Slashdot Mirror
Research Unveils Improved Method To Let Computers Know You Are Human
An anonymous reader writes CAPTCHA services that require users to recognize and type in static distorted characters may be a method of the past, according to studies published by researchers at the University of Alabama at Birmingham. Researchers focused on a broad form of gamelike CAPTCHAs, called dynamic cognitive game, or DCG, CAPTCHAs, which challenge the user to perform a gamelike cognitive task interacting with a series of dynamic images. For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location. The puzzle is easy for the human user to solve, but may be difficult for a computer program to figure out. The game-like nature may make the process more engaging for the user compared to conventional text-based CAPTCHAs.
There are a couple research papers available: "A Three-Way Investigation of a Game-CAPTCHA:
Automated Attacks, Relay Attacks and Usability" and "Dynamic Cognitive Game CAPTCHA Usability and
Detection of Streaming-Based Farming."
Just like playing a game of Warioware...
I generally just close the page whenever I see one of those awful text based captcha, where you have to squint at the screen to even be able to tell 10% of the time what is written on those awful blurry squiggles. Whatever you're selling, unless I can read it and type it easily/quickly, it ain't worth my time.
you sound like the helpless baby boomers that bug the staff and ask questions when the answer to those questions is right in front of them. dont you have a homeowners association to run, a voting booth to visit, or a AARP magazine to read?
And then never have to do it again?
Not hard for Indonesians paid pennies a day.
to solve a reverse Turing test. Totally new idea.
Man if these start showing up, They're going to look exactly like those "hit the target 3 times to win" flash-based advertisements. I'll probably glaze over them multiple times trying to submit a form before I notice that a 'completing the game' captcha is what's preventing me from leaving my incredible razor wit splattered all over someone's comments section.
Looks like this is based on a fixed set of games and images. Just teach the bot all of them, and you are done. If this is self contained software I can install on my site, all the info you need to feed the bot is already packaged up in the source.
For things like this to defeat bots they have to rely on hard to invert functions, like rendering randomly warped things. Picking a few items from a lookup table is easily inverted by a bot.
Resisting replay attacks is cute, but it can't resist basic forwarding attacks (inherently impossible to prevent you from sending it to someone else to solve live: trivial proof, RDP exists.) and it is trivially solved by a bot. I see nothing useful here.
The nice thing about current text-based CAPTCHAs is that they can be applied to any website, whether large or small, and require very little input or tinkering from individual web administrators. The other nice thing about this is that they have an infinite number of possible variations, what with the different ways you can transform text.
This new idea would work great for a small site that will never be a target of a directed attack, but we already have hundreds of different CAPTCHA variations that can be used for that sort of thing. I use a simpler but similar idea on one of my sites, where I have new registrants drag words into matching categories that I set up. I've had zero bot registrations since I set it up a few years back, and a number of comments from actual users that love the system.
But if you apply something like what I use or this new idea to a site like Google, the folks trying to break in will inevitably code up algorithms to handle each of the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless. The only way to get infinite variation out of it is to start applying image transformation to the items being used so that they can't be as easily identified, and if you start doing that, you're right back where we are now.
So, by the logic behind these things, blind people aren't human?
Microsoft made a CAPTCHA with pictures of cats and dogs. It's surprisingly hard for a computer to differentiate, but humans find it easy. It's one of the few truly innovative things Microsoft has done:
http://research.microsoft.com/en-us/um/redmond/projects/asirra/
I am an ant! :P
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
The problem is that you can really only come up with a finite number of these, and once an attacker has a large enough sample of them (say, 10%), he can simply write a bit of code to 'solve' each one.
The thing about CAPTCHAs that makes them great is that you can randomly generate a huge bunch of them.
Anyway, the headline so completely misrepresents this research that it basically says the opposite of what the researchers are saying. The researchers, in fact, created an automated system to solve DCGs! Their contribution was a system that detects 'crowd-sourcing' attacks - attacks where shady companies pay volunteers pennies to solve CAPTCHAs by hand. The researchers said they are going to work on improved DCGs that can't be solved automatically, but nothing of the sort is being unveiled here.
A fool and his hard drive are soon parted.
I haven't read the article, but I do wonder... why about those with disability? Like poor vision, poor hand-eye coordination, etc.?
I fear that we will find out that it's not so different from the situation for securing trash from bears at Yosemite, where the overlap between the smartest bears and the dumbest tourists is considerable.
you sound like the helpless University Students that bug the staff and ask questions when the answer to those questions is right in front of them.
There...fixed that for you.
It's one of the few truly innovative things Microsoft has done:
You mean apart from revolutionising the work and home environment by bringing cheap and easy to learn/use computers to market?
