Slashdot Mirror

← Back to Stories (view on slashdot.org)

Research Unveils Improved Method To Let Computers Know You Are Human

Posted by Unknown on from the until-computers-improve dept.

An anonymous reader writes CAPTCHA services that require users to recognize and type in static distorted characters may be a method of the past, according to studies published by researchers at the University of Alabama at Birmingham. Researchers focused on a broad form of gamelike CAPTCHAs, called dynamic cognitive game, or DCG, CAPTCHAs, which challenge the user to perform a gamelike cognitive task interacting with a series of dynamic images. For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location. The puzzle is easy for the human user to solve, but may be difficult for a computer program to figure out. The game-like nature may make the process more engaging for the user compared to conventional text-based CAPTCHAs. There are a couple research papers available: "A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability" and "Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming."

53 of 91 comments (clear)

  1. Re:I... by Anonymous Coward · · Score: 2, Informative

    I generally just close the page whenever I see one of those awful text based captcha, where you have to squint at the screen to even be able to tell 10% of the time what is written on those awful blurry squiggles. Whatever you're selling, unless I can read it and type it easily/quickly, it ain't worth my time.

    you sound like the helpless baby boomers that bug the staff and ask questions when the answer to those questions is right in front of them. dont you have a homeowners association to run, a voting booth to visit, or a AARP magazine to read?

  2. How about a way to prove you're a human once by Anonymous Coward · · Score: 1

    And then never have to do it again?

    1. Re:How about a way to prove you're a human once by phantomfive · · Score: 1

      That's a good idea, I'd really like to see if this AC guy is human. Maybe there's a way for him/her to prove it.....

      --
      "First they came for the slanderers and i said nothing."
    2. Re:How about a way to prove you're a human once by oodaloop · · Score: 2

      Brilliant! Then the next time you log in, you just have to prove you're the same human from last time! Wow, that's so much easier!

      --
      Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  3. Humans are part of the problem by Anonymous Coward · · Score: 1

    Not hard for Indonesians paid pennies a day.

    1. Re:Humans are part of the problem by Tablizer · · Score: 1

      no, they are too busy writing Windows 8.2

      --
      Table-ized A.I.
  4. Exploiting semantic gap by schreiend · · Score: 1

    to solve a reverse Turing test. Totally new idea.

  5. Watch them get ignored by boondaburrah · · Score: 3, Interesting

    Man if these start showing up, They're going to look exactly like those "hit the target 3 times to win" flash-based advertisements. I'll probably glaze over them multiple times trying to submit a form before I notice that a 'completing the game' captcha is what's preventing me from leaving my incredible razor wit splattered all over someone's comments section.

    1. Re:Watch them get ignored by Anonymous Coward · · Score: 2, Interesting

      You you just wait. They'll start putting advertisements in the captchas.

      They'll soon figure out it's more profitable to make you find the $(NameBrand) ship and drag it from the $(NewProduct) port to the $(TownNearYou) port.

    2. Re:Watch them get ignored by Anonymous Coward · · Score: 2, Funny

      You you just wait. They'll start putting advertisements in the captchas.

      So that's why my last one said "be sure to drink your ovaltine."

    3. Re:Watch them get ignored by Renozuken · · Score: 1

      That's already a thing though, they make you watch an ad and some words pop up and that's the captcha.. it's awful.

    4. Re:Watch them get ignored by Wandering+Idiot · · Score: 1

      Apparently you don't use many free file download sites, sticking the CAPTCHAs or human-proving codes inside ads of various types has been a thing for a while now.

  6. Weak by Anonymous Coward · · Score: 1

    Looks like this is based on a fixed set of games and images. Just teach the bot all of them, and you are done. If this is self contained software I can install on my site, all the info you need to feed the bot is already packaged up in the source.

    For things like this to defeat bots they have to rely on hard to invert functions, like rendering randomly warped things. Picking a few items from a lookup table is easily inverted by a bot.

    Resisting replay attacks is cute, but it can't resist basic forwarding attacks (inherently impossible to prevent you from sending it to someone else to solve live: trivial proof, RDP exists.) and it is trivially solved by a bot. I see nothing useful here.

