Slashdot Mirror
Inside India's CAPTCHA Solving Economy
Anti-Globalism points out an analysis of India's CAPTCHA-solving industry posted at ZDNet. It begins:
"No CAPTCHA can survive a human that's receiving financial incentives for solving it, and with an army of low-waged human CAPTCHA solvers officially in the business of data processing while earning a mere $2 for solving a thousand CAPTCHAs, I'm already starting to see evidence of consolidation between India's major CAPTCHA solving companies. The consolidation, logically leading to increased bargaining power, is resulting in an international franchising model recruiting data processing workers empowered with do-it-yourself CAPTCHA syndication web based kits, API keys, and thousands of proxies to make their work easier and the process more efficient."
you CANNOT stop advertising/spam. There is simply too much money in it. I think Ani said it best when she said "Fuck this time and place".
The going rate is $1k. For a simple /usr/share/dict/words attack on some random account on some random site, it'd cost you about $100.
Assume I was drunk when I posted this.
Comment removed based on user account deletion
Provided you have a sufficient number of dedicated employees, any technical problem is solvable. So when we have densely populated areas with extremely low cost of sustaining life (i.e. warm underdeveloped countries), it's much more rational to assign thousands of locals to perform simple recurring actions than to hire an adequate number of qualified professionals to develop software capable of the same thing.
A list of measures that could help includes eradication of population in warm underdeveloped countries, and making the said countries either cold (or otherwise unsuitable for life without certain expenses) or much better developed, which would ruin this business model as far as I can see.
I'd go for Anonymous Coward Just like you
Comment removed based on user account deletion
or much better developed, which would ruin this business model as far as I can see.
It's starting to happen. Give it another 20 years and Indian wages will be high enough that this sort of stuff won't happen because Indian wages will be almost as high as a US worker's wages.
China, I think, will take a bit longer, but I think they'll end up using up their own labor that's coming off the farms and such for the most part during the later stages of their industrialization.
Heck US manufacturing goods exports and domestic production have been increasing recently, and that hasn't happened in years.
I don't read AC A human right
Maybe the next logical step is for someone to start an industry based on organizing cheap labor to combat the spam that gets around our automated anti-spam measures. Fight fire with fire.
...you're going to reduce the human population by cloning the U.S. military's Reporting and Planning Terminal?
Instead of asking people to type in badly form text how about answering a question only an English speaker could. Like what is the forth word from the beginning of this sentence?
Rapters are fast and intelligent, hunt in packs, and hell.. they can even open doors! Support rapter cloning!
Surely such intelligent rapters would know how to produce more rapters without cloning?
She made the willows dance
When the prevalent economic theory is that the entire responsibility of a corporation is to make a profit for the shareholders, and lots of willing serfs (hard to blame them, really) ready to do even the most dumb of tasks, here's where you end up. Well, here and gold farming on MMORPGs... Honestly, at least this is something with a practical purpose. Gold farming strikes me as one of the most pointless things you can do. "WILL BREAK CAPTCHAS FOR FOOD?"
The natural parallels with MMO gold-farming are interesting.. and depressing. The world is broken.
GameRanger - multiplayer gaming service for PC and Mac games
The main reason spammers can keep doing what they do without consequences is that they are hard to track as they exploit users with insecure systems. You can't punish the companies that are advertised, because it would make it very easy for a competitor to get his rival in trouble by sending spam in the victim's name. You can't punish the users who have their machiens compromised and used tos end spam because you would hit a sizeable fraction of the population, virtually all of which simply did not know how to protect themselves.
No, there's only two places to adress the problem:
Firstly the ISPs could use traffic analysis to determine which of their users are infected and allert them about the problem. The problem with this aproach is that such systems could likely be abused to spy on the clients, so some strict regulation woudl be necessary.