Proving I'm human just subjects me to more ads I don't want to see.
Time is what keeps everything from happening all at once.
When he comes back, I'll hit him with a paradox.
...I'll threaten to shove its chips up its fanhole if it doesn't let me in.
Table-ized A.I.
Somehow CAPTCHA seems captchier.
Captcha solving services are dirt cheap and the majority of people running bots use them. I haven't filled a captcha in ages and now you can even do it for free with captcha exchange services like 9kw or captcha brotherhood where you get credits for each captcha you solve.
1) Bad eyesight is a real thing, like any disability, and you don't have to be old to suffer from it. Some people find captchas simply impossible to read, no matter how bright they are;
2) Captchas are merely evidence that techies are not smart enough to think of any way to solve a problem but by burdening the user. I suppose it goes with the territory that they'd also blame the user who doesn't like them. "It's your problem now and it's your fault if you don't like it!" - great pride in your work there, chump;
3) A homeowners' association is one of those things that contributes Community and ultimately Society, both of which which Reagan tried to pretend didn't exist. A generation or two later, and we have one dying empire and world laughing stock. Well played, idiots!
4) When you criticised voting, you lost entirely.
I'm in my early 30s, so I'm far from Baby Boomer, but I'm not an ignorant, ungrateful little shit either.
Yet another stupid trick to force active content down our throats: *NO!*
Anything that will be "trivial" for a human to solve(and it has to be, or else most people will hate it even more) can be solved by a computer within a short time span.
While I mostly agree with you, and have seen more than one CAPTCHA that I can't solve no matter how many times I refresh, I have to disagree with you on the homeowners' association. While I agree that community is a good thing, and am in favor of community leagues that actually focus on community issues instead of rules about paint colors and whether basketball goals are allowed, almost every homeowner's association I've seen has been a way for the couple of people with the time and desire for control to override individual's property rights. Two homes ago, we were not allowed to use anything besides standard white mini-blinds in our houses, and at my last place there were only two colors that shutters and doors were allowed to be painted, and my landlord (an individual homeowner, not a complex) had to strip and restain his deck because at some point after he originally stained it they decided the previously allowed colors were no longer allowed.
1) Audio captchas.
2) Techies? Do you know what website this is? If you're reading it, you probably should be in that peer group. If you aren't in that peer group, I understand your frustration with all the voodoo we do. People thought the idea of oral hygiene was pretty kuh-razy and inconvenient at first.
3) Homeowner's associations benefit some people in some communities. I don't care for such a homogenous and bland type of neighborhood, personally. See other responses to your post, they did it better.
4) I forgot what your fourth point was, but I'm done pooping now so I have to wrap this up.
Good luck!
Are you seriously going to expect someone with motor neurone disease (such as Stephen Hawking) to park a bloody boat in a dock? Sheesh! The man has much more important things to do than prove he's human.
Great. Another garbage waste of time that everyone is going to throw on their websites even though (a) it can be beaten with a mechanical Turk, (b) research will progress and computers will eventually be able to beat it more efficiently than people, (c) it isn't even useful to many sites not targeted for automated logins/posts/whatevers.
So you were at most 8 years old when Reagan left office... You sound like all those 20-somethings who were celebrating Thatcher's death, because all they really knew about her was that one of daddies friends lost their job while she was in power.
Yes, but is it accessible by disabled people, i.e., blind users that need screen readers..?
-Myke
..that the first truly successful AI will be developed by spammers and phishers to defeat this?
Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.
"For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location." This is worse than CAPTCHA
For things like this to defeat bots they have to rely on hard to invert functions, like rendering randomly warped things. Picking a few items from a lookup table is easily inverted by a bot.
Sure, but much of this is easy. If "parking ships", then make ships and other items with variable length. A selection of end pieces, a random number of mid pieces. Then take the finished image, apply some stretch, blur, recoloring and noise. The human will still distinguish ships, trains and sofas - I am not so sure about the bots.
at some point after he originally stained it they decided the previously allowed colors were no longer allowed.
Homeowners associations have very little actual power. I would have told the home owner's association to take a hike.
You can't make a law after the fact. If this is true there is no way this would have held up in court. I've heard rumors of
crazy homeowner's associations demanding crazy stuff but to actually enforce it is expensive as you have to take
them to court to enforce it and many times the court will still decide in the actual homeowner's favor.
you know what? fuck you, is what... .000001% of the abusers, its simply TSA useless security theatre on the inertnet tubes that annoys us all, and leaves us no 'safer'...