    1. Re:Weak by FyRE666 · · Score: 1

      Something that has to be interacted with, through a view controlled by Javascript will not be trivial for a bot to solve. I know the typical response to this is "well I don't enable Javascript!!!" but these voices are now a tiny minority of users, who doubtless have all sorts of problems using the web now. Disabling JS in a browser is like disabling Excel's ability to automatically perform calculations on cells.

      For deaf users, the choice could be from a number of sounds - maybe with filters added to prevent them being piped through an audio search engine.

      I think this idea will make it harder and less profitable to run spam bots, which is always a good thing.

      --
      Code, Hardware, stuff like that.
    2. Re:Weak by fisted · · Score: 1

      Yeah! Or why not use a string of numbers, render it in a warped way, apply some distortion and noise.
      The human will still distinguish the individual digits - I am not so sure about the bots.

      Oh, wait.

      --
      CLI paste? paste.pr0.tips!
  7. My only question: does it work at Google-scale? by Anubis+IV · · Score: 5, Interesting

    The nice thing about current text-based CAPTCHAs is that they can be applied to any website, whether large or small, and require very little input or tinkering from individual web administrators. The other nice thing about this is that they have an infinite number of possible variations, what with the different ways you can transform text.

    This new idea would work great for a small site that will never be a target of a directed attack, but we already have hundreds of different CAPTCHA variations that can be used for that sort of thing. I use a simpler but similar idea on one of my sites, where I have new registrants drag words into matching categories that I set up. I've had zero bot registrations since I set it up a few years back, and a number of comments from actual users that love the system.

    But if you apply something like what I use or this new idea to a site like Google, the folks trying to break in will inevitably code up algorithms to handle each of the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless. The only way to get infinite variation out of it is to start applying image transformation to the items being used so that they can't be as easily identified, and if you start doing that, you're right back where we are now.

    1. Re:My only question: does it work at Google-scale? by jxander · · Score: 1

      So, you're telling me that we can get the spammers to program better AI for us?

      --
      This signature is false.
    2. Re:My only question: does it work at Google-scale? by bill_mcgonigle · · Score: 1

      the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless.

      There might not be a benefit to that outcome, but a "good" CAPTCHA system does have a good outcome when it's broken.

      I was talking to the guy who started reCAPTCHA many years ago, and his idea was that the OCR work they were farming out was too tough for algorithms to beat. As long as bots could not do better than humans, reCAPTCHA would be offering a valuable service. As soon as the bots were as good as the humans, accurate OCR had been solved, and reCAPTCHA had made that happen, so it was also a win, and he'd have to come up with another CAPTCHA.

      I tend to shy away from helping Google StreetSpy on people, and use the audio CAPCHA when available now, but more people are doing the street number thing, which could still be used for good (if we trust Google). And if the bots solve that, maybe their algorithms could be applied to ambulance services, or whatever.

      I'm not sure that the TFA's proposals "solve two problems" the way that great engineering solutions universally do. But there are certainly worthy ones out there.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:My only question: does it work at Google-scale? by StripedCow · · Score: 2

      The problem with the current CAPTCHAs is that they are prone to a Mechanical Turk attack.
      This new type of CAPTCHA could in principle solve this issue.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    4. Re:My only question: does it work at Google-scale? by dcollins117 · · Score: 2

      The problem with the current CAPTCHAs is that they are prone to a Mechanical Turk attack.

      That's a problem with CAPCTHAs, not the only one. I've encountered several that I couldn't solve, even after trying several times, eventually leaving me no choice but to give up and go elsewhere.

      It's a problem when your human detector fails to detect humans.

    5. Re:My only question: does it work at Google-scale? by blane.bramble · · Score: 2

      It's a problem when your human detector fails to detect human

      Says the bot!

    6. Re:My only question: does it work at Google-scale? by wbr1 · · Score: 1

      Its not just working at google scale, its human-nets paid pennies by spammers to solve captchas. If it is machine-unsolvable this will happen as long as there are people poor enough to work at such menial tasks for low wages.

      --
      Silence is a state of mime.
    7. Re:My only question: does it work at Google-scale? by Anonymous Coward · · Score: 1

      So, you're telling me that we can get the spammers to program better AI for us?

      That will be their undoing. When the spammers create an AI good enough to solve any human-solvable captcha, then the AI is smart enough to tell spam from non-spam. So we'll use their AI as a forum moderator. Anyone can post, the spam will just not be seen.

