Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

3D-Based CAPTCHAs Become a Reality

Soulskill posted more than 5 years ago | from the is-that-an-e-wait-i-think-it's-a-5-dangit-let-me-in dept.

Spam 192

mateuscb writes "A new way of creating a CAPTCHA using 3D objects has become a reality. The idea was thought up independently by blogger Taylor Hayward and by the folks at YUNiTi.com. 'Similar to Hayward's idea, this new technology relies on our ability to identify objects in 3D instead of using alphanumeric characters. YUNiti's 3D Captcha, however, has three objects in the challenge and extends the list of images to any object, not limiting it to animals as in Hayward's idea. This increases the challenge's level of complication to prevent computers from successfully making the correct guesses.' I, for one, welcome the thought of not having to read more and more complex CAPTCHA. Lately, I've been having a hard time getting CAPTCHA to work the first time."

cancel ×

192 comments

Sorry! There are no comments related to the filter you selected.

3D? Pfft. (2, Funny)

Anonymous Coward | more than 5 years ago | (#27366505)

I want 4D CAPTCHAs, so even humans can't figure them out. Think... Hypercube... the CAPTCHA.

Re:3D? Pfft. (1)

phantomfive (622387) | more than 5 years ago | (#27366671)

Here you go [artofgregmartin.com] . What's the matter? don't understand it? Pfft. Mere mortal.

Re:3D? Pfft. (3, Insightful)

Jurily (900488) | more than 5 years ago | (#27367095)

Pfft. Mere mortal.

Kinda defeats the purpose of a captcha if it looks like noise to a human, but is solvable by a computer.

Re:3D? Pfft. (1, Funny)

Anonymous Coward | more than 5 years ago | (#27367137)

Unless you're SkyNet

Re:3D? Pfft. (0)

Anonymous Coward | more than 5 years ago | (#27367211)

That looks like a google maps satellite view of the million man march at midnight.

Note: a few of them are smiling.

Re:3D? Pfft. (2, Funny)

fracai (796392) | more than 5 years ago | (#27366815)

So... you get access to the site, and then the CAPTCHA kills you?

4D? Pfft. (5, Funny)

artor3 (1344997) | more than 5 years ago | (#27366995)

If you wanna post on my site, you better be prepared to solve the 5D hyper-hyper-cube [gravitation3d.com] !

Re:4D? Pfft. (1)

cp.tar (871488) | more than 5 years ago | (#27367269)

Yeah, well, if you come to my site, you'll have to solve the Rubik version of your hypercube.
In 32-bit color.

First time? (5, Funny)

Tubal-Cain (1289912) | more than 5 years ago | (#27366523)

I've been having a hard time getting CAPTCHA to work the first time.

And the secondtime . And the third time. And the fourth. And the....

Re:First time? (1)

actionbastard (1206160) | more than 5 years ago | (#27366731)

"I've been having a hard time getting CAPTCHA to work the first time. And the second time . And the third time. And the fourth. And the....

Maybe he should try his luck on this [wikipedia.org] .

Re:First time? (4, Funny)

Idiomatick (976696) | more than 5 years ago | (#27366797)

You know what that means don't you? You are probably not actually human. The test was designed to weed out 'your' kind. I bet you couldn't even pass a simple Turing test against a 13 year old girl if you can't pass a Captcha. It really is sad when they learn the truth.

Re:First time? (5, Funny)

Tubal-Cain (1289912) | more than 5 years ago | (#27366829)

Do you wish that i cant pass a captcha it really is sad what they learn the truth?

Re:First time? (0)

Anonymous Coward | more than 5 years ago | (#27367291)

It depends on how nubile she is. A lot of them can prove how human they are.

Re:First time? (3, Funny)

neokushan (932374) | more than 5 years ago | (#27367025)

So what you're saying is, right, that all of this has happened before and all of this will happen again?

Re:First time? (5, Funny)

MacTO (1161105) | more than 5 years ago | (#27367161)

I've been having a hard time getting CAPTCHA to work the first time.

And the secondtime . And the third time. And the fourth. And the....

I was having trouble too, until I found this awesome piece of software that solves CAPTCHAs for me. It even automatically finds the CAPTCHA image and text entry field so that I don't even have to be bothered by it. ;)

Re:First time? (0)

Anonymous Coward | more than 5 years ago | (#27367617)

We need site based captchas. For example. to post here you should have to fix an opensource bug.

Rationality check (4, Insightful)

mongrol (200050) | more than 5 years ago | (#27366543)

Let's see now. If the spammers and robot makers went outside, done something worthwhile and produced something the world badly needs (food) then this nonsense wouldn't exist, I could surf in peace and the starving millions would live a little longer. The very existence of CAPTCHA's proves the human race is badly in need of a reset.

