Slashdot Mirror
Evolution of the 'Captcha'
FireballX301 writes "The New York Times is running an article about the small word puzzles various sites use in order to defeat automated script registration while still letting humans through. It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created. This, of course, seems breakable as well — is there a feasible alternative to the captcha, or are we stuck jumping through more and more hoops to register at places?"
As a Christian fundamentalist, I cannot in good conscience believe that catchpas have evolved, yet at the same time since I can never figure out what to type to make them work, I cannot believe any intelligence was involved in their design.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
So people with eye sight problems aren't welcome on your site then?
I have perfect vision and I struggle to tell if some S/5/Zs are one of the letters. The fonts and distortion is getting worse and worse to the point where it's usually 2 or 3 attempts before I can get one correctly, purely because letters are so distorted in them these days.
I like muppets.
Ask the user to perform a task that only a computer is likely to succeed at, like factorizing a 6-digit number. If the user gives the right answer, and this is the cunning part: Then it's not a human!
MAN, I feel clever some times.
OK, I am a bit shrotsighted, but still, some of the captcha are so garbled with bright color random pixel/forms while the font color of what was to be read was light gray/pink/blue on white background (and naturally distorted) that frankly I swore loudly while trying for the 5th time to enter the correct random combo of lower case, upper case and digits.
I am not sure if a picture is better, but it is defintively a step forward if I don't have to spend 5 time retrying.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Ummm I dont think this would work in the US, where (considering our educational system) some people might answer "yes". In fact, some celebrity (I forget which) recently thought that Japan was a country in Africa, which is why Africa has the best sushi.
I always get annoyed by captchas.. its like a forced human intelligence test.
We know that humans are more intelligent than scripts, so I always thought it should be easier to test the lack of intelligence in scripts than proving intelligence in humans.
For example just use a simple honeypot in a html form. Put a dummy input field in a form. You can hide the field with CSS/noscript tag or just mark it: "This field should be left intentionally blank" or something of that nature to make it more human friendly.
Seeing that all form fields are generally blank, the spambot/script will fill your dummy field. On server side check if the field has data, ignore the submission. It would be a VERY intelligent script that could COMPREHEND the purpose of any particular html input field.
my anonymous 2c
Doesn't work well: a bot will be right 25% of the times, just by answering at random. And more pictures mean difficult layout, or small picture size. Plus, it becomes an undue hassle on real users.
"I think it would be a good idea!"
Gandhi, about Internet Security
No great loss in keeping people with that kind of education and/or intelligence away from the internet. Kinda like you'd like to keep the caveman with the club away from the nuclear bomb.
Indeed: these things are getting to be an appalling nuisance. If I see a site that use them I increasingly just say 'fuck it' and leave; particularly the sites that keep asking for another one every few pages.
Meanwhile, having an automated system feed them to Chinese people on $0.50 an hour can't be too hard, and they'll have at least as good a chance of getting the correct result as I do.
I've seen several sites using questions similar to yours except they were more obvious. An example was:
Which is a food?
A) pink
B) car
C) Britney Spears
D) Hamburger
There is of course the possible registration by a disturbed and horny male who would say "Britney Spears" but you get the idea.
What ever happened to email validation?
You give script your email address, it sends you an email and you follow a validation link within the email. Implementing this on my website where I had a captcha before got rid of 100% of the spam.
There are also other little dirty tricks you can do to ensure it's a human on the other end, one of my favorites is to check the referrer URL when accepting a comment... if it's not being referred from my entry forum then it just happily throws the request away. Even if it's not spam it's probably something malicious anyway.
Another thing I used to use that worked really well in conjunction with registration is "approving" any account in which the first post doesn't contain any links or any words on a "spam list". If the first post of the newly registered account contains any links or spam words at all, it's held for moderation and must be approved manually. A vast majority of the legit people leaving comments for the first time wont be including any links or talking about viagra on a tech site, no links or spam words means they've been validated as "not spam" and if they've included links it only takes a human a few seconds to qualify if the account should be canceled as spam or approved as a non-spam account. This one obviously takes some man power so it only really works on smaller sites. It might be easy for a spam bot to counteract this but the way it validates is not apparent, not to mention this is already after an email has been validated.
Collector's Edition
Which is a food?
A) pink
B) car
C) Britney Spears
D) Hamburger
There is of course the possible registration by a disturbed and horny male who would say "Britney Spears" but you get the idea. Make sure you cook your Britney thoroughly first, no telling what diseases she's carrying.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
If there are four possible answers even a script will be right 1 in four time... So if they make a registration attempt every second they will still get 900 successful registions an hour.
God Be Gone
Kinda like you'd like to keep the caveman with the club away from the nuclear bomb.
And then you voted for Bush, TWICE!!!!!!
thank God the internet isn't a human right.
Shamus Young (the creator of the "DM of the Rings") recently introduced a captcha on his site to deal with comment spam. In his post about using a captcha on his site, he notes that:
Emphasis mine. He's running a fairly popular site, and using a captcha based off of a single, unchanging, three-character phrase. Just the presence of the captcha was enough to effectively eliminate his spam problem. The indication seems to be that just the presence of a captcha is enough to keep spam off of even a moderately popular site.
"Great men are not always wise: neither do the aged understand judgement." Job 32:9
My husband and I run a forum for homebuilt aircraft and we've already got bots doing this. We're using captchas at registration, an email activiation link AND we have to have a moderator personally approve every registration...... and we still have some spammers who get through. I'm really beginning to think that there is an army of them out there earning .01 per hour to actually read our site and create profiles that match our user base. Some of the spammers have gone as far as to create signature blocks stating which type of kit they are building and the tail number they've reserved from the FAA. The account gets approved and then we've got hundreds of V1@grA posts to clean up in the morning.
I read an advertisement recently -- apparently someone is collecting the URLs of web forum signup pages and then selling them to the botnets. I was thinking that maybe we could come up with a way of randomizing the signup page URL so that it would only work when the link is actually clicked on, but never got around to it. And let's be honest -- they'd figure that out too. *sigh*
--Insert catchy
"pink" is a common dessert on airlines.
May contain traces of nut.
Made from the freshest electrons.