Secondly you could start to actually penalise the main company responsible for having put millions and millions of extremely vulnerable systems into the wild. No, it's not just the fault of stupid users. Yes you would still get some infections because users are stupid, but it would likely be an order of magnitude fewer if it was not for Microsoft's downright pathetic security record. I know they made a bad attempt to adress it with UAC in Vista, but quite frankly they messed it up so bad that large number of users simply turn it off ( the fact they felt the need for a GUI setting that turns it off system wide says a lot about how messed up it is ). I'm not saying we should bitchslap every single software vendor that has security vulnerabilities in its code ( it is impractical for obvious reasons ) but when a company with the resoruces Microsoft has more or less ignores the problem for several years, and then makes a half arsed attempt at fixing it, then a charge of damage caused through gross negligence would not be out of line.
Heavens, no! At Slashdot, CAPTCHA-breakers are used for less lucrative motives than elsewhere. The posts are, in fact, originating from PROFESSIONAL CAPCHA ENTRY OPEATORS AND WE CAN DO EVEN 25000 ENTRIES PER DAY AS MY COMPANY IS A 25 SEATER FIRM SPEALISED IN DATA ENTRY.
I saw a crack site once where the CAPTCHA you had to fill out to download the file had a myspace watermark. I believe it would be crackstorage.
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
I wonder if they have any pointers, I fail at CAPTCHAs all the time.
If every site took up that reCaptcha thing all these paid captcha-solvers would be helping to digitise thousands upon thousands of old books ... on the spammers' dime.
Hal Spacejock: Science Fiction with Nuts
At 2.00 for a thousand capatas, they could probably scan and convert books at a pretty fast pace, too.
An army of people typing in a page at a time could probably turn out a complete book in less than an hour.
Lots of legal and illegal uses for that.
transporter_ii
Doctors destroy health, lawyers destroy justice, universities destroy knowledge, religion destroys spirituality
There are some open source or free captcha breakers out there already:
http://churchturing.org/captcha-dist/
http://network-security-research.blogspot.com/2008/01/yahoo-captcha-is-broken.html
etc.
Captcha is broken, captcha is dead. Stop pretending that half-measures will secure anything. It isn't real security and it never was.
Nature will find a way!
http://xkcd.com/87/ and http://xkcd.com/135/
"First they ignore you, then they laugh at you, then they fight you, then you win."
> My proposal is to clone rapters
Aah, why bother with that hassle? Just let people kill of people randomly - it does the same job as raptors and we don't need to have the hassle of genetic enginering
Your statement doesn't really work. You can't blame living too long or healing ourselves for overpopulation. Most countries that are first world have a birth rate that is less than 2.1 needed to sustain the population. Overpopulation is a function of poverty. Once you have money you start having less kids.
It would seem a website mostly visited by nerds and geeks of all kinds should be a little more intelligent than most
Yes, most of us are indeed more intelligent than most. That's how we know what CAPTCHA stands for, without being told.
clearly the evidence shows most visitors and posters are just as dumb as the average
By this, you mean the ones who don't know what a CAPTCHA is? The ones who spend minutes typing out a reply to bitch about the acronym not being spelled out, when googling for the acronym would only have taken a few seconds?
Rapters are fast and intelligent
Great! Can they solve CAPTCHAs?
Well there's a good opportunity for Google to fight back, they could have another army of Indian Data entry operators who delete posts by advertisers who've hacked the captcha's.
Lawmakers are incompetent and unable to adjust to the realities of day-to-day changes in spam techniques.
I just with Gmail would go back to the "Invite only" approach, with SMS as a secondary measure, along with a remote possibility of snail-mail to cover everyone else. Unless we all use OpenID or some other general log-in function, small sites would be screwed by this approach.
Hrm, maybe that's a good argument for OpenID.
Excepting the conspiracy theories about BG, this is pretty much what I figure will happen. Outsourcing to India/China encompasses far more than software writing, after all.
Don't forget that once fully industrialized, China and India will be looking to outsource as well.
The other major possible population centers for replacing China and India tend to have some rather severe problems, starting with lower population levels, not to mention the civil wars, the lack of even basic infrastructure in many areas.
Not saying that it won't happen even there, but the increased expense will tend to slow outsourcing stuff down such that the majority of production left in the USA will stay here.
I don't read AC A human right
It's starting to happen. Give it another 20 years and Indian wages will be high enough that this sort of stuff won't happen because Indian wages will be almost as high as a US worker's wages.