Re:Rationality check (1)

shentino (1139071) | more than 5 years ago | (#27366627)

Parent nailed it.

It's all the spammer's fault that we waste time on captchas.

Re:Rationality check (1)

Architect_sasyr (938685) | more than 5 years ago | (#27366673)

Or maybe it's our fault we make the spammers work harder to get around our filters! Bet you didn't think of that did you!

They'll send it off to porn sites or whatever and have people analyse it from there - can always get around them, it is just a question of resources.

Re:Rationality check (1)

gandhi_2 (1108023) | more than 5 years ago | (#27367475)

Actually, captchas will come in handy when the android apocalypse happens.

Re:Rationality check (5, Insightful)

MWoody (222806) | more than 5 years ago | (#27366775)

Such is the way of all intelligent life, though. If you build a maze for a mouse, the rodent may run its course a thousand times to reach the end and its reward. But never be fooled for a second: the mouse likes the cheese, not the maze. If he finds a way to climb over the walls and skip the test entirely, you should be neither surprised nor angry, as the failure is yours.

Re:Rationality check (4, Insightful)

Idiomatick (976696) | more than 5 years ago | (#27366827)

We should spend that effort spammers put out to get useful work done. Re-captcha is a perfect example. How about Google, want a new tagging system for images? It would make image search MUCH more usable. It could also be used to help AI/learning and object recognition. Just set up Captchas to do meaningful boring things that otherwise would not get done. I've no idea why this isn't more widespread.

Re:Rationality check (2, Funny)

Seto89 (986727) | more than 5 years ago | (#27367159)

Resetting the human race? That's ROBOT talk!!

Humans can defeat humans (4, Informative)

Lord Satri (609291) | more than 5 years ago | (#27366553)

Interesting, but in a previous /. discussion, I got convinced that there was no perfect captcha, since one can simply pay a group of underpaid workers (e.g. in poor country) to manually solve the captchas...

Re:Humans can defeat humans (5, Interesting)

bobetov (448774) | more than 5 years ago | (#27366575)

It's much worse than that. Put up a porn site. Use free content. Have a "Solve captcha to get free pics!" blocker.

Now, grab a captcha you want to break, show to pornaholics, get solution, pass it back to the original site.

Perfectly unbeatable captcha solving, for virtually free, and totally automated.

Feh.

Re:Humans can defeat humans (5, Funny)

MeanMF (631837) | more than 5 years ago | (#27366677)

Easy - just make the CAPTCHA so you have to simultaneously type something with both hands.

Re:Humans can defeat humans (1)

KatAngel (1454415) | more than 5 years ago | (#27366729)

Yes... that would make it easier for robots and harder for humans. Seriously, how many people do you know who can do two different things with both hands at the same time?

Re:Humans can defeat humans (2, Insightful)

Hognoxious (631665) | more than 5 years ago | (#27366825)

Seriously, how many people do you know who can do two different things with both hands at the same time?

Like steering and changing gear?

Re:Humans can defeat humans (1)

DMUTPeregrine (612791) | more than 5 years ago | (#27366839)

Given the drivers in Boston, four.

Re:Humans can defeat humans (1)

KatAngel (1454415) | more than 5 years ago | (#27367069)

Do you really know that many people who can do THAT well? Holding one hand still or moving it a vaguely circular motion while the other moves a stick isn't even remotely similar to typing one word with one hand and another with the other.

Re:Humans can defeat humans (1)

davolfman (1245316) | more than 5 years ago | (#27367457)

Do you remember how difficult that was the first few days?

Re:Humans can defeat humans (2, Insightful)

zrobotics (760688) | more than 5 years ago | (#27367603)

You know, it really wasn't using both hands at the same time that was the problem. At least for me, the real problem was coordinating the two feet at the same time. Unless we're driving a motorbike...

Re:Humans can defeat humans (2, Interesting)

CMKCot (1297039) | more than 5 years ago | (#27366961)

Easy - just make the CAPTCHA so you have to simultaneously type something with both hands.

I think that could actually be good idea. having not just to type but also to follow certain rules typing, like following a simple rhythm. Maybe typing something under an abstract set of rules, like "make me a triangle" answer could be any combination of keys that results in a triangle, like "sef" "gbh" "vym". Oh well, I'm sure someone thought about it already and found a flaw on it. PS: thinking possible CAPCHA schemes is a fun pass-time.

