Slashdot Mirror
Analyzing CAPTCHAs
Bruce Schneier's blog pointed me to a research paper on
"Attacks and Design of Image Recognition CAPTCHAs" (PDF). The abstract says, "We systematically study the design of image recognition CAPTCHAs (IRCs) in this paper. We first review and examine all IRCs schemes known to us and evaluate each scheme against the practical requirements in CAPTCHA applications, particularly in large-scale real-life applications such as Gmail and Hotmail."
2nd link is a PDF. Thanks for the warning...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I wonder how long until we have no way of distinguishing a bot from a person. existing CAPTCHAs don't work all that well, and I can't see future ones working much better for very long. The Cylons are among us! Any one of us could be one!
> yeah... running low on things to study?
Bruce is running low on things to study just as much as you're running low on articles to read.
Most CAPTCAs are also inaccessible to vision impaired individuals.
My experience with captcha is they are too focused on being the perfect system, to the point where it goes from a simple annoyance to almost impossible to access whatever it's protecting.
did you forget to take your meds?
I have a friend that used to bot WoW for a couple years until Blizzard got the law on their side^H^H^H^H^H^H^H^H^H^H^H^H^H in their pocket. Turns out he used to redirect bot checking CAPTCHAs to an IRC channel where the paid minions would solve them.
CAPTCHA has been a moot point to me since I witnessed this process occur in real time.
Apparently we don't really need strong AI so long as we have cheap labor in the 3rd world.
Then perhaps we need to send people down the tube at the end of world 1-2 to build roads and the like so that we can industrialize the 3rd world and make the labor more valuable.
It's 2010, get a life. Comments like this were funny sometimes around 1996.
do captcha in a different way. Show an image of someone famous, like Obama, then ask who that person is. The answer key could have "Obama," "Barrack," "Barrack Obama" and every other iteration.
Interesting study however needed a more diverse range of sample testers all of which were early twenties volunteer university graduates. I only bring this up because I see a very different responses to CAPTCHAS. The response and attitude towards CAPTCHAS from young university people hanging around the IT labs where this was most likely advertised will be far far different to the average online citizen. . Im not sure how accurate this is but out in the non IT section of society CAPTCHAS are loathed and hated beyond belief, also the failure rates sound spectacular. Full credit for the new variations on the old warped text captchas but I hazard a guess that those bizarre mental challenges are not going to fly with your average joe. In fact its amazing that captchas have entered mainstream at all. Im sure the study was limited with money and time but I look forward to a more mainstream diverse study.
http://lib.mipt.ru/?spage=reg_user From the Moscow institute of physics and technology. Described as a "little school-level problem" :-)
Be prepared to dust off your knowledge of Kirchoff's law (http://en.wikipedia.org/wiki/Kirchhoff%27s_circuit_laws) and ohms law, and to solve a system of equations that boils down to a 6x6 matrix.
Ian Ameline
Why is there so much use of captchas anyway? I can see it if if maybe you were running to run a secure site, or were trying to limit access to speakers of a certain language. But why for instance does /. use captchas to post a comment? Are you afraid that some advanced AI is going to post a comment, or that you are going to be spamed?
I mean...terming...geeze.
Seriously, what use of are captchas anymore when they pay actual humans to do the dirty work? I got like hundreds of fake users with IPs from India and China in my forums, that sign up just for putting a CEO tailored message and URL in their signature.
Have you ever ran into Captcha that claims your response is wrong when its obvious that is is NOT wrong and tried the audio stuff? The audio version is so retarded its disgusting. It usually features two guys with grossly distorted voices uttering what sounds like 14 words of gibberish in some short conversation at the breakneck speed of an auctioneer or bugs bunny on Helium. Not a single word can be understood, and then it asks for the two words in the sentences. The worst I had ever seen of this kind of foolishness was Dev Shack. It sounds like a great site for programming resources but I can never join because I can't get past their defective Captcha. I can't even tell them its broken because the Captcha prevents any such messages from getting through. This is what I call "Craptcha" and this is no Fraudian slop. I used to run into a few like this, but not lately, but when I do, I still get that sick sinking feeling.
www.Migrainesoft.com - Computer giving you a headache? We can fix that!
At the point that it becomes impossible to distinguish them, you will no longer need to. Why discriminate against a bot, if it's able to participate in discussions (to an on-topic degree as well as humans), has its mind influenced by ads, etc?
"Believe me!" -- Donald Trump
Once the captcha is defeated, a human being sends a simple question to the account to validate it.
"Was Jennifer Aniston in "Friends""
"Is Kentucky a country?"
"Is the Euro a kind of duck?"
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
I dealt with spam sent via phished passwords in a previous job. No one could relay through our site, and our IDS blocked large mail bombs via authenticated SMTP and IMAP, so the spammers always got in by logging in via the HTTP interface and apparently cutting and pasting spam messages one recipient at a time.
About 3/4 of the spammy logins were from Nigeria and Togo and the rest were from various places like Israel, Saudi Arabia, and various UAE states. It's the ultimate work from home job!
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
...There was a Numb3rs episode wherein a supercomputer was programmed to fake its way through a Turing test. Cool concept.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
I recall how Planetarion [online game] used simple trivia questions in their CAPTCHAs. The arithmetic category was no problem, but a few of the simple trivia questions tripped me up, especially because they were Euro-centric (the game *is* based in the UK). I shouldn't have to Google for a CAPTCHA answer.
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
You're right, they can't all be pictures of the same person, but it seems like multiple pictures of the same person, mixed in with pictures of other people, could help or at least not hurt.
If the pictures of the same person look very different (Gaga's fashion choices would certainly be an example of that), that would help such a process
I listen to both RIAA and non-RIAA stuff if I like the music, tangential business/politics nonwithstanding.
http://xkcd.com/233/ Seriously, when I heard of the algorithm that could solve captchas 30% of the time, I was like: "Download link?"
"People don't want to learn linux" hasn't been a valid excuse since '03.