Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evolution of the 'Captcha'

Posted by CmdrTaco on from the why-can't-i-even-read-them-half-the-time dept.

FireballX301 writes "The New York Times is running an article about the small word puzzles various sites use in order to defeat automated script registration while still letting humans through. It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created. This, of course, seems breakable as well — is there a feasible alternative to the captcha, or are we stuck jumping through more and more hoops to register at places?"

9 of 383 comments (clear)

  1. the hell with registration by Anonymous Coward · · Score: 1, Informative

    use http://www.bugmenot.com./

  2. audio captcha by weighn · · Score: 2, Informative

    Especially with provisions of Section 508 and the ADA (and foreign counterparts) that ban discrimination against blind people, who use computers through screen readers that render text as speech or braille. some sites are including an audio option.
    examples are here (under Guidelines > Accessibility) and here
    --
    Mongrel News all the news that fits and froths
  3. Re:Stop testing the Humans, test the Robots by Anonymous Coward · · Score: 1, Informative

    This works unless you're talking about a popular open source project in which case it is trivial for the spambots to be coded around it.

  4. Re:Stop testing the Humans, test the Robots by Kijori · · Score: 4, Informative

    The problem is that the solutions are being coded for individual sites not one size fits all. A custom solution would have no problem with that system at all.

  5. Re:Knowledge tests... by lazlo · · Score: 2, Informative

    You know, as a security sort of person, I tend to agree in principle. I do, however, find it fascinating how principle and reality don't quite line up all that often. A case in point, one of the blogs I read fairly regularly uses captchas. He doesn't really obscure it too much, and it's always the same 3 character string, related to the name of the site. Any spammer who actually posted more than once could easily figure it out. So far, none have. He wrote about his experiences with this here. So maybe captchas don't need to be all that complex...

    --
    Pound! Bang! Bin! Bash! is this a shell script or a Batman comic?
  6. Re:Alternative? by Mr2cents · · Score: 2, Informative

    Now, with only 4 images, you have 1+1+4+4+6+6 = 22 different possible outcomes, while having the problem remain trivially easy for a human. Each image either shows or doesn't show a cat, so that are two possibilities. With 4 images that makes 2^4 = 16 possibilities. I don't know where you got "1+1+4+4+6+6" from, but it doesn't make any sense to me.

    (Or maybe I misinterpreted).
    --
    "It's too bad that stupidity isn't painful." - Anton LaVey
  7. Re:Knowledge tests... by TodMinuit · · Score: 2, Informative

    You can get away with that if you're a little site. But if you're Google, or Slashdot, or Facebook, then it'll last about two days.

    --
    I wonder if I use bold in my signature, people will notice my posts.
  8. Re:Captcha effectiveness isn't related to difficul by Samrobb · · Score: 2, Informative

    Custom solutions tend to work. At least for some time. For popular OSS project this is usually not an option and not all users of the popular OSS software are capable or willing to write a custom solution.

    If you read Shamus' blog post, he's not using a custom solution - he's using a standard Wordpress plugin that is configured to only offer up a single captcha phrase. Presumably, if he were to run into issues with using just the single phrase, he could update his configuration to use additional captcha phrases, without having to do any custom development.

    --
    "Great men are not always wise: neither do the aged understand judgement." Job 32:9
  9. Re:Stop testing the Humans, test the Robots by CodeBuster · · Score: 3, Informative

    It would be a VERY intelligent script that could COMPREHEND the purpose of any particular html input field.

    Not really, considering that most of these scripts are targeted at large sites (yahoo, hotmail, etc) OR common site frameworks (PhpNuke, Drupal, Blogger, etc) where common hidden field input patterns would very quickly be tested and coded around by the script writers. The whole point of CAPTCHA in the first place was that it presented a random and dynamic test which was easy enough for users to solve (at least in theory) while hard enough to foil simple analysis by script. This might work on a small custom website where it is not worth the trouble of the script writers to code a version specifically for the hidden input pattern of your site, but this hidden field stuff was tried and failed on big sites even before CAPTCHA was in common use.