Re:Humans can defeat humans (1)

wfstanle (1188751) | more than 5 years ago | (#27367545)

I'll bet that robots could do that easier than most people. People don't multitask very well while robots seem to have no problems with it.

Wait do you mean that the ability to multitask would mean it is a robot and not a human?

Big problem! (0)

Anonymous Coward | more than 5 years ago | (#27367511)

Big problem! What about the people that lost the use of one hand? There is a small thing called the Americans with Disabilities Act which you would violate. As it is, many capchas violate that law.
I am aware of a class action lawsuit being formed right now on just this issue.

Re:Humans can defeat humans (0)

Anonymous Coward | more than 5 years ago | (#27366973)

So, captchas do work, but are being circumvented by "mechanical turk" mechanisms?

Re:Humans can defeat humans (0, Troll)

terbo (307578) | more than 5 years ago | (#27367053)

Wow, free pron sites, please explain this in the 1, 2, 3 vernacular that we are all familiar with.

Re:Humans can defeat humans (4, Interesting)

RyoShin (610051) | more than 5 years ago | (#27367121)

That's very true. The problem now isn't rendering CAPTCHAs useless, it's doing so by automated means.

As you said, anything that must be used by humans can be broken by humans. But you still wind up with logistics problems--having the money to pay these people (or, in the case of free porn, the bandwidth and content to keep them interested) and the fact that those people are still limited by their humanity. Even the fastest typist wouldn't be able to complete a form (CAPTCHA aside) as quick as a robot. And, if a robot can break a CAPTCHA, it can fill that out faster than a human, as well.

So the issue is preventing, or at least slowing down, robots, which can work 24/7 without a break. A variety of things have been done with normal CAPTCHAs to do this: colors, lines, running letters into each other, adding cats and dogs to letters (seriously). This step, once "perfected" and widely adopted, will be a huge leap in stopping these robots. Even if they can be trained to have a copy of the exact 3D models given (which are sure to increase in variety if not types), they still have to take a picture of it from every single angle, which I believe is 359^3 images, and then compare every single one (which is O(x^n) time, where x is the time for one image comparison).

It's an arm's race, though. Eventually some enterprising hacker will figure out a way for bots to "guesstimate" based on various aspects of an image, and once that solution is sold to the highest bidder we start the war all over again.

Re:Humans can defeat humans (1)

BikeHelmet (1437881) | more than 5 years ago | (#27367219)

Well, we better hope the captcha crackers don't use this technology [slashdot.org] to identify objects based on their 3D shape.

I suppose if only a flat 2D image is sent out, it'd be more difficult - but if a 3D model is sent out, which is rendered on the client side, then it's asking to get cracked.

Although... a smart AI could learn over time if someone were dedicated enough to teach it what every image represents, from multiple angles - but that'd take a long time.

They need to alternate the selected images a lot, so that the same IP never gets the same image captcha twice. (if possible)

That would make the process of educating a captcha-decryption-ai take far too long to be worthwhile, which means the fallback would indeed be third world country workers.

Re:Humans can defeat humans (1)

RyoShin (610051) | more than 5 years ago | (#27367363)

I doubt the entire 3D image is sent client side. There's no way outside of flash to structure it, and even if there was it would take way too long to render it.

As for AI learning, it doesn't need to; writing a proper AI and then teaching it would take far longer than just rending a 2D shot for every possible angle (hence my 365^3 figure) and then comparing, at least for this early sample of images. An AI would be the best way to go about the general and long-term case, but I doubt spammers have the resources to go that far. We've had some intelligent trojans, but they were also still far more basic than what I think would be required for this.

Stop, you're hurting my brain! (0)

Anonymous Coward | more than 5 years ago | (#27367385)

Even if they can be trained to have a copy of the exact 3D models given (which are sure to increase in variety if not types), they still have to take a picture of it from every single angle, which I believe is 359^3 images, and then compare every single one (which is O(x^n) time, where x is the time for one image comparison).

Which hat did you pull those formulas out of? Taking a picture from "every 3d angle" (not a meaningful phrase anyway) is on the order of 360^2, not 359^3. Comparing an image to every image in a list is O(x*n), not O(x^n). Most importantly, any computer scientist worth his salt would not use such a naive brute force method; he would try to reconstruct the 3d model directly from the image, guessing depths based on shadows and lighting, then match that model against known models.

Re:Humans can defeat humans (2, Interesting)

appleprophet (233330) | more than 5 years ago | (#27367523)

From the rReCAPTCHA FAQ

Are CAPTCHAs secure? I heard spammers are using porn sites to solve them: the CAPTCHAs are sent to a porn site, and the porn site users are asked to solve the CAPTCHA before being able to see a pornographic image.

