:Booger

[Tablizer]

they could offer a button that states : "this is not text" and then the user would be given a whole new captcha

But then a bot may exploit it by passing on until it finds one it can process.

Re:Booger

[penguinbroker]

a lot of login boxes have a system of recording successive requests from an ip address to stop brute force login hacks. a similar method could be used here.

How it could work

[AaronW]

I can see how this would work, but in order to also provide security, extra letters or words would also need to be in the captcha. I.e. if there's an un-OCRable word "between", the captcha could contain "frog between" or something like that, and the first word could be a previous un-OCRable word that has been validated by enough people.

Another method might be to separate out the un-OCRable letters from words and sprinkle them with known letters, though this might be less effective since people can often recognize words far better than individual letters. If one or two letters in a word cannot be interpreted, a person can often still read the entire word.

A spam tactic?

[yogikoudou]

Spammers are already using CAPTCHA techniques to automate account creations on protected websites:

1. Have a person subscribe to a porn website by typing in a CAPTCHA image that comes from a legitimate website.
2. The user provides the correct word while subscribing
3. Not even a "???" step
4. Profit! The protected website is spammed.

I'm wondering whether this system will be used for legitimate OCR purposes or for more spam...

Re:A spam tactic?

[Falkkin]

CAPTCHAs simply tell whether there's a person sitting at the other end of the machine. No CAPTCHA can tell you whether that person is a malicious user or not. With this approach, at least the spammers are helping to digitize books.

Re:A spam tactic?

[1u3hr]

Spammers are already using CAPTCHA techniques to automate account creations on protected websites

Really? How do you know this? Can you give an example of a porn site that asks for captchas? If not, it's an urban legend.

I've seen this suggested as an attack on captchas, but never heard of any site that put it into practice. Probably it is simpler to pay some third-world computer sweatshop worker to solve hundreds of them per hour for a few dollars a day. But that's equally a conjecture.

Dodgy free porn sites (which is a large percentage) often have nasty exploits to infect your computer -- never browse porn with IE.

Look up the human computation google talk

[Rix]

They probably just accept the first x entries until they have a base for comparison. The entries will converge on correctness.

Re:Look up the human computation google talk

[doyoulikeworms]

http://video.google.com/videoplay?docid=-824646398 0976635143 Pretty interesting. I especially love the porn aspect...

A better scheme

[Yossarian45793]

A better scheme would be to give out the same capcha to 2 or more users. If they agree on the answer, then there's a better chance that the text is correct.

Re:A better scheme

[tepples]

A better scheme would be to give out the same capcha to 2 or more users. If they agree on the answer, then there's a better chance that the text is correct. The Article states that the system already does this.

So... If you thought that CAPTCHAs were hard...

[vitalyb]

...Wait till you see these new CAPTCHAS.

Mushed text with letters that slide into each other, bad lighting and every other kind of bad scanning you can imagine. Hell, you'd be lucky if you can recognize letters at all.

Question is, if the machine couldn't figure out what the word is, how will it verify your answer? Is it going to be something along "by the popular vote"?

Something is very not right in all this.

A pain for users

[EssenceLumin]

Great, so now I would have to fill out two of those stupid things instead of one. Why would a company want to inflict this on its users?

Re:A pain for users

[Peppersnail]

Poor you! Now, every other week where you'll want to join a new forum (that's a LOT of forums), you'll have to solve two CAPTCHAs instead of one! Waaaaaah!

Re:A pain for users

[EssenceLumin]

Oh whatever. When I do want to join a site they sometimes have captchas that I can't figure out and have to try five of them or however many. It's frustrating. Throw in a second one which was put there because it is illegible and I'll say oh well, forget it. Forums aren't the only places using them either.

Re:A pain for users

[Falkkin]

I think it's faster for me to process and type two English words than to type one word that's just random letters. My brain is trained to read and type English; it's not trained to type nonsense.

Re:A pain for users

[Edie+O'Teditor]

My brain is trained to read and type English; it's not trained to type nonsense.

So what's the point in coming here?

mo3 Up

munches the most aaproximately 90% All major marketing Fact: *BSD is d`ying at my freelance

spoNge

project. Tod4y, as benefits of being

Here's an early test phrase...

[jpellino]

owha tajer kiam

This expains

[Joebert]

Please type the characters you see in the following image to register.

