Slashdot Mirror

← Back to Stories (view on slashdot.org)

Next-Generation CAPTCHA Exploits the Semantic Gap

Posted by kdawson on from the stand-and-identify dept.

captcha_fun writes "Researchers at Penn State have developed a patent-pending image-based CAPTCHA technology for next-generation computer authentication. A user is asked to pass two tests: (1) click the geometric center of an image within a composite image, and (2) annotate an image using a word selected from a list. These images shown to the users have fake colors, textures, and edges, based on a sequence of randomly-generated parameters. Computer vision and recognition algorithms, such as alipr, rely on original colors, textures, and shapes in order to interpret the semantic content of an image. Because of the endowed power of imagination, even without the correct color, texture, and shape information, humans can still pass the tests with ease. Until computers can 'imagine' what is missing from an image, robotic programs will be unable to pass these tests. The system is called IMAGINATION and you can try it out." This sounds promising given how broken current CAPTCHA technology is.

15 of 327 comments (clear)

  1. Too hard. by Whiney+Mac+Fanboy · · Score: 5, Insightful

    The general public will not know what "geometric" means*.

    This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.

    *or annotate... or centre

    --
    There are shills on slashdot. Apparently, I'm one of them.
    1. Re:Too hard. by Smidge204 · · Score: 5, Insightful

      Definitely the human's problem, although presumably if a human is smart enough to make it then a human is smart enough to figure it out...

      To be optimistic, I actually like to think of it the other way around:

      CAPTCHAs are providing a valuable evolutionary pressure on machine vision/artificial intelligence development!

      =Smidge=

  2. worthless by tritonman · · Score: 5, Insightful

    who needs to write CAPTCHA exploits when you can just hire 50 chinese kids for 3 cents per day to create email accounts and send spam out for you?

    1. Re:worthless by Mipoti+Gusundar · · Score: 5, Funny

      you can just hire 50 chinese kids for 3 cents per day
      If is really being true that they can be cutting us under by fifety percents then fine hai-tech industry of my dear INDIA is doomed. Ah well, nice while was lasting. Perhaps my medical degree is being useful after all!
      --
      Will code for new sig.
  3. Blind people? by tepples · · Score: 5, Insightful

    As Captchas get harder more humans will fail them. And as the population of the Internet grows, more blind and hard-of-sight people will be using the Internet, and they will fail visual tests deployed by web site operators who don't bother to deploy a decent audio test.
    1. Re:Blind people? by Anonymous Coward · · Score: 5, Insightful

      Do we lament that the blind and h-o-s cannot drive? The difference is that the web consists mainly of textual information that blind people can use.

      The cost of being all-inclusive can be too high for some budgets. The same could be said for supporting minor browsers, such as Safari.
    2. Re:Blind people? by Ngarrang · · Score: 5, Insightful

      csnydermvpsoft wrote, "The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress."

      No, spammers are. The root problem of this "solution" is the spammers, who do not care our personal feelings of privacy. They don't care that their messages cause everyone else's costs to rise.

      Without CAPTHA technology, none of the web mailers would be usable, as they would all be blocked by every known blacklist.

      For this reason, I think the penalties for convicted spammers should be far higher than what they are now. Their actions are subverting the ease of use for a very large group of people.

      --
      Bearded Dragon
    3. Re:Blind people? by Kam+Solusar · · Score: 5, Informative

      According to Wikipedia: In November 2004 article Magnitude and causes of visual impairment, the WHO estimated that in 2002 there were 161 million (about 2.6% of the world population) visually impaired people in the world, of whom 124 million (about 2%) had low vision and 37 million (about 0.6%) were blind.

      --
      The Angels have the Phone Box
    4. Re:Blind people? by $rtbl_this · · Score: 5, Funny

      Oh, they're aware. How do you think most of them got to be blind?

      --
      "Are you being weird, or sarcastic?" said Emma. I said I didn't know because I get the two feelings mixed up.
  4. Lyrical Response Mechanism by FurtiveGlancer · · Score: 5, Funny

    Why don't we take a note from TV and have the user sing the missing lyrics of a classic hit. Even if they don't pass, it will make for much more fun around the computer, especially at the office.

    --
    Invenio via vel creo
    1. Re:Lyrical Response Mechanism by Daimanta · · Score: 5, Funny

      I'll start. Finish this:

      "Never gonna give you up"...

      --
      Knowledge is power. Knowledge shared is power lost.
  5. It's still trivially crackable. by Jason1729 · · Score: 5, Insightful

    All they need to do is offer free porn to people who solve the captchas and embed the captcha in their site. It doesn't matter how sophisticated the test is or hard it is for a machine to do it, they all have that fatal flaw.

    Then there's also the option of paying Warcraft gold farmers to solve captchas and take a break from the game.

  6. Alternative... by martin_henry · · Score: 5, Informative

    Alternative URL: http://wang.ist.psu.edu/docs/projects/imagination.html

    --
    www.purevolume.com/martyd
  7. Stupid Captcha by Big+Smirk · · Score: 5, Insightful

    Any captcha with multiple choice answers is not a good one. 20 choices? So the computer gets by 1/20 of the time. Hmmm, how many attempts does it take to get 1000 e-mail accounts? As for "geometric center" note that all the images are rectangular. I haven't tried it, but writing a program to pull out all possible rectanges and then sort them on size, and pick the center of the one of the larger rectangles should do it. Why not a captcha that works with google. "Describe in one or two words what is in this picture", then use a google like search to match up the actual description with what the person typed. Person types "Dog" picture is a "Labrador Retriever" match.

    --
    TODO: create/find/steal funny sig.
  8. Solution: unproven users = limited access by davidwr · · Score: 5, Insightful

    Wikipedia does this by restricting what new accounts and non-logged-in accounts can do.

    If free mail servers put restrictions on what new accounts could do, with an override to anyone who is willing to go to a lot of trouble to prove they are human, it would short-circuit the spammer problem.

    If Yahoo, Gmail, etc. all limited you to 10 outgoing mail recipients a day until you had both 1) had the service for 1 day and replied to 10 messages, AND limited you to 100 outgoing mail recipients a day until you signed up to be a "high volume sender," it would cut most spammers off at the knees. Depending on the service, being a "high volume sender" may involve turning over a credit card number and may not be free. Some services may give "loyalty awards" to long-term customers by removing this restriction for people who have had their accounts for 6 months and show a heavy non-spammy ad-revenue-generating usage pattern.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.