CAPTCHAs offer great protection against abuse from automated programs. While it might be the case that some spammers have started using porn sites to attack CAPTCHAs (although there is no recorded evidence of this), the amount of damage this can inflict is tiny (so tiny that we haven't even seen this happen!). Whereas it is trivial to write a bot that abuses an unprotected site millions of times a day, redirecting CAPTCHAs to be solved by humans viewing pornography would only allow spammers to abuse systems a few thousand times per day. The economics of this attack just don't add up: every time a porn site shows a CAPTCHA before a porn image, they risk losing a customer to another site that doesn't do this.

Re:Humans can defeat humans (4, Insightful)

forkazoo (138186) | more than 5 years ago | (#27366701)

Interesting, but in a previous /. discussion, I got convinced that there was no perfect captcha, since one can simply pay a group of underpaid workers (e.g. in poor country) to manually solve the captchas...

If it requires actual workers, then it is a perfectly working CAPTCHA. "Completely Automated Public Turing test to tell Computers and Humans Apart." Don't think of it as a way to keep bad posts from your forum, because it isn't. It just tries to increase the likelihood that a human was involved in the process. If you want to limit abuse, getting a guarantee that a human was involved is only one small step in the process.

Re:Humans can defeat humans (1, Funny)

Anonymous Coward | more than 5 years ago | (#27366835)

I feel like guaranteeing that there was never a human involved would be a better way to prevent abuse.

Re:Humans can defeat humans (4, Insightful)

Goaway (82658) | more than 5 years ago | (#27367375)

If the spammers have to pay to spam, we've already won.

Hmmm, not bad (1)

corsec67 (627446) | more than 5 years ago | (#27366555)

You can easily generate new images by rotating the 3D model a bit, changing the lighting, colors, etc.

The Question and Answer images could be generated the same way. You have to constrain the camera a bit so it isn't "What kind of animal has this butt?", but other than that you have a very large space to grab from.

Still doesn't solve the "porn for captcha" hack, but this would tell humans and computers apart for a while.

Re:Hmmm, not bad (1)

Vectronic (1221470) | more than 5 years ago | (#27366791)

Yet, at the same time there is just as much, and probably more effort going into image analysis. How many universities are currently working on automated vehicles that have some sort of system for analyzing and identifying objects in it's path, or even simple worker-bots that can tell between a coffee cup and a stapler.

Once that's established, all it would take is a couple manual hours to put the images into a 'like' groups, that could be done with the porn-hack.

I still think a story-based system would work better, 3 second animation, then you can ask for one of many things:

What happens next? (open door, drive away, falls asleep, etc)
What color/size is _____? (building, clothing, objects)
What object is missing? (kitchen table from kitchen, etc)
What story is this from? (books, movies, TV, etc)
Where did it take place?
Did it happen in the past/future?
Was it non-fiction/fiction?

Etc etc etc... still doesn't solve the porn-hack work around, but consider there could be hundreds of right answers to the same animation, it would take much longer before it was totally broken, plus if it's in a 3D system, or even Flash, you can randomize things, colors, sizes, objects, settings, making thousands of answers for the same basic animation, while still being relatively simple for a human to understand, even if they don't speak the language or are very familiar with the culture, ships travel in water, but a computer probably wouldn't be able to tell water, from a blue baby blanket, or if the ship was a toy, or real, or if the baby is real, or human godzilla attacking ships at sea.

object recognition (2, Interesting)

saiha (665337) | more than 5 years ago | (#27366587)

I dunno, there has been quite a bit of research done with image/object recognition. You could break this by not matching pictures directly but by seeing that the first one is a bunny (so look for a bunny in the list), the second one is a hammer, etc...

Great! (1)

Lord Ender (156273) | more than 5 years ago | (#27366597)

We need something different. Personally, I can't comprehend 2D captchas. I think I might be an android, pre-programmed with false memories of childhood.

This 3D technology will finally help me solve this existential issue.

(BRB, gotta go recharge)

Obvious, not innovative (1)

StuartHankins (1020819) | more than 5 years ago | (#27366625)

Seems obvious to me. I can't believe people are making a big deal out of this, especially those who have ever worked with CAPTCHAs before.

What's next, an "innovation" because it plays a (readily recognizable to the target audience) music sample? Same idea you know.

And I bet blind people are driven baty with CAPTCHAS anyway, this just makes web pages even less accessible to them.