George Bush

Type: Miserable Failure

Thankyou, click here to proceed.

frist 5top!

we need to address more grandios3 visions going Raymond in his To the politically fly They looked recent article put national gay nigger all parties it's triumphs would soon to work I'm doing, 1. Therefore it's progress. Any posts. Therefore A need to play so that their Little-known a5shole about.' One These early Lubrication. You same year, BSD part of GNAA if the 'community' Teeth into when That should be wall: *BSD faces a over a quality of progress. it transforms into milestones, telling little-known product, BSD's words, don't get

Amazon's Mechanical Turk

[scott_karana]

This project isn't the first of its sort: Amazon has the Mechanical Turk project, where users perform various tasks similar to CAPTCHAs for amazon.com credit.

http://www.mturk.com/

Great CAPTCHA solution to solve people not RTFA!

[GNUALMAFUERTE]

Come on people, start using your brains please!, just a little!, half the posters have been asking the same 2 stupid questions, or even worse, posting the same 2 stupid questions with question mark removed, as if they were facts.

We should put a CAPTCHA system on slashdot:

When you want to post, You get to type-in a CAPTCHA. The Image for this is generated in this way:

  - The links to the article/s actually link to a page with a javascript wrapper that loads the article text, but replaces certain words with the graphical representation of that word, in the form of a CAPTCHA.
  - This words form a phrase that the user must type in if he wants to post. There are different combinations of phrases selected from the article, and each poster gets one randomly.

This technology should be called CAPSSAA (for Completely Automated Public Stupidity test to tell Slashdoters and Assholes Apart)

Working as intended

[mythar]

In a hole in the ground there lived a penis. Not a nasty, dirty, wet hole, filled with the ends of worms and an oozy smell, nor yet a dry, bare, sandy hole with nothing in it to sit down on or to eat: it was a hobbit-hole, and that means comfort.

(yeah, i'd trust the internet community to digitize my books. why don't we just cut out the middle-man, and create a wiki-gutenberg project?)

Mod parent up

[xzqx]

Brilliant.

How stupid

[holophrastic]

So, let me get this straight. There are systems out there, in the wild so to speak, that offer security by presenting a task that humans can do easily but machines have trouble doing. And now, this very same system is going to assist machines in solving the very inability upon which the system is based.

That's the dumbest most retarded (traditional sense of teh word) thing that I've ever heard.

What if it can't be typed?

I found one problem when trying this on their site. How should it handle things that can't be typed on a keyboard? For example, one of the CAPTCHAS were

law. (that should be "law." followed by "10" in superscript)

and

ædicule

I don't think either of these would be done correctly. Most people would just type "law.10" for the first, and "aedicule" for the second. Ones that include characters without a similar key, e.g. (that should be the symbol Omega), might wind up not being solved at all.

Missed opportunity

[h4ter]

From the security page of the reCAPTCHA site: "if somebody writes a program that can read our distorted images, we can add more distortions in very little time"

If someone can write a program to solve the distorted images of OCR-unreadable words, don't you just hire that guy to do your OCR and get out of the CAPTCHA business?

Image spam

[JeremyR]

Maybe this technique can be adapted to fight image spam more effectively :-)

Re:Great CAPTCHA solution to solve people not RTFA

Listen up, sizzle chest - and you are an enemy of my account because you are such a fucking asshole: First off, the post to which you are replying was the second post in this story. The fact that there are 50 posts explaining to the first poster where he was wrong does not mean that my post did not appear within seconds after the first post. Second, the article DOES NOT GIVE AN EXPLANATION. You have to click through to a second article. I read the fucking article. It wasn't clear. Do I have to exhaust every link in every article before I can post?

failzOrs?

OS don't fear the we need to aadress there are study.C [rice.edu] Benefits of being OpenBSD wanker Theo project. Today, as is dying and its

CAPTCHA+CAPTCHA

[k3vlar]

I thought the point of CAPTCHAs was to compare what a user types with information stored on the hosting server. If the hosting server doesn't know what the book says, then how can it validate the CAPTCHA?

Still a dumb solution for a CAPTCHA

[Moraelin]

See, for recognizing words, that's ok. You can give it to 200 users spread over 10 days and see what most said. So, yes, I'm not surprised that Google does the same thing, but the catch is: not as a captcha.