      To help with this, lets make a captcha that ask the user "is this message spam?" With an ever-growing database of spam and nonspam. As soon as the spammers make an AI for that . . .

  8. I am not a human. by antdude · · Score: 1

    I am an ant! :P

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    1. Re:I am not a human. by necro81 · · Score: 1

      I am not a computer, but neither am I classified as human. I am a meat popsicle.

    2. Re:I am not a human. by antdude · · Score: 1

      I thought you're a Necro. :P

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  9. As with all other CAPTCHA 'alternatives', by Beck_Neard · · Score: 3, Informative

    The problem is that you can really only come up with a finite number of these, and once an attacker has a large enough sample of them (say, 10%), he can simply write a bit of code to 'solve' each one.

    The thing about CAPTCHAs that makes them great is that you can randomly generate a huge bunch of them.

    Anyway, the headline so completely misrepresents this research that it basically says the opposite of what the researchers are saying. The researchers, in fact, created an automated system to solve DCGs! Their contribution was a system that detects 'crowd-sourcing' attacks - attacks where shady companies pay volunteers pennies to solve CAPTCHAs by hand. The researchers said they are going to work on improved DCGs that can't be solved automatically, but nothing of the sort is being unveiled here.

    --
    A fool and his hard drive are soon parted.
    1. Re:As with all other CAPTCHA 'alternatives', by dns_server · · Score: 1

      Related to this is the idea someone proxying captcha.

      Instead of providing your own captcha solve google's captcha. When someone creates an on your site connect to google and try and create an account, you then forward the google captcha to the user.

    2. Re: As with all other CAPTCHA 'alternatives', by steven.db.clark · · Score: 1

      Then you can use all the google accounts as free, distributed storage space.

  10. Disability by Anonymous Coward · · Score: 1

    I haven't read the article, but I do wonder... why about those with disability? Like poor vision, poor hand-eye coordination, etc.?

  11. I'd rather they continue to think I'm a bot! by EzInKy · · Score: 5, Funny

    Proving I'm human just subjects me to more ads I don't want to see.

    --
    Time is what keeps everything from happening all at once.
  12. Solve this puzzle for him. by weilawei · · Score: 3, Funny

    When he comes back, I'll hit him with a paradox.

  13. Re: I get it by bombman · · Score: 1

    Im sure such a simple game could be done in html5 ...

  14. Re:I get it by Inconexo · · Score: 3, Insightful

    Those games may be "engaging" when you want to play a game. When I want to do something different in the Internet, I feel more like annoyed.

  15. I'll prove I'm human, alright: by Tablizer · · Score: 1

    ...I'll threaten to shove its chips up its fanhole if it doesn't let me in.

    --
    Table-ized A.I.
  16. Re:Not so good if you are blind by Rigodi · · Score: 1

    And mentaly disabled ones too...

  17. Re:Reminds me of ASIRRA from Microsoft by Anne+Thwacks · · Score: 2

    I think you will find that was Dell and Amstrad. Microsoft are the ones that made the appallingly inconsistent software that routinely leaks your data to criminals, and crashes with a BSOD.

    --
    Sent from my ASR33 using ASCII
  18. Re:I... by jgdnavy · · Score: 2

    While I mostly agree with you, and have seen more than one CAPTCHA that I can't solve no matter how many times I refresh, I have to disagree with you on the homeowners' association. While I agree that community is a good thing, and am in favor of community leagues that actually focus on community issues instead of rules about paint colors and whether basketball goals are allowed, almost every homeowner's association I've seen has been a way for the couple of people with the time and desire for control to override individual's property rights. Two homes ago, we were not allowed to use anything besides standard white mini-blinds in our houses, and at my last place there were only two colors that shutters and doors were allowed to be painted, and my landlord (an individual homeowner, not a complex) had to strip and restain his deck because at some point after he originally stained it they decided the previously allowed colors were no longer allowed.

  19. Re: I get it by AC-x · · Score: 1

    HTML5? You don't need HTML5 to animate a few divs moving around, hell it'd be easy enough to make something that works as far back as IE6.

  20. Re:Not so good if you are blind by Alain+Williams · · Score: 1

    More to the point the web site needs to comply with disability legislation. In the UK blind/partially-sighted people must, by law, be able to use the web site. This is one of the advantages of CSS - you can keep the site clean so that it works well with a screen reader. In theory a web site (owner) can be prosecuted for disciminating against people who have sight problems, in practice this does not happen very often.

