How Hackers Listened Their Way Around Google's Recaptcha

An anonymous reader writes with this story at Ars Technica: "Three self-taught hackers from the DC949 hacker collective managed to use a combination of techniques to beat ReCaptcha with 99.1% accuracy (better than most humans!)" In short, the hackers skipped the visual part of the Recaptcha system entirely, focusing on the audio alternative, which gave them a few convenient angles of attack. Google responded with changes to the system, but that doesn't minimize their accomplishment.

First!

Oh yeah! Not even a recaptcha to worry about!

Re:First!

Moderation
    50% redundant
    50% funny

I wonder how the first post can be redundant.

Re:First!

[bkaul01]

When idiots spam every thread with worthless "First!" posts, how could any one of these posts not be redundant?

Weakest Link

[whitesea]

They wisely chose the weakest link to attack.

Re:Weakest Link

[amicusNYCL]

If they can solve captchas at 99% accuracy, I hope they develop a browser toolbar or plugin I can use.

Re:Weakest Link

[Calos]

Too late, Google took steps to fix it before the exploit was widely announced, according to TFA.

Re:Weakest Link

[interkin3tic]

Of two links? (The other link being the image.)

Yes... very wise...

Re:Weakest Link

[mattack2]

Audio ReCaptcha is the Weakest Link! Goodbye!

Re:Weakest Link

[kelemvor4]

Too late, Google took steps to fix it before the exploit was widely announced, according to TFA.

The real spammers who most likely had this figured out 6 months ago are probably slightly annoyed.

Re:Weakest Link

jdowloader does this for download stuff.

Re:Weakest Link

[sudonymous]

For a handful of sites... but it doesn't have a decrypter plugin for recaptcha.

Re:Weakest Link

[multicoregeneral]

I've been able to do this since 2008 or so. For awhile, I was using it to make posting to craigslist a little easier.

Singularity

[MrEricSir]

Since they beat the Turing Test, this means we've reached the AI singularity... right?

Re:Singularity

[GodfatherofSoul]

"More human than human." It just means the Tyrell Corporation was working on it.

Re:Singularity

[Quillem]

Quoting the coda of the story:

While the changes stymied the Stiltwalker attack, Adam said his own experience using the new audio tests leaves him unconvinced that they are a true improvement over the old system.

"I could only get about one of three right," he said. "Their Turing test isn't all that effective if it thinks I'm a robot."

:)

Re:Singularity

Not until it beats it of its own accord.

Re:Singularity

Eeeeeeek! Skynet! Run for your lives!!!

Re:Singularity

[mcgrew]

You bring to mind something I read long ago, too long ago for a citation. A researcher was running a turing test with one subject seeing if he could decide which terminal was a computer and which had a computer on the other end.

The tester just sat there without inputting anything. Pretty soon a message came up on one screen: "Is there anybody there?"

"That's the human," the tester said

Re:Singularity

[RaceProUK]

Weird thing is, I actually work on a product called 'Skynet'. It's a website used to keep track of vehicle fleets.

It's not self-aware yet, but I'll be the first to warn you when it does :)

Snake meet tail

[V-similitude]

I realized there's an interesting aspect to this, in that gVoice transcription is actively trying to do basically the same thing these guys did* (albeit in a far more general way). Wonder how gVoice would do transcribing google's own recaptcha audio. Someone go try that. Either way though, it's an interesting dilemma if they ever got automatic transcription good enough to defeat these audio recaptchas.

* Well, after RTFA, I realize that a fair bit of what they did was actually more related to hashing (and the pseudo-random generator) vs actually trying to parse the audio, but still.

Re:Snake meet tail

[SomePgmr]

Having seen lots of google voice transcriptions, I'm pretty sure it couldn't transcribe it's way through the most articulate of all audio captchas. Years of training and it's only gotten worse.

Re:Snake meet tail

[V-similitude]

I don't know, it's nearly perfect on phone numbers, in my experience (which is really helpful). And pretty useful on most stuff to get a good enough idea. Though it does stumble a lot. But yeah, prob doesn't do very well with these, was just a thought.