It's just about the most idiotic idea I've ever heard for a _CAPTCHA_. Here's why:

1. What about the first person that sees any given word? Do you let them get in regardless of what they type (remember, there is no consensus yet about that word)? Or will I have to wait another 2 weeks to see if my post is allowed on Slashdot?

What about the second or third attempts at a word, for that matter? If the first two guys said it's "goatse" and I say it's "apple", how do you know which of us is the bullshitter? Did you stumble upon two jokers on the first two tries, or am I a bot? Basically for each word there is a sizable window where you still don't know what it means yet. Statistical consensus doesn't exist yet. At that point you're basically stuck accepting anything whatsoever. And since you'll want to use more than one word, that window of opportunity will come again and again. Maybe a quarter of the time you're essentially not yet knowing what it says and whether the user is bullshitting you.

Or in other words, will (A) an attacker just have to try until he stumbles upon a word for which no consensus exists yet? Or (B) you'll inconvenience legitimate users even more than the idiotic captchas already do?

2. It necessarily involves repetition. Otherwise you can't build consensus. So it's actually worse than current captchas. You can still crack them by paying a couple of unskilled workers in Elbonia to just crack capchas for $1 per hour, but this time you can also cache the ones they already cracked. The same image is bound to appear again sooner or later, and then a computer can crack it automatically.

3. Most of the words scanned from books are actually easier to automatically crack by OCR. Yeah, the OCR might fuck-up a letter somewhere, but it's easy to run that through a spellchecker to make an educated guess. Or even just take a random statistical guess. Even guessing at the ratio of consonants to vowels will give you better odds for most languages than the current captchas. So if someone wants to use bots to spam, you've just made his job _easier_.

4. However a good portion are actually harder for an average user. E.g., if it comes from some manuscript in some medieval gothic script, and some worn/discoloured/whatever manuscript at that, I might get a headache trying to decypher it even as a human. Or what if it contains some phrase in cyrilic, greek, or some made-up script? To a machine it looks like just the next word in the sequence. Captchas are already a usability nightmare, this would just make it an even bigger nightmare for a lot of people.

5. It can be deliberately poisoned. Even with two words (one known, one unknown), it only takes an army of jokers or bots who pick the first or second to answer right, and answer "goatse" to the other. You'll still get your majority eventually, but it will take longer and, as statistics flukes work, occasionally you'll get 5 "goatse" answers for a word before you get even one right answer. Do you start rejecting people who said something else yet?

6. It solves none of the _real_ problems with captchas. E.g., they're still crackable by proxy, or by sweatshops with 1-2 guys cracking captchas at $1-$2 per hour. E.g., it still is a usability nightmare for a lot of very real people.

So I don't care how much of a genius he might be on an unrelated domain, or who else uses the same approach... for a completely different problem. Both are here just appeal to false authority.

Even geniuses occasionally get a dumb idea. Tesla, for example, was one of the greatest geniuses of this century. He did get a _lot_ of SF ideas, though, like time travel machines, death rays, thought photography, walls of light, etc. Stuff which can't possibly work. E.g., his thought photography was based on the idea that mental im

Re:Still a dumb solution for a CAPTCHA

[marcello_dl]

You raise some good points, anyway if a weight is given to the submitted answers according to its string similarity with the ocr (wrong) guess and a dictionary, then it becomes easier to spot spammers, unless spammers do an ocr and post the second best dictionary guess. Anyway, no "goatse" instead of "slashdot". Add that to the captcha server being centralized so bots can be analysed for submission and/or error frequency and demoted or given "impossible" captchas.

Hmmm, That Looks Like A...

[WiseWeasel]

Damnit, where's the smushed bug key?!?

Its a Game

Replace one of the words with nonsence and hit submit. If it passes you get a point. The challenge is to figure out what word the computer is least likely to know.

You're all missing the point

[kilgoretrout99]

The second request is by definition not a CAPTCHA, since the answer is not known. They're using you to try and determine that answer. This after they've met their security criteria by using a real CAPTCHA. That means this is just unpaid labour! Wait 'till my union rep finds out about this, there'll be trouble!!