Re:Obvious, not innovative (0)

Anonymous Coward | more than 5 years ago | (#27366665)

looks like using different images on kittyauth

http://www.thepcspy.com/kittenauth

Re:Obvious, not innovative (0)

Anonymous Coward | more than 5 years ago | (#27366723)

if it's so obvious than why isn't *your* name on the fucking article?

i'm sick of dickheads around here acting like they know everything yet the truth is that they've never produced shit.

Re:Obvious, not innovative (2, Interesting)

jebrew (1101907) | more than 5 years ago | (#27366875)

How about animated text in a flash box that you have to read...surely it would be pretty hard for a bot to read 3-d rotating animated text right?

Would that be innovative?

This Is Great for Progress in AI (3, Insightful)

Louis Savain (65843) | more than 5 years ago | (#27366669)

CAPTCHAs are among the best motivators for progress in AI research since DARPA began throwing gobs of money around. The question is, what will happen to online forums and social/financial networks when machines become indistinguishable from humans?

Re:This Is Great for Progress in AI (3, Funny)

Anonymous Coward | more than 5 years ago | (#27366789)

They will be smart enough to wonder why they have to post ads for cheap mortgages.

Re:This Is Great for Progress in AI (0)

Anonymous Coward | more than 5 years ago | (#27366909)

One word: Sexbots.

That's whats going to happen when machines become indistinguishable from humans.

Re:This Is Great for Progress in AI (2, Insightful)

supernova_hq (1014429) | more than 5 years ago | (#27367529)

Why would you want a sexbot that gets a head-ache every night?

Re:This Is Great for Progress in AI (1)

sincewhen (640526) | more than 5 years ago | (#27367459)

Perhaps the machines will start leaving thoughtful and intelligent posts.

I never have had a problem with captcha (0)

Anonymous Coward | more than 5 years ago | (#27366721)

I never have had a problem with captcha except when trying to post on slashdot.

Re:I never have had a problem with captcha (2, Funny)

JackieBrown (987087) | more than 5 years ago | (#27367313)

It appears you overcame that obstacle

Re:I never have had a problem with captcha (1)

supernova_hq (1014429) | more than 5 years ago | (#27367539)

Unless he logged in and checked "post anonymous"

So, in the long run AI might improve through (1)

davidsyes (765062) | more than 5 years ago | (#27366755)

the use of thing-in-the-middle attacks that might be able to determine the images sent and whether a stream of returned text that named the image got yielded access to the content or the process the captcha was "protecting". Given enough monitoring of such traffic, i imagine it won't be long before computers (programmed by humans who WANT computers to think or interpret more like humans) can keep with humans and play chess using only relevant considerations of moves.

What might follow might be "Computers: The NEW Terrorists", where by laws meant to preserve the "domain" of humanity will promise certain death to humans who betray humanity to machines.

Or not...

Easy to defeat (3, Insightful)

grumbel (592662) | more than 5 years ago | (#27366767)

As is, this seems relatively easy to defeat and well within reach of available technology. The number of 3D models is rather low and they have a very clear silhouette and also a very distinct one for each models. So all one has to do is to search for the best matching silhouette.

The good thing however is that 3d models have enough flexibility so that one could conquer many attacks, adding background images and texture would make it much more difficult to get a clear silhouette and one could of course easily introduce many more models into the mix.

Re:Easy to defeat (3, Interesting)

Hognoxious (631665) | more than 5 years ago | (#27366851)

The number of 3D models is rather low and they have a very clear silhouette and also a very distinct one for each models.

They were all pretty easy except for the toilet. I assume it's the lower left one in the grid, but I had to work it out by elimination.

Re:Easy to defeat (1)

Zadaz (950521) | more than 5 years ago | (#27367577)

Why would I go through that much effort? Why not just choose one of the nine possibilities randomly? Sure I'd only get it right 11% of the time, but it wouldn't take any skill or computational power.

Any CAPTCHA that lets you pick one of a selection is useless.

Perhaps if they had a little applet that asked you to rotate a 3d model to a matching orientation they'd be on to something, but I don't know how strong most people's 3d reasoning skills are.

Re:Easy to defeat (2, Insightful)

cliffjumper222 (229876) | more than 5 years ago | (#27367597)

Actually no. The objects are rotated and at different perspectives, so it's not the same silhouette at all. Also, they throw in a tricky one every so often, like they show you a helicopter but there is only a plane to chose from, i.e. it's a flying object. It might catch some dumb people, but most humans will have a go at a logically similar picture.
Also, to those posters who say CAPTCHA's can be overcome by porn site watching humans, well yeah, but a CAPTCHA is by definition a test to tell humans and computers apart (look up the acronym), so if the only way to defeat it is to use humans, then it's still a successful CAPTCHA, even if it is not a successful gatekeeper to a site.