Re:Snake meet tail

I watched the video (hilarious, btw). Someone in the audience asked if they had tried Google's own speech recognition. They had, and it couldn't solve the audio captcha.

Re:Snake meet tail

[Beardo+the+Bearded]

I did that three years ago. All my posts are by bots.

2

3

5

Re:Snake meet tail

[Nonesuch]

The Google Voice transcription is so uncannily near-perfect with phone numbers, and so awful with everything else, I suspect it is cheating, and using the Caller-ID and other sources to cheat on 'recognizing' a phone number.

Re:Snake meet tail

[Aranykai]

I use it on android to send about 200 texts a month. Once you learn to speak naturally instead of over-enunciation everything, it does quite well. I suspect a big part of the issues with voicemail transcriptions is partly to do with audio compression on cell phones.

Re:Snake meet tail

[V-similitude]

I think they just put extra emphasis on numbers, since they're limited in scope (only 10ish words, and relatively simple context) and more critical than other words in a VM transcription. I just checked a few VMs and it's perfect on phone numbers even when they're not the same as the caller ID.

Re:Snake meet tail

I use it on android to send about 200 texts a month.

Please, please, please stop using a technology-specific service and just send us an e-mail instead. We all have smartphones with data-plans nowadays.

Thanks,

Aranykai's buddies

Re:Snake meet tail

[ep32g79]

Wonder how gVoice would do transcribing google's own recaptcha audio. Someone go try that. Either way though, it's an interesting dilemma if they ever got automatic transcription good enough to defeat these audio recaptchas.

* Well, after RTFA, I realize that a fair bit of what they did was actually more related to hashing (and the pseudo-random generator) vs actually trying to parse the audio, but still.

In the presentation they did that question was raised and they stated that using gvoice was the first thing they did with no luck.

Re:Snake meet tail

[Aranykai]

I'm sorry, you can register a google voice number as well if you like. I send about 1/2 those texts from my non cellular enabled android tablet at home via wifi. Get with the times and liberate your phone number from your cell carrier.

Thanks.

Another solution..

[Ziekheid]

Most of the spammers who circumvent captcha's use real people to fill in their captcha's for them. How they do it:
1) A pay-per-filled-in-captcha site (where members solve captcha's, not really getting paid eventhough they think they will be) OR a high traffic site (false/scam sites, hacked sites, etc)
2) Mirror the image from the site you want to spam to your own site
3) A person visits your own site with the mirrored image and solves the captcha
4) Mirror the answer back to the site you want to spam
5) ???
6) Profit! (literally)

Re:Another solution..

Reminds me of the story of the guy who would play 8 games of chess simulataneously in an octagon and absolutely guarantee he'd win 50% of the games at least.

He then proceeded to play the moves of the players opposite each other against each other.

Re:Another solution..

[doomdoomdoom]

I've seen malware that takes over your computer with a "enter the captcha" to get your computer back. The captcha taken from whatever pool of websites they want to deal with.

Re:Another solution..

You can do that with Chess, it's a neat little trick. No matter how good the people you're playing are, it'll look like you won half the games which seems pretty good for playing a shitton of people at once.

Re:Another solution..

Reminds me of the story of the guy who would play 8 games of chess simulataneously in an octagon and absolutely guarantee he'd win 50% of the games at least.

He then proceeded to play the moves of the players opposite each other against each other.

À la Derren Brown in this clip: http://www.youtube.com/watch?v=evZmpsl3jI0

Re:Another solution..

[zill]

Does this guy take bets and where can I find him?

55% of professional chess matches end in draws. 45% to the power of 4 is 0.17%.

If he had claimed "he would lose less than 50% of the games" then he would be correct, but that sounds a lot less impressive.

Re:Another solution..

What was the wager and did he pay up when some games ended remis? Should've guaranteed not to lose more than 50% of the games...