Indian wages will rise and US wages will fall until they're in parity.
Our standard of living is falling here in the US (except for the very small minority of CEOs, politicians and stars). Yeah, it's rising in these third world countries, but the overall effect is that we'll never see the standard of living that our parent's generation (grandparent's generation for some of you) enjoyed. We're all in this downward spiral. Labor, regardless of how skilled it is, is a commodity.
I have a very pessimistic view of the future of this planet and I fear for you young folks who are just starting out.
Because we can.
At the end of the day the mad scientist will lay in his bed, look at the ceiling, and smile, knowing that, while his knowledge of genetic engineering could have cured cancer, diabetes, and a huge number of other diseases, he created a raptor instead, which is way cooler.
Remember, raptors run at 10 m/s and they do not know fear.
- XKCD
Or just "WTF" until you learn to spell raptor properly. Not sure why you want to clone Red Tailed Hawks and Eagles and all, but they don't prey on humans.
But then, perhaps you were talking about the Toronto Raptors? Sure, I hate basketball and would probably run in fear from a team of large basketball throwing individuals trying to herd us into canyons or whatnot. Might work.
Could also be the US Marine Corp squadron "The Raptors". You are right, they CAN open doors. Or just blow them up. The few, the proud, the cloned... Dang, I thought only Yoda got to see the clone wars.
What's this - dinosaurs you say? Oh, Velociraptor! Gotcha. That would work. People can be pretty stupid, you could probably even get folks to pay for distribution by selling the velociraptors as pets. All the "gullible" folks order them from that ad on their TV - no more gullible folks. Hmm, might solve SPAM then too as there wouldn't be any more money in it.
As 1 person can do 800 captcha entry per hour . . . .
Interestingly, that's also about the rate established by Ben Franklin for a manual postal worker to sort mail.
Bank of America, and probably others, use something they call SafePass as the equivalent of a CAPTCHA: they send a text message to your cell phone which you have to type back into a web page.
In the end, how strong a CAPTCHA system you use comes down to who feels the pain. A few spam emails sent by our system? Small price to pay to sign up new users for our [email|blog|whatever] service. An unauthorized transfer of $any_amount that we'll have to cover? Clamp down hard.
Well, at least you have a good username for your spiel.
I don't think it's quite as bad as you think. Frankly, I'm surprised that we've stayed up as high as we have, and some turning points have happened faster than I thought.
Basically, the Indians and Chinese are coming up far faster than we're coming down. It doesn't help us that we're outnumbered about 2 to 1 (Including Europe, Canada, and Australia along with the USA). It also doesn't help that we're looking at the generation that gained the maximum benefit from outsourcing - cheap goods while still having relatively high incomes.
So yeah, I figure it's going to be a while before those of us in the USA and rest of Europe see a rise in standard of living other than through sheer technological progress. Buying a second home might not be as feasable to much of the population any more, but on the other hand we have much more effective medical(if expensive), cell phones, faster computers, bigger TVs, etc...
I don't read AC A human right
Best way to combat spam is to give away the crap they sell. No market no spam.
Nope, he distinctly said raptErs, which pretty much refers to a type of console used by the U.S. Army (see post below). =)
If he said raptOrs, he might've been referring to producing his own line of 10,000RPM SATA hard drives -- which would be a good thing, since there's only one manufacturer in the market at the moment, if you don't want to go with them you need to go the SCSI/SAS route.
It would take a lot of time and effort, but you could probably wipe out humanity with them. A glass/ceramic/metal disk spinning at 10,000 RPM can do a lot of damage.
Are we sure any of this is really true? I can imagine that MS might find itself to slow to respond, but other players could. My guess is that these are classic "work at home" scams, where the victim is the hopefull worker, who sends money for a "kit" to start work, and then never gets any work to do. The claims about size and workload are merely details meant to add verisimilitude to an otherwise implausible story.
The trust model needs to be changed from "not human"/"human" to "not accountable/accountable."
If you can hold the person accountable for abuse, you can give him more privileges. Knowing who he is so you can bill him or sue him is one way to hold him accountable.