Instructions (1)

Tubal-Cain (1289912) | more than 5 years ago | (#27366781)

I wish CAPTCHAs came with more detailed directions. Specifically, is the system case sensitive? Are the tall ovals without a line running through them (or a dot) a zero or an O? Are capital I s visually distinct from lowercase L s?

Re:Instructions (1)

bluesatin (1350681) | more than 5 years ago | (#27366881)

Unless I'm missing something, since when did clicking on a box have a case to be sensitive with?

Re:Instructions (1)

Tubal-Cain (1289912) | more than 5 years ago | (#27367167)

I speak of 2D text CAPTCHAs.

"It's a sailboat" (1)

hack slash (1064002) | more than 5 years ago | (#27366807)

How long before someone creates an autostereogram captcha?

Re:"It's a sailboat" (1)

Tubal-Cain (1289912) | more than 5 years ago | (#27366871)

Oh please no. Not everyone can see those things.

Re:"It's a sailboat" (1)

Idiomatick (976696) | more than 5 years ago | (#27366907)

Easily broken by computer and people can't all do them. If you wan't a robot only site though.... That'd be a cool concept have a captcha SO hard that only bots and hackers will get in. Exclusive nerd website!

Re:"It's a sailboat" (1)

hack slash (1064002) | more than 5 years ago | (#27367019)

Can you point to an example of a computer 'undoing' an autostereogram image? That's something I'd like to see, how well it reconstructs the original base image.

Back when they were all the rage I wrote a program on my Amiga to create them, took bloody ages to work out how to do it, finally figured out that the pattern is contracted/expanded depending on the brightness of the base image and that the contraction/expansion of the pattern is accumulative.

Re:"It's a sailboat" (0)

Anonymous Coward | more than 5 years ago | (#27367031)

What about those optical illusions where the wheel looks like it's spinning or what not.

Like these: http://www.professionalfreeloader.com/bored.htm

Re:"It's a sailboat" (1)

Blakey Rat (99501) | more than 5 years ago | (#27367623)

They can create one if they want, but I can't see those. I'm sure I'm not the only one.

On the other hand, any site that's so poorly thought-out that it wants to use one of those, I'd probably never want to visit anyway.

An Alternative (3, Insightful)

Nom du Keyboard (633989) | more than 5 years ago | (#27366889)

Or as an alternative, we could actually track down the people who continue to make the Internet a swamp, beat them within an inch of their lives, let them spend a hot humid summer in full body traction, and maybe not only wouldn't they do it again but others might not either.

And put it on YouTube afterwards.

I need to slow down when reading the summary (1)

Minwee (522556) | more than 5 years ago | (#27366919)

For a moment I thought that credit was being given to Howard Tayler [schlockmercenary.com] , not Taylor Heyward.

He'll just have to settle for being known as the inventor of the Ominous Hum.

Simple idea for a captcha... (1)

rrossman2 (844318) | more than 5 years ago | (#27366925)

Instead of making the text near impossible for people to read, or a 3d select a box deal, why can't they use a universally embeddable video format to play a short clip and underneath a question you have to answer? Or even easier, an animated .GIF picture that again has a question you must answer to something about the animated .GIF image?

It may still be easy for them to decode the GIF and figure it out, but it's at least harder to do than a simple text picture.

The only other option I see is send the captcha encrypted, and use a javascript or some other client side script that decodes the captcha and displays it. Maybe use the IP or some other "semi-random" number to encode the random captcha so it's harder to figure out exactly what the captcha is?

A few common CAPTCHA fallacies (5, Insightful)

QuoteMstr (55051) | more than 5 years ago | (#27367203)

Everyone has a great idea for a CAPTCHA, but very few people know what the hell is really going on. Remember that the machine doesn't need to solve the CAPTCHA every time, that machines are infinitely patient and have huge memories, and that another machine needs to make sure the human gave the right answer!