Re:Another solution..

Does this guy take bets and where can I find him?

  55% of professional chess matches end in draws. 45% to the power of 4 is 0.17%.

If he had claimed "he would lose less than 50% of the games" then he would be correct, but that sounds a lot less impressive.

Sorry, I misspoke. I'm certain the wager was that he would not lose more than half the games, or perhaps that a draw would result in a rematch.

Re:Another solution..

[hcs_$reboot]

absolutely guarantee he'd win 50% of the games at least

"he wouldn't lose at least 50% of the games" would be more accurate (draws)

Re:Another solution..

[hellop2]

Not really a great statistic you created there. maybe this guy is better than average.

Also, what you calculated was the probably to not draw in 4 consecutive games, not 4 out of 8. There are the same number of ways to lose 4 out of 8 as there are to win 4 out of 8. Thus, there is a 50-50 chance of winning or losing. Therefore, it doesn't matter if we're talking about 4 out of 8, or just 1 game. Based on your statistic, the probability of winning or losing 4 out of 8 is 45%, not 0.17%.

Re:Another solution..

[hellop2]

Think of it another way. Is the probably of flipping a coin heads 4 (or more) out of 8 times 0.5^4 = 0.125? No, it's 50-50.

Re:Another solution..

It's even more. Without any math, the probability that 0, 1, 2, or 3 heads appear equals the probability that 0,1,2 or 3 tails appear. In the latter case, 8,7,6, or 5 heads appear. The only result left out is the probability that 4 heads appear, which is added to the latter case, hence, 4 or more heads out of 8 occur more often than not.

Re:Another solution..

[zill]

First of all, it's "probability".

Seconds of all, there are only 4 chess games going on. I don't know where you got the number "8" from.
Ostensibly, the con-artist claims "I'm play 8 chess games against 8 players simultaneously."
What's actually happening is that he's using the moves of A against B, C against D, E against F, and G against H. Thus there are only 4 chess games going on.

Out of 4 chess games, there are precisely 5 possible outcomes:
4 winners: 45%^4 * 55%^0 * 4 choose 4 = 4.1% (I accidentally did 45%^5 before and got 0.17%)
3 winners, 1 game ended in a tie: 45%^3 * 55%^1 * 4 choose 3 = 20%
2 winners, 2 games ended in ties: 45%^2 * 55%^2 * 4 choose 2 = 37%
1 winner, 3 games ended in ties: 45%^1 * 55%^3 * 4 choose 1 = 30%
No winners, 4 games ended in ties: 45%^0 * 55%^4 * 4 choose 0 = 9.1%
(As a sanity check, the percentages add up to 100%)

In order for the con-artist to "win 50% of the games at least", there must be exactly 4 winners, thus only in the first outcome does he fulfill his promise.

This is high school level math. You should really review the material before lecturing someone else.

Re:Another solution..

[hellop2]

Obviously I was talking about the general probability of a (weighted) fair coin toss. (8 of them)

Actually, you're totally right about the 4 games being all that matters. (assuming he doesn't alter the moves, and just plays them off each other).

For some reason I automatically assumed that the question was only talking about games that were either won or lost.

But, let's assume you're right. Then the con-artist only won his bet 4.1% of the time. This is not a very good con if the con-artist loses 95.9% of the time.

You suggested there was a 4.1% chance of winning the wager. In fact you have answered, "What is the probability that the next round of 4 games played will be all non-draws?" But, a figure of 4.1% wins is nonsensical for a bet.

The real wager must be, "I cannot be beaten more than 50% of the time." That's the point of playing the opponents off each other.. Because the claim will always be true.

However, as the AC who replied to me pointed out, I failed to notice the brain teaser here which is that "winning 4 or more out of 8 fair coin tosses is greater than 50%". In 8 fair coin tosses, on average there will be an even distribution of x heads per 8 tosses. So, 50-50. But you must add the probability of ((exactly 4 heads out of 8 tosses)/2) to 50% to get the answer. In other words whenever you get 4 heads, there are 4 tails, so it's a draw. The trick is, you're just deciding that all of those are wins.