Those who are unable or unwilling to provide either real-life contact information or usable billing information will be stuck with limited services.
Those who live in countries where they cannot be held accountable will be similarly limited.
The Yahoos and Googles of tomorrow will offer free email accounts but limit traffic to so many outbound messages or outbound megabytes a day until the user turns over a credit card or notarized copy of his proof of identity and proof of address.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
My experience is that Indians overal have no knowledge about US or EU "culture".
So working CAPTCHA's are:
????, Dewey, and Louie
I believe I can ???
don't let the ??? bugs bite
Some three billion people in poverty in the world, each with a mind more powerful than any computer (as proven by this task), looking to make a miniscule amount of money for themselves and their families. And this is the best the market can come up with? Sheesh.
Are there any legitimate reasons to operate or employ a CAPCTHA solving business? The only uses I can think of involve spamming forums or identity theft. Why are these companies allowed to operate? If it were in the U.K., it could very well be in voliation of the Computer Misuse Act - do they not have equivalent legislation over there?
The spam problem has a technical solution. The keyword is innovation. The programs that recognize CAPTCHAs could be defeated for example by using evolutionary CAPTCHA described here http://network-security-research.blogspot.com/2008/08/around-captcha.html Malicious human CAPTCHAs recognitions could be defeated as well. And perhaps such approaches will appear in a short period of time ;-)
There's no incentive for users to give you billing or identity information just so you can hold THEM accountable when the account gets hacked. It would be rather better for them to NOT do that, in fact (just worse for you).
So if you limit all the users who don't let you shift the liability onto them, they will ignore you and flock to services (like the ones we have today) that DON'T shift the liability onto them.
If only I could opt out of Visa's bogus scheme for shifting their liability onto me ("Verified by Visa") by just switching to a competitor. Sigh.
The solution is simple: employ India's poor in condom factories.
Table-ized A.I.
CAPTCHAs were designed to delineate between machine and human, then preclude the machine segment.
Solution? Use humans.
This never occurred to the designers of CAPTCHAs?
Ridiculous for anyone to assume that the time involved was not worth doing it manually, in bulk processing. To assume their time has the same monetary value as that of the rest of the world is pretty narrow-minded, and somewhat arrogant, in my opinion.
The cheapest, easiest way to solve 1000s of CAPTCHAs remains the pron proxy. You pay nothing, they solve 1000s of CAPTCHAs.
Start a web site, put in a few teaser images, proxy a captcha from some site, force users to solve captchas for you to view their pron. Profit.
The Internet is still inherently very very insecure. If you aren't paranoid about it, you don't know enough yet.
Essentially, we humans are yorn, and we need Harika?
Or perhaps Wells' Morlock and Eloi...
Your conclusion seems to vary drastically from reality. By definition the MLM is the opposite of spam. Each member actually buys and sells only to/from people who want their product or service. In fact, MLM groups can get snippy when people don't choose to participate in the social aspect of distribution (meetings, etc.). Spam by definition is stuff forced down your craw whether you buy or not. MLM is just a distribution method that uses word of mouth and relationships to sell stuff. "Buy from me, your friend/ son/ daughter, instead of a faceless chainstore. MLM just stands for Multi-Level Marketing and it gets a bad rap because it eats into the corporate propaganda machine of Madison Avenue (of course some MLMs are scams, but many are not). Attacking all MLMs is much like closing all of Usenet to get rid of some illegal crap. MLM is just people, period.
Spam piles advertising on millions of people whom the spammer does not know.
They are opposites. Not similar.
Once you have money you start having less kids.
So in other words, the people with the resources to raise children in the best way possible are the ones who aren't having them. I love the human race sometimes.
Make me a friend and I'll mod you up
Which raptors?
Owls?
Bald eagles? Or hawks?
Most of these raptors would have a hard time eating a human being...
What ornithology degree program did YOU flunk out of?
Raptors...! (snicker)
Too much birdsnest pinoqachole in your liver I suspect!
Use tests based on American cultural references. Won't fix everything but sure will make it harder for them to use foreign labor.