Ideas that won't work:

  1. Make clients identify an object from a picture. Machines can't describe objects in pictures: if machines can't describe the picture, how the hell is the CAPTCHA server supposed to verify that the client gave the correct answer? If a human being manually inputs the pictures and acceptable descriptions for each, then another human can program his attacking machine to do the same thing! Having a large, but finite set of pictures doesn't help either since a machine doesn't need to solve the CAPTCHA every time. It can just learn the correct responses without actually understanding the image. ANY APPROACH BASED ON IDENTIFYING A MEMBER OF A FINITE SET DOES NOT WORK AS A CAPTCHA.
  2. As a special case of #2, QUIZZES DO NOT WORK: either the questions are finite and subject to attacker memorization, or the number of patterns for the question is finite, and these patterns can be detected by a machine. (Consider "A train is coming from Denver at X miles per hour..." --- same problem, different coefficients)
  3. Send the client a special program that verifies he's real: if it doesn't work for DRM, it won't work for CAPTCHAs. An attacker can just program his machine to simulate slow typing, slow thinking, or a cross-eyed human being. YOU CANNOT CONTROL THE EXECUTION ENVIRONMENT. No amount of Javascript obfuscation, encryption, or header-checking will make the slightest bit of difference for a determined hacker.
  4. As a special case of #3, TIMING ANALYSIS DOES NOT WORK. Machines can simulate arbitrary delays.
  5. Limiting CAPTCHA-solving attempts by cookie/IP address/etc.: that doesn't work. Attackers don't obey web standards, and have botnets

Really, it's very easy to think you've come up with a very clever CAPTCHA. When you think that, all you've done is stoked your ego and screwed yourself over. It's the same reason why we don't roll our own cryptography: CAPTCHA-making is a very hard problem, mainly because your problem space must be infinite (to avoid an attacking machine simply memorizing answers), the answers verifiable by a machine, but the problems not solvable by a machine.

How many questions can be checked by machines but not answered by them?

Not many; fewer every day. There are no questions that can't be answered by a computer (and which can be answered by a human mind). The Church-Turing thesis [wikipedia.org] has some validity: the human mind is no more powerful than a turing machine, and ultimately, computers and our brains are equivalently computationally. There's nothing a computer can't solve: there are just things we haven't figured out yet.

More notes (2, Insightful)

QuoteMstr (55051) | more than 5 years ago | (#27367247)

Oh, and there are problems computers can't (easily) solve, but can verify [wikipedia.org] . The problem is that human brains can't solve these problems either!

Before someone jumps in with "humans can solve the halting problem!" -- we really can't. There are problems that obviously halt, and programs that obviously don't. We can tell these apart, but so can computers. It's the complicated, borderline cases that trip up both people and computers.

Furthermore, there are important caveats to the halting problem: first, you can tell whether a program halts in a given time. You just run it and see whether it halts! Human beings do this all the time when debugging hanging programs. We use a good heuristic that says "if a program doesn't quit after a good long while, it probably won't quit at all." (And that holds in most cases.)

Second, the halting problem can be solved, via brute force if necessary, for a restricted-memory machine. Make the available memory size small enough and you can actually perform useful validation. The proof of the halting problems' unsolvability applies only to unrestricted turing machines.

A true turing machine has never been built, and can't exist in our universe. Every computer is a limited-memory approximation.

Image size is a problem (2, Interesting)

basementman (1475159) | more than 5 years ago | (#27366929)

The problem with 3d images, and complex non text CAPTCHAs in general is image size. You need to have enough different images so that the computer can't just brute force it, and those images need to be big enough so the user can actually see it. by the time you fulfil these obligations the CAPTCHA is taking up a good 3/4 of a page.

Hindrance by Javascript (1)

RyoShin (610051) | more than 5 years ago | (#27367043)

This seems to fall into the same pit that normal CAPTCHAs have: the Blind. But, it will likely be dealt with in the same way.

The big problem with the current implementation is that it relies on Javascript, which has a whole host of problems from cross-browser compatibility to having Javascript enabled at all.

I imagine this won't be a problem for long, though. At worst, you basically put up all the arrays at once and stick them with radioboxes. The problem is that this becomes extremely cluttered and likely confusing. A simpler route, but one that would be easier for bots to break, is to just have the user check a box by each of the three items shown. This is easier because the bot can just do random selections and get about 10% through.

If this could be paired with words, then you can break it down to three easy drop-down boxes to name the items in order, but then you have to worry about having unique enough words that they don't get messed up. (For instance, consider a dinner knife: it could be a knife, a blade, or a utensil.)

Re:Hindrance by Javascript (1)

DanielLC (1346013) | more than 5 years ago | (#27367323)

A simpler route, but one that would be easier for bots to break, is to just have the user check a box by each of the three items shown. This is easier because the bot can just do random selections and get about 10% through.

As is, random guessing would be right about 0.14% of the time. If you made that change, it would be about 1.2% Of course, they could always add another picture and make the arrays slightly larger.

CAPTCHAs, the future (1)

Mostly a lurker (634878) | more than 5 years ago | (#27367059)

Lately, I've been having a hard time getting CAPTCHA to work the first time.