Then the probability of getting at least x heads in n fair coin tosses is sum(from i = x to n, ((n choose x)/2^n)_i).

Taking your example: (where x = 2 and n = 4) we get: 0.687500 = ~69%

So, while you may have been correct on the literal interpretation of the given problem, showing I was wrong in that regard, you are arguing a moot point, and have provided only useless results. I would offer some constructive criticism, but unfortunately for you, they do not teach common sense in high-school.





oooo burn



Hey, j/k man, I'm an idiot.

Collective?

Every hacking group is now a hacker 'collective'?

"Better than most humans"

That's it! Make all users do a SERIES of incredibly hard recaptchas. Those who get too many correct are machines! Brilliant!

Re:"Better than most humans"

...especially if they solve them in less time than the duration of the audio. (Only half kidding: They solved millions of eight second long captchas in a second and a half each and Recaptcha didn't even blink.)

Re:"Better than most humans"

Or make them easy.

On the now-closed j-walk blog he changed the captcha to a question, and the answer was always '12'.

It worked.

Re:"Better than most humans"

[million_monkeys]

...especially if they solve them in less time than the duration of the audio. (Only half kidding: They solved millions of eight second long captchas in a second and a half each and Recaptcha didn't even blink.)

or maybe it did blink and that's what tipped off Google to change the system?

Re:"Better than most humans"

[omfgnosis]

I think the captcha on Coding Horror used to always be "orange". I don't know how much time Atwood spent deleting spam, but I certainly never saw any (besides his own).

Gone too far...

[whydavid]

I had one of these the other day that was beyond absurd. The visual was a complete scrambled mess, with nearly every letter seemingly equally likely too be 2 or 3 different letters. The audio was even worse: loud gibberish in the foreground with what sounded like someone whispering the actual text in the background. It wasn't until 2 reloads later that I was lucky enough to get a recaptcha that was only slightly ambiguous, and I was able to get it on the 2nd guess. I was far more annoyed at this than I ever have been at a spambot. I'm not sure this is a step in the right direction. Time to move away from garbled text.

Re:Gone too far...

I apologize that I'm anonymous coward here - too lazy to log in (copb.phoenix) - but there is a better solution.

Machines are not too good at following natural language, so rather than a capcha, a problem written in natural language would - in theory - work best.

Something clear enough to a human eye, but not too obvious mechanically. One of the best ones I ever saw was not labelled at all, other than "signincheck" on the form and said "tob0rAtONm@i in the reversed proper English, please?"

Re:Gone too far...

[ldobehardcore]

Even that might not work in the long run. IBM Watson gets better every day. It's good enough already for chatbot and it wasn't even designed to do that. I think watson might be nearing ai complete for natural language. Just give it a couple of years and see what else comes up

Re:Gone too far...

[LoneBoco]

I've found that KeyCAPTCHA is pretty good. I don't know how simple it would be to crack, but I do know that I haven't had issues with automated spam after switching to it.

Re:Gone too far...

KeyCaptcha looks cute, but I would doubt it would stand up to even a fifth of the effort put into cracking reCaptcha. It looks to be security through obscurity because they put the solution on it.

Re:Gone too far...

[Deep+Esophagus]

That won't stop the captcha-mirrors who will grab a captcha, farm it out to idiots logging in for "free" prizes, and feed the idiots' answer back to the captcha. You can make it totally impossible for an AI to figure it out, but they'll still get through this way.

Re:Gone too far...

[Pseudonym+Authority]

Just type the one you can recognize (the challenge word is in the same style for a few weeks, and you should be able to spot it immediately), and type anything for the other word. The second word is of no consequence to the CAPTCH and only counts towards the Re.

Re:Gone too far...

