Slashdot Mirror

← Back to Stories (view on slashdot.org)

Building a Better CAPTCHA

Posted by Soulskill on from the we-have-the-technology dept.

jcatcw writes "Steven J. Vaughan-Nichols reports that CAPTCHA cracking isn't that difficult these days. It has even become a business. For example, DeCaptcher.com will solve CAPTCHAs for your spamming needs at a rate of $2 per 1,000 successfully cracked CAPTCHAs. In response, newer systems are in development. Both Carnegie Mellon and Penn State (is there something about the water in PA?) are working on image-based systems. ESP-PIX and SQ-PIX both require the viewer to interpret pictures. Imagination CAPTCHA from Penn has the user find the center of an image. The idea is that humans are better at image recognition that computers, but humans can legitimately disagree on their interpretations and some humans are color blind. Problems remain. For now, sites would be well advised to look at reCAPTCHA — the system that works with Google Books and the Internet Archive to digitize printed texts — which comes with a wide variety of application and programming plug-ins and an open API."

15 of 197 comments (clear)

  1. Indecipherable by Bordgious · · Score: 5, Insightful

    I know _I_ often have trouble seeing those... Maybe some sort of an animated .gif would be better?

    1. Re:Indecipherable by multisync · · Score: 3, Funny

      I know _I_ often have trouble seeing those... Maybe some sort of an animated .gif would be better?

      Me too. Wanna go halfers on 1000 CAPTCHAs?

      --
      I don't care why you're posting AC
    2. Re:Indecipherable by Harik · · Score: 3, Insightful

      pretty much. It's outsourcing your captcha solving to impoverished third-world solvers. So really, there's nothing they can do to make Capchas better - humans ARE solving them, it's just an economic imbalance being exploited.

      I use it because I'm sick of capchas everywhere and it's dirt cheap. I figure if we break them bad enough people will stop trying dumb technical solutions to social problems. (spam)

  2. Dying Technology by EdIII · · Score: 5, Insightful

    The idea is that humans are better at image recognition that computers

    C.A.P.T.C.H.A - Completely Automated Public Turing test to tell Computers and Humans Apart.

    This is a dying technology.

    1) Computers and synthetic systems in general are ONLY going to get better at doing anything a human can do. I mean anything.

    2) Humans are a substitute for our lack of a synthetic system to solve a CAPTCHA.

    A CAPTCHA has two answers to it's owner. This is a Human and this is a Computer. Humans can be hired to solve CAPTCHA at economically viable rates to meet the demand with a supply. Computers are catching up at being able to solve various CAPTCHAs creating an "arms race" between developers and those that need to crack CAPTCHA automatically with high throughput.

    The window for this technology to be effective in its use is shrinking rapidly and it will only be a matter of time before it is nearly impossible to tell without phsyical inspection what is a synthetic human reponse and an actual one.

    1. Re:Dying Technology by Goaway · · Score: 4, Informative

      Humans can be hired to solve CAPTCHA at economically viable rates to meet the demand with a supply.

      Not in general. For high-value targets, yes. For spamming blog comments, no.

    2. Re:Dying Technology by Dhalka226 · · Score: 3, Insightful

      Using a human being to solve a CAPTCHA is not "cracking" the CAPTCHA, nor does it make the next blog or even the next CAPTCHA any less secure. If the CAPTCHAs are actually successful enough that the only solution is to hire third-worlders to do them for you, a large part of the battle is already won.

      Will it stop all spam? No. Will all spam ever be stopped? Nope, so let's take what we can get while we can get it.

  3. How to get around CAPTCHA for Porn? by corsec67 · · Score: 4, Insightful

    Even if they had a perfect system that could tell a person from a computer, how can they prevent a CAPTCHA for porn system?

    (You make a website offering porn for entering the solution to a CAPTCHA from a 2nd site, and then use that solution on that 2nd site)

    --
    If I have nothing to hide, don't search me
    1. Re:How to get around CAPTCHA for Porn? by Dwedit · · Score: 3, Insightful

      Captchas have right or wrong answers, which can be immediately verified.
      Spam or not spam can not. Some imbeciles can just make random selections without caring. Even if you give posts to multiple people to see if they agree, you can get enough imbeciles to ruin the system.

    2. Re:How to get around CAPTCHA for Porn? by kohaku · · Score: 4, Funny

      It's porn all the way down.

  4. Build a database of inputs and outputs by KPexEA · · Score: 3, Interesting

    Any CAPTCHA system can easily be cracked by building a large database with the inputs and outputs that was actually solved by humans and then saved into the database for lookup later. The inputs don't need to be text, they can contain images ( or hash codes representing images ), or css or whatever is needed to define the input data. The only feasable way to stop this kind of caching of answers is to have no duplicate tests. For example, a large field of randomly colored circles that all vary in size and position and move slowly around, then tell the user to hover the mouse over the largest blue circle and then next have them move the mouse over the green triangle, etc. Then base their "pass or fail" on how well they could move the mouse fast enough. And change the test often, like, put the mouse over the shape that looks like a bunny etc.

  5. Cylon Detector by fathom108 · · Score: 3, Funny

    Will this detect Cylons?

  6. Suck it, Vernor & Kurzweil by Anonymous Coward · · Score: 3, Insightful

    No one could ever predict that it would be spammers and porn merchants who would solve the hardest problems in AI.

  7. I really hate by BetterSense · · Score: 4, Interesting

    I really hate image-based CAPTCHAS, because they discriminate against lynx users. I seriously remember at least one occasion where I was using lynx for whatever obscure reason, and I came upon "enter the text shown in the box at the left". Fail. I like the math problem ones better.

  8. COLORblind? How about BLIND blind? by Ungrounded+Lightning · · Score: 5, Interesting

    The idea is that humans are better at image recognition that computers, but humans can legitimately disagree on their interpretations and some humans are color blind.

    COLOR blind? Some humans are BLIND blind. Others have various vision or vision processing impairments that would make meatware-visual-coprocessor-test CAPTCHAs reject them.

    IMHO most CAPTCHAs are already and obviously violating of the Americans with Disabilities Act. So now, in the info-war between weapons and armor (which weapons always win anyhow), even more of us less-than-Aryan-Supermen become collateral damage.

    Dogs are (allegedly) color blind and "... on the Internet nobody can tell you're a dog!". Well, maybe PEOPLE can't. But now the web applications can. B-(

    The solution to being attacked by better weapons is not better armor. That's only a stopgap. The solution is to hunt down those who misuse weapons and make them incapable of or unwilling to continue.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  9. Nope, that won't work either. by IdahoEv · · Score: 3, Insightful

    Give me the frames of such an animation and I can trivially write a program that simulates persistence of vision by smearing the pixels over time, thus making it solvable by a computer.

    In the long run, CAPTCHAs are doomed.

    --
    I stole this sig from someone cleverer than me.