Slashdot Mirror

← Back to Stories (view on slashdot.org)

3D-Based CAPTCHAs Become a Reality

Posted by Soulskill on from the is-that-an-e-wait-i-think-it's-a-5-dangit-let-me-in dept.

mateuscb writes "A new way of creating a CAPTCHA using 3D objects has become a reality. The idea was thought up independently by blogger Taylor Hayward and by the folks at YUNiTi.com. 'Similar to Hayward's idea, this new technology relies on our ability to identify objects in 3D instead of using alphanumeric characters. YUNiti's 3D Captcha, however, has three objects in the challenge and extends the list of images to any object, not limiting it to animals as in Hayward's idea. This increases the challenge's level of complication to prevent computers from successfully making the correct guesses.' I, for one, welcome the thought of not having to read more and more complex CAPTCHA. Lately, I've been having a hard time getting CAPTCHA to work the first time."

10 of 192 comments (clear)

  1. Rationality check by mongrol · · Score: 4, Insightful

    Let's see now. If the spammers and robot makers went outside, done something worthwhile and produced something the world badly needs (food) then this nonsense wouldn't exist, I could surf in peace and the starving millions would live a little longer. The very existence of CAPTCHA's proves the human race is badly in need of a reset.

    1. Re:Rationality check by MWoody · · Score: 5, Insightful

      Such is the way of all intelligent life, though. If you build a maze for a mouse, the rodent may run its course a thousand times to reach the end and its reward. But never be fooled for a second: the mouse likes the cheese, not the maze. If he finds a way to climb over the walls and skip the test entirely, you should be neither surprised nor angry, as the failure is yours.

    2. Re:Rationality check by Idiomatick · · Score: 4, Insightful

      We should spend that effort spammers put out to get useful work done. Re-captcha is a perfect example. How about Google, want a new tagging system for images? It would make image search MUCH more usable. It could also be used to help AI/learning and object recognition. Just set up Captchas to do meaningful boring things that otherwise would not get done. I've no idea why this isn't more widespread.

  2. This Is Great for Progress in AI by Louis+Savain · · Score: 3, Insightful

    CAPTCHAs are among the best motivators for progress in AI research since DARPA began throwing gobs of money around. The question is, what will happen to online forums and social/financial networks when machines become indistinguishable from humans?

  3. Re:Humans can defeat humans by forkazoo · · Score: 4, Insightful

    Interesting, but in a previous /. discussion, I got convinced that there was no perfect captcha, since one can simply pay a group of underpaid workers (e.g. in poor country) to manually solve the captchas...

    If it requires actual workers, then it is a perfectly working CAPTCHA. "Completely Automated Public Turing test to tell Computers and Humans Apart." Don't think of it as a way to keep bad posts from your forum, because it isn't. It just tries to increase the likelihood that a human was involved in the process. If you want to limit abuse, getting a guarantee that a human was involved is only one small step in the process.

  4. Easy to defeat by grumbel · · Score: 3, Insightful

    As is, this seems relatively easy to defeat and well within reach of available technology. The number of 3D models is rather low and they have a very clear silhouette and also a very distinct one for each models. So all one has to do is to search for the best matching silhouette.

    The good thing however is that 3d models have enough flexibility so that one could conquer many attacks, adding background images and texture would make it much more difficult to get a clear silhouette and one could of course easily introduce many more models into the mix.

  5. An Alternative by Nom+du+Keyboard · · Score: 3, Insightful

    Or as an alternative, we could actually track down the people who continue to make the Internet a swamp, beat them within an inch of their lives, let them spend a hot humid summer in full body traction, and maybe not only wouldn't they do it again but others might not either.

    And put it on YouTube afterwards.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  6. Re:3D? Pfft. by Jurily · · Score: 3, Insightful

    Pfft. Mere mortal.

    Kinda defeats the purpose of a captcha if it looks like noise to a human, but is solvable by a computer.

  7. A few common CAPTCHA fallacies by QuoteMstr · · Score: 5, Insightful

    Everyone has a great idea for a CAPTCHA, but very few people know what the hell is really going on. Remember that the machine doesn't need to solve the CAPTCHA every time, that machines are infinitely patient and have huge memories, and that another machine needs to make sure the human gave the right answer!

    Ideas that won't work:

    1. Make clients identify an object from a picture. Machines can't describe objects in pictures: if machines can't describe the picture, how the hell is the CAPTCHA server supposed to verify that the client gave the correct answer? If a human being manually inputs the pictures and acceptable descriptions for each, then another human can program his attacking machine to do the same thing! Having a large, but finite set of pictures doesn't help either since a machine doesn't need to solve the CAPTCHA every time. It can just learn the correct responses without actually understanding the image. ANY APPROACH BASED ON IDENTIFYING A MEMBER OF A FINITE SET DOES NOT WORK AS A CAPTCHA.
    2. As a special case of #2, QUIZZES DO NOT WORK: either the questions are finite and subject to attacker memorization, or the number of patterns for the question is finite, and these patterns can be detected by a machine. (Consider "A train is coming from Denver at X miles per hour..." --- same problem, different coefficients)
    3. Send the client a special program that verifies he's real: if it doesn't work for DRM, it won't work for CAPTCHAs. An attacker can just program his machine to simulate slow typing, slow thinking, or a cross-eyed human being. YOU CANNOT CONTROL THE EXECUTION ENVIRONMENT. No amount of Javascript obfuscation, encryption, or header-checking will make the slightest bit of difference for a determined hacker.
    4. As a special case of #3, TIMING ANALYSIS DOES NOT WORK. Machines can simulate arbitrary delays.
    5. Limiting CAPTCHA-solving attempts by cookie/IP address/etc.: that doesn't work. Attackers don't obey web standards, and have botnets

    Really, it's very easy to think you've come up with a very clever CAPTCHA. When you think that, all you've done is stoked your ego and screwed yourself over. It's the same reason why we don't roll our own cryptography: CAPTCHA-making is a very hard problem, mainly because your problem space must be infinite (to avoid an attacking machine simply memorizing answers), the answers verifiable by a machine, but the problems not solvable by a machine.

    How many questions can be checked by machines but not answered by them?

    Not many; fewer every day. There are no questions that can't be answered by a computer (and which can be answered by a human mind). The Church-Turing thesis has some validity: the human mind is no more powerful than a turing machine, and ultimately, computers and our brains are equivalently computationally. There's nothing a computer can't solve: there are just things we haven't figured out yet.

  8. Re:Humans can defeat humans by Goaway · · Score: 4, Insightful

    If the spammers have to pay to spam, we've already won.