I'm getting this more and more. And because I often have sound switched off, especially on my work PC, that means I have to refresh the damned thig five or six times before I get a captcha that I can even guess at. Seriously considering boycotting any site that uses a crap captch (craptcha?).

Better comments

Sometimes I wonder if the spambots would post better comments, though.

The actual link

http://www.dc949.org/projects/stiltwalker/

Been waiting for this story to get picked up by Slashdot.

yawn

[jkerman]

It EXACTLY minimizes their accomplishment. Everyone knew the day that was easily exploited, google would get a little less accessable to the disabled. Everyone knew it was the weakest attack point. (jerks!)

Re:yawn

[Pseudonym+Authority]

If they were doing it the the spammers were probably doing it 6 months ago.

Better rate than me

[Arancaytar]

They get harder, and these days I'm four for five at best.

Maybe I'm just a machine dreaming I'm human?

I'd like to find out how to break it too

[Zorque]

Google's captchas are the worst I've ever seen. They're almost always unreadable and need to be refreshed all the time. I like Recaptcha (which isn't what Google uses on their sites despite owning it), they're generally pretty clear and in addition provide a free service to anyone that wants to use it. I have no clue why Google sticks with their awful in-house captchas for Gmail, Youtube, etc.

Re:I'd like to find out how to break it too

the site you're on and where you're connecting from both play a role in how bad the recaptchas are -- and in some instances, they are not ''almost always unreadable'' but rather they are ""absolutely impossible"" to decipher jibberish.. it's bad enough when you can barely make out the dictionary words -- but when they start really fucking up the display of complete jibberish, and intentionally at that..... shit. google. what the fuck.

i hate recaptcha. i think it was pretty low for google to buy a project like that simply to collect more web usage data from recapcha users and their site visitors (which was the main reason for the acquisition.. regardless of what they may claim, it sure as hell wasn't simply to help digitize books).

How far behind were the criminals/spammers?

[interkin3tic]

Google updated a few hours before these guys revealed their accomplishment. TFA mentions that other groups had found less effective ways of circumventing the audio portion. Is there any indication that this was about to be a problem? How likely is it that anyone wanting to actually abuse it was about to figure this out themselves? Seems to me like there are so many suckers out there, that spammers don't need to spend too much time with things like this.

Re:How far behind were the criminals/spammers?

[icebike]

Quote summary:

Google responded with changes to the system, but that doesn't minimize their accomplishment.

On the contrary, yet is does minimize their accomplishment. It makes it all for nothing, a technical exercise, with no near term or long term payback.
Recaptcha is a huge con, no more secure then the original captcha. The second (or first) portion being there only to serve some other purpose, and any answer will do.

Adding the audio option (probably forced by ADA) did nothing for security. At best this demonstrates that adding multiple different keys to the same lock makes things worse, not better.

Captcha's original intent was to slow down bots, by making the user prove they were human. They are seldom used to protect anything
of value, simply to keep the nuisance bots to a dull roar.

Now it appears that machines can beat captcha and recaptcha very easily. So WHY do we still see these schemes in use?

Re:How far behind were the criminals/spammers?

Replying to frosty piss is a cheap way to get top billing.
Shame on you.

Re:How far behind were the criminals/spammers?

[Baloroth]

Because even a very "high" accuracy machine system is still going to add a significant barrier to automatically cracking the results, especially if Google continues altering reCAPTCHA like they do. While you won't eliminate 100% of attackers, you can eliminate the vast majority, and slow down the attackers that do get through. The alternative is to use nothing, and believe me: you absolutely do not want that. The Internet would be 99.99999999% spam almost overnight if that happened.

Re:How far behind were the criminals/spammers?

[crashumbc]

intelligence on /. bravo dear sir...

Re:How far behind were the criminals/spammers?

[Main+Gauche]

Now it appears that machines can beat captcha and recaptcha very easily. So WHY do we still see these schemes in use?

Could you give me your address, and let me know when you won't be home? (I presume you no longer lock your house.)

Re:How far behind were the criminals/spammers?