1. i'm not sure WHAT the intention of the idiotic captchas are, but it is inconveniencing 100% of us for
2. frankly, WHY am i made to feel "INHUMAN" because i CAN NOT read some blurred up distorted crap and many times have to cycle through 4-5-6 to get one that is readable... i COMPLETELY sympathize with the original poster who said they simply close the window... i do too, if it isn't something i actually want/need for some reason...
3. so, yeah, i too simply DUMP any site which is not critical to my use, when they show the idiotic captcha crap... there have been more than a few times when i contact some company (IF THEY ACTUALLY MAKE THAT POSSIBLE), and one of the first things i bitch about is the annoying captcha and the postage-stamp-sized 'email' dialog boxes they generously provide for us instead of a stupid fucking email address...
oh, and fuck you again, dingleberry...
1. i'm not sure WHAT the intention of the idiotic captchas are, but it is inconveniencing 100% of us for .000001% of the abusers, its simply TSA useless security theatre on the inertnet tubes that annoys us all, and leaves us no 'safer'...
Because even a very small percentage of abusers can have more impact than 100% of the legit users on some sites? Have you not seen some of the sites that don't implement such things and end up with dozens of spam posts for every legit post? Is that somehow less inconvenient, digging through many useless posts to just read comments, compared to something that has to only be done when posting? That sounds like an inconvenience to a larger number of people since there are more readers than posters, so I guess if we are supposed to inconvenience only the smaller group...
Visiting voting booths should not be an old people stereotype.
I can't remember where, but I've seen this in use this past week. When I saw it, first thing I thought was that this was one of those annoying ads disguised as a game that are out there. Still, once recognized for what it was, it was simple, much less a pain in the a$$ than the text based CAPCHAs.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
This is extremely useless to blind humans.
You, Sir, have clearly not seen the first ten minutes of the movie Idiocracy.
Unless implemented as an interactive live video stream, this is doomed to fail. A bot won't look at how the game looks, instead it'll look at the puzzle data the server sends to the code that renders the game client side. Once it sees {ship: [50, 50], distraction: [[40, 40], [20, 20], [60, 60]], background: "solution1.tiff"} or whatever, it'll just send the required response.
They can try to obfuscate it, but I really doubt it'll end up being harder to solve for a bot than current captchas.
1) Not everyone works from mom's sound-proof basement. (Also, while I'm okay with visual captchas , I find audio captchas almost impossible, even though I don't have any measured hearing problems. I assume they've not been subject to so much user testing vs. visual captchas, since they're only used as alternatives for specific circumstances, so the average brain isn't necessarily good at deciphering them);
2) I've developed web sites on and off since late 1995. When I come across a limitation in my skill or the collective ability of my profession, I don't blame the user. Captchas are a sign of our profession's lack of skill at solving a particular problem, and we should make the best effort to make them usable - usability complaints highlight /our/ need to do better, not the user's need to change;
3) Yeah, they acknowledged that some associations can be good, while some can behave ridiculously. But the edicts the latter issue are often unenforceable. On balance - and I've had more experience with similar schemes in Spain than in the US, the former nation being less individualistic and having "owner communities" creating funds for shared amenities from gardens to swimming pools - they've been of great benefit;
4) Well done on your quick transit!
Since when are insults "informative?"
I'm with the O.P. I can't make out a large percentage of captchas.
-- sudon't
Air-ride Equipped
Off topic, but, are you kidding? These homeowners associations are in the news all the time for the egregious stuff they perpetrate. Just one memorable example: They took the paid-for home of a soldier who missed some assessment because he was busy fighting in Iraq or Afghanistan. He only got it back when the media caught on to it, and his congressman stepped in. Do you really think that contract you signed isn't enforceable?
-- sudon't
Air-ride Equipped
The only news story I've ever seen was one in florida where an old person's neighborhood was attempting to evict someone
because they had a "no children" policy. The media was as usual making a big deal about it but the homeowner's association
had spent months trying to evict her. Yes, the contracts are enforceble and if you're in the wrong then you can be found guilty
in court but it's a long drawn out process for both sides. Where I'm from (middle of missouri), there are all kinds of crazy
clauses like how many bushes you are suppose to have but most people take them as suggestions instead of rules and you
can go through any neighborhood and see dozens of violations. Which by the way is how it plays out in court. If you can
show that the rule is selectively enforced (for instance your neighbor already has a fence) then the court will throw out the
rule.
Speed Bump
And how will even the best, most fool-proof Capcha protect you from a spam bot system that passes that game, or other capcha, to some people farm in a foreign country? Or just to visitors to some other website that gets high enough traffic for the spammers to post sufficient volume of spam?
This, by itself, cannot solve the issue.
The issue is not "Prove that there is a human there".
The issue is "Prove that you, right there, right now, are a human, and not being passed to someone else, elsewhere".