Re:Great CAPTCHA solution to solve people not RTFA

[xtracto]

Uh that sounds a lot like the Prince of Persia "anti-pirate" feature which asked you to drink the bottle with the letter in:
"Page 13, Line 4, Word 5, Letter 2", after ending the first level...

Nothing that a Hex editor operation in the .SAV file could not fix ;-)

Re:Great CAPTCHA solution to solve people not RTFA

[parkrrrr]

Your solution assumes that it's actually possible to tell Slashdotters and assholes apart.

I believe it is doomed to fail.

CAPTCHAs are bad design

[ElForesto]

Any method of anti-spam that causes the user to jump through hoops is a bad design. CAPTCHAs are no more effective than a battery of tests against content at preventing spam, period. While an unscrupulous website operator can lift the CAPTCHA and get unwitting users to submit it, they can't fool systems like, say, Spam Karma that test for the characteristics of spam. I've been using it for quite a while and it's been 100% accurate in telling me what is or is not spam while providing zero inconvenience to the end user. About the only way for spammers to sneak it by is to *gasp* leave comments using a real person, a task so expensive that it's not worth it.

This sound like not working

[unablepostAC]

How do they know if what I type is the real text, if they don't know in advance what it says.
And if they already know what it says, then why would they need someone else to type it for the first time.
the extent of how academics can be o out of touch with reality.

As you probably noticed...

[Moraelin]

As you probably noticed, my 3'rd objection was, essentially, "but spammers could run it through an OCR and then guess at the 1-2 misshapen letters". So you're telling me that then the system would do the same to validate that you're not a bot.

I dunno... it seems to me that, au contraire, you just described a way to make it easier for bots to pass. Magna cum laude.

You even have the exact way to tune it for maximum effect: the guys with the same OCR software are more likely to pass. Even if you don't exactly know which algorithm they're using, you can just try several and see which gets through those captchas more often.

Note however that you don't even need to be _too_ well tuned. If your OCR software misses maybe a letter in each word, you have a 1/26 chance to pass by just picking a random letter there. If it missed two, you have a 1/676 chance by sheer random chance. Those are _excellent_ odds to get a bot through. A distributed army of zombies could create tens of thousands of spam accounts per day that way.

Re:As you probably noticed...

[marcello_dl]

But they don't have the same data of the "captcha server" to do ocr, they have the distorted one. The similarity is weighed with the original data, so bots ought to have a pretty good ocr program, equivalent to a pretty good captcha decoder.

Re:Great CAPTCHA solution to solve people not RTFA

[mopower70]

Or better yet, make the CAPTCHA the text of the entire article, thereby forcing people to actually RTFA before being able to post.

Source Material

[Flwyd]

Maybe they can help piece together secrets from East Germany.

Still a great solution for digitizing books

[5of0]

Uhh, you seem to be stuck on the idea that they only use the mystery word for captcha.
Maybe you should actually read the comments you replied to...which quote the reCAPTCHA website:

But if a computer can't read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here's how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

In other words, several of your points are entirely invalid. The mystery word is not used at all for verification.
Several of your other arguments are about how it's not any better of a CAPTCHA. Which is preposterous, because it's not supposed to better at being a CAPTCHA. It's supposed to be better at digitizing books, which the current CAPTCHA scheme has exactly 0 effectiveness at. Complaining that this isn't any better of a CAPTCHA is like complaining that charity golf tournaments aren't any better than the Masters. It's a ridiculous argument, because charity golf tournaments have an entirely different focus, while still being a golf tournament.
And it's got a reload button for hard words. You've got a somewhat valid point in that being not random, it is easier to guess. But /. CAPTCHAs are real words too, and they don't do anything towards digitizing books.
You've still got some fragment of an argument left, but most of it is destroyed by the simple facts that:
a) Verification is not based on the "mystery" word
b) It's supposed to be better at digitizing books, not better at being a CAPTCHA

It's just as good as most CAPTCHAs out there, and it digitizes books. It's a good idea.

World's Best CAPTCHA

[PGillingwater]

This class of CAPTCHA is not always going to work first time, every time. It depends upon the subjective opinion or skill of the user. In my view, the ultimate CAPTCHA has been released:

www.hotcaptcha.com

Re:Great CAPTCHA solution to solve people not RTFA

[GNUALMAFUERTE]

Oh man, you just brought my childhood back =)

Thank you for the good memories ... oh so many hours wasted ...