[Animats]

Re:How far behind were the criminals/spammers?

At about 75%, from what I read on the black hat forums.

There's a whole social spam ecosystem out there now, with tools and services for spamming Facebook, Twitter, Instagram, Google+, Yelp, Tumblr, Youtube, random blogs, and for retro types, Myspace. It's not just a few people doing this. It's an industry with a supply chain. Read my "Social is bad for search, and search is bad for social" paper for an overview. If it feeds into Google search rankings, it's being spammed.

Re:How far behind were the criminals/spammers?

[interkin3tic]

Yeah, I don't respect the sanctity of first post trolling. I have all the shame that goes along with that.

Re:How far behind were the criminals/spammers?

[bill_mcgonigle]

On the contrary, yet is does minimize their accomplishment. It makes it all for nothing, a technical exercise, with no near term or long term payback. Recaptcha is a huge con, no more secure then the original captcha. The second (or first) portion being there only to serve some other purpose, and any answer will do.

It's funny that you'd complain about a waste of effort and then bemoan Recaptcha, which was developed to prevent all those man-years of solving CAPTCHA's from going to waste.

BTW, the founder of Recaptcha has expressed that he will be happy when it can be defeated trivially because at that point the other job it's trying to do can be completely automated, which is still a win.

Re:How far behind were the criminals/spammers?

I think you, in the eloquence of Mr. George Walker Bush, "misunderestimate" the Internet.

Re:How far behind were the criminals/spammers?

Not if the trivial defeat simply consists of solving the "easy" word and filling in junk for the hard one. Which is what a fair number of humans do.

Re:How far behind were the criminals/spammers?

[residieu]

If the only locks available had keys that didn't fit properly and took multiple attempts to open, while not stopping any real thieves, I'd consider it.

Re:How far behind were the criminals/spammers?

But your lock *does* slow you down and make it more awkward for you to get into your house, but will not stop a real thief.

Re:How far behind were the criminals/spammers?

There is no sanctity. Those posts deserve to get modded into oblivion to be replaced at the top by the earliest worthwhile comment, not someone who gets to the party an hour late.

Re:How far behind were the criminals/spammers?

[g0bshiTe]

So when does your arguments for this minimizing their accomplishment come in?

Why do you assume that it comes just as Google makes changes to the system? Are you positive the change to the system did not stem from them reporting this to Google, and then following safe disclosure practices gave Google time to fix it, before going public. Are you sure they didn't do all this, then report it to Google and collect a "reward" for what they found?

Re:How far behind were the criminals/spammers?

[g0bshiTe]

Makes me wonder if the founder knows there's an easy way to beat it.

Re:How far behind were the criminals/spammers?

[g0bshiTe]

I vote for this one

by Anonymous Coward on 31-05-12 20:37 (#40174957) Replying to frosty piss is a cheap way to get top billing. Shame on you.

Re:How far behind were the criminals/spammers?

[g0bshiTe]

Would that be overestimating?

I gave up on Recaptcha and now use AreYouAHuman

Someone recently brought "AreYouAHuman" and its "PlayThru" security test to my attention.
http://areyouahuman.com/

I've been using Recaptcha on a niche website I operate for a couple years now, and people have been increasingly complaining about how hard it's getting. While it's English-only right now, PlayThru is very easy to complete, sorta fun, and best of all it tells you whether you got it right before you submit the form, so there's no hoping or guessing. So after a few quick tests, and users raving about how much better they like it, I switched today. The failure rate on security checks instantly dropped by 3/4 or better.

I wonder how long it will be before someone breaks PlayThru also. But until then, sorry Google but Recaptcha had to go.

Re:I gave up on Recaptcha and now use AreYouAHuman

[foniksonik]

Ah but click on the "accessible" option and lookie lookie, an mp3 audio file with gibberish and a background voice. "enter the words you hear".

So this exploit would at least prevent using that option.

The game concept is pretty good though, they just need to make an accessible version.