    So: all the bot would need to do is to claim to be blind and so avoid the game playing CAPTCHA.

  21. Re:Not so good if you are blind by linuxgurugamer · · Score: 1

    There are many different types of disabilities. Some people can't watch a moving picture, but otherwise are still perfectly functional. Having friends who have some disabilities, it is very wrong to pidgin-hole someone, because while they may be disabled in one area, they may be genious in another. Look at Stephen Hawking, for example. One of the smartest people alive, and can't move anything. Any sort of moving captca will totally eliminate him.

  22. Is it accessible for disabled people? by xanadu113 · · Score: 1

    Yes, but is it accessible by disabled people, i.e., blind users that need screen readers..?

    --
    -Myke
  23. Won't it be ironic... by RealGene · · Score: 1

    ..that the first truly successful AI will be developed by spammers and phishers to defeat this?

    --
    Mission: To provide products that consume time and energy as entertainingly as permitted by the laws of thermodynamics.
  24. Worse than CAPTCHA by nrjperera · · Score: 1

    "For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location." This is worse than CAPTCHA

    1. Re:Worse than CAPTCHA by PPH · · Score: 1

      Not only that, but they are discriminating against Italians.

      --
      Have gnu, will travel.
  25. Re:I... by Wycliffe · · Score: 1

    at some point after he originally stained it they decided the previously allowed colors were no longer allowed.

    Homeowners associations have very little actual power. I would have told the home owner's association to take a hike.
    You can't make a law after the fact. If this is true there is no way this would have held up in court. I've heard rumors of
    crazy homeowner's associations demanding crazy stuff but to actually enforce it is expensive as you have to take
    them to court to enforce it and many times the court will still decide in the actual homeowner's favor.

  26. Re:I... by GenaTrius · · Score: 1

    Visiting voting booths should not be an old people stereotype.

  27. Already spotted in the wild - thought it was an ad by ReverendLoki · · Score: 1

    I can't remember where, but I've seen this in use this past week. When I saw it, first thing I thought was that this was one of those annoying ads disguised as a game that are out there. Still, once recognized for what it was, it was simple, much less a pain in the a$$ than the text based CAPCHAs.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
  28. Re:I... by sudon't · · Score: 1

    Since when are insults "informative?"

    I'm with the O.P. I can't make out a large percentage of captchas.

    --
    -- sudon't

    Air-ride Equipped

  29. Re:I... by sudon't · · Score: 1

    Off topic, but, are you kidding? These homeowners associations are in the news all the time for the egregious stuff they perpetrate. Just one memorable example: They took the paid-for home of a soldier who missed some assessment because he was busy fighting in Iraq or Afghanistan. He only got it back when the media caught on to it, and his congressman stepped in. Do you really think that contract you signed isn't enforceable?

    --
    -- sudon't

    Air-ride Equipped

  30. Re:I... by Wycliffe · · Score: 1

    The only news story I've ever seen was one in florida where an old person's neighborhood was attempting to evict someone
    because they had a "no children" policy. The media was as usual making a big deal about it but the homeowner's association
    had spent months trying to evict her. Yes, the contracts are enforceble and if you're in the wrong then you can be found guilty
    in court but it's a long drawn out process for both sides. Where I'm from (middle of missouri), there are all kinds of crazy
    clauses like how many bushes you are suppose to have but most people take them as suggestions instead of rules and you
    can go through any neighborhood and see dozens of violations. Which by the way is how it plays out in court. If you can
    show that the rule is selectively enforced (for instance your neighbor already has a fence) then the court will throw out the
    rule.

  31. Obligatory not-XKCD cartoon by rpstrong · · Score: 1

    Speed Bump

  32. Third party pass through by Keybounce · · Score: 1

    And how will even the best, most fool-proof Capcha protect you from a spam bot system that passes that game, or other capcha, to some people farm in a foreign country? Or just to visitors to some other website that gets high enough traffic for the spammers to post sufficient volume of spam?

    This, by itself, cannot solve the issue.

    The issue is not "Prove that there is a human there".

    The issue is "Prove that you, right there, right now, are a human, and not being passed to someone else, elsewhere".