Re:I gave up on Recaptcha and now use AreYouAHuman

[ThatsMyNick]

Funny you should mention areyouhuman.com. It actually relies on recaptcha for accessibility. You would have vulnerable by the attack TFA talks about too.

I bet Siri could solve it.

[niftymitch]

I bet Siri could solve it.
All the voice tools out there could be harnessed to this sad end.

Re:I bet Siri could solve it.

[stevenfuzz]

Siri has enough trouble searching the web / recognizing most things. Somehow I doubt this.

Don't know why it never occurred to me...

[MsWhich]

...to use the audio version instead of the text version for those damn things. I bet the audio version doesn't have words that show up with weird non-alphanumeric characters or completely inked-out text in them, like a nontrivial percentage of the recaptchas I see seem to have.

Just goes to show...

Providing the option of an audio captcha was a bad idea. Blind people are wasted on the internets anyway,

Envy

[barv]

Rather a neat way to make an employment application.

Google should employ those hackers!

The hackers toolkit must have had a much better voice recognition system than google's!!!

Anyone tried to use voice on google to do a websearch ?? It is the most inaccurate thing since we believed the moon was made out of cheese!!!

The results are most laughable..

they managed to correctly answer audio captcha?

[ffflala]

Now *that's* impressive. The closest approximation I've heard to the audio captchas I've encountered would be the few recordings I've heard that John Lennon used to give out as gifts: he'd record multiple radios playing different stations.

I did once get an audio captcha that was almost solvable -- AFAICT, it was a conversation between C'thullu in his native tongue and Tom Waits responding in Aramaic, recorded in a crowded airport terminal that had lots of loudspeaker announcements.

Re:they managed to correctly answer audio captcha?

[TeknoHog]

What?

Only 58 words to crack

[mccrew]

reCAPTCHA was also undermined by its use of just 58 unique words

I'm really surprised the corpus was so small. Would have expected to be on the order of thousands.

Sounds like bull

[SmallFurryCreature]

That would work for an opening move but the whole point of chess is that there are many opening moves and with each additional move the possible moves explode until you need a very special sort of mind or a big computer (IBM big, not your pitiful 6 core big) to sort it all out.

How would your guy make sure the moves of the opposite player have any bearing on the moves on the other board? It would be like playing blackjack by copying what the guy next to you does. SMART, if by some miracle you had the same cards.

Re:Sounds like bull

[ThatsMyNick]

You should read some of your sibling comments (hell, there was a video clearly explaining this). What GP would do is play off each other player. To be more specific, he would play black for 4 games and white for 4 (this is the usual setup for playing multiple games simultaneously, incase you did not know). He would see the move the white player makes, not respond to him. Move on to the next board, make the same move on this board. Observe the response, and remember it, so that he can play it in the previous board. Now he moves on to the next pair of players. The result would be half wins and half draws (sometimes a draw is also possible)

Attention whores claim 99.1% accuracy

[Rogerborg]

100% of press believes them 110%.

New idea!

[residieu]

I've got a great new idea. If you can solve the Captcha, you're obviously not a human and are denied access.

CAPTCHA alternative

[aclarke]

I haven't seen an analogue to this idea outside the ColdFusion world, but CFFormProtect is an awesome tool for protecting ColdFusion-based sites from spam.

The basic idea behind CFFormProtect is that spam protection shouldn't involve annoying hurdles that users have to jump over, and should be as invisible as possible to the user. It takes what I would say is a similar approach to SpamAssassin, in that it uses multiple heuristic methods to rank form postings for potential spamminess. I've used it extensively and I've been really impressed with it. I'm not saying that it can't be defeated by a machine, but at least it doesn't annoy and flummox the site's users in the process.

These hackers should be awarded.

[lvxferre]

Yes, they should be awarded. Not for the whole "made in computer to beat computers" thing, but they actually helped in an unintended way - speech recognition. I see this kind of stuff easily joining Praat and software like that, helping linguists to mess with experimental data.

Well done, sirs.