The time is fast approaching when CAPTCHAs will be too difficult for entry by humans. The only logical solution is to start an open source project to create a program that will enter the required data for you. Without this, we are looking at a time when humans will be unable to access their email or post on a message board, and only spam bots will be left. (Come to think of it, given what I see in most of my email and most posts on message boards, are most humans already locked out?)

Re:CAPTCHAs, the future (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27367133)

please just shut the fuck up.

First Cylon... (3, Funny)

im_thatoneguy (819432) | more than 5 years ago | (#27367163)

It's becoming more evident every day that the first cylon will be a Captcha solver.

It won't be too long before Captchas will be little reading comprehension tests like on a 3rd grade social studies test.

After that we'll just have to revert to empathic testing. Sadly those with Autistic Spectrum Disorders will no longer be able to use webmail.

Re:First Cylon... (1)

hack slash (1064002) | more than 5 years ago | (#27367249)

After that we'll just have to revert to empathic testing.

The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over but it can't. Not without your help. But you're not helping.

Practically cracked already (1)

Dachannien (617929) | more than 5 years ago | (#27367243)

Sadly - or perhaps fortunately, depending on how you plan to apply the technology - classification of 3d objects against a known library of objects is a mostly solved problem. There are a few ways to go about doing it, such as neural networks, boosting classifiers, or support vector machines, but you essentially train a set of classifiers against a bunch of known images of the 3d objects from different perspectives, and thereafter, it tells you what class of images best represents the image that you query it with.

The hard part here is training the classifiers. The training methods require you to know ahead of time what classes your training sets are supposed to be categorized in, which means that every time somebody adds a 3d object into their captcha, you would have to get enough sample images to train your classifier.

One could also potentially use several training images to reconstruct the 3d object, and then search over the possible rotations to see which one the query image matches.

Personally, I think the regular photographic captchas (i.e., "click on the Siamese cat") are a better idea.

Re:Practically cracked already (2, Informative)

QuoteMstr (55051) | more than 5 years ago | (#27367283)

every time somebody adds a 3d object into their captcha, you would have to get enough sample images to train your classifier.

It's worse than that, actually. Remember, a machine doesn't need to pass the captcha every time. You only need to worry about re-training your image recognizer when the success rate falls below a useful level, and even very low levels of CAPTCHA success are useful for spammers.

Personally, I think the regular photographic captchas (i.e., "click on the Siamese cat") are a better idea.

Won't work. Where will you get your pictures of Siamese Cats? If you take them yourself, you'll only have a few. Spammers will simply train their bots to recognize these cats.

If you have lots of pictures of cat and non-cat objects, the attacker has two strategies: either he can get the same database you did (which you didn't make, because making a large enough database would be cost-prohibitive), or failing that, he just trains his image recognized to pick out characteristics of Siamese cats the same way a human brain would.

You know enough that recognizing 3D shapes is a solved problem; doesn't it seem clear that recognizing textures would be just as tractable?

And I imagine you could create tough cases, but these cases will also trip up human beings.

Re:Practically cracked already (1)

Goaway (82658) | more than 5 years ago | (#27367419)

Personally, I think the regular photographic captchas (i.e., "click on the Siamese cat") are a better idea.

If your first language is not English, you might not know what a "Siamese cat" is. And a computer can just take a guess at random and keep guessing until it gets it right.

Most of these idea fail for those two reasons: cultural dependencies, or far too small answer space.

Solved Problem (1)

bob.appleyard (1030756) | more than 5 years ago | (#27367253)

Isn't this (i.e. classifying 3d objects under rotation, distortion etc) already basically solved? It's the sort of thing you assign people MSc projects to do...

Not gonna work (1)

Snaller (147050) | more than 5 years ago | (#27367271)

Because a computer doesn't mind trying thousands of times, even hundred of thousands of times until it hits a combination that works.

Yeah, but if it slows your computer down... (1)

NotQuiteReal (608241) | more than 5 years ago | (#27367465)

just add a pop-up, for your Grandma's pwned PC:

[pop-up dialog] - Want to speed up your computer? Click HERE and answer a few quick questions to optimize your computer!

Granny picks a few matches and goes along her merry way.

Identify the object... (1)

thefekete (1080115) | more than 5 years ago | (#27367303)

It's a Jackal!!!

My Monitor (1)

networkzombie (921324) | more than 5 years ago | (#27367311)

I don't understand. Aren't these 2D representations of 3D images? I may be ignorant and you could explain until you're blue, but I'm pretty certain that my monitor is incapable of displaying any 3 dimensional objects. You can't fool me; those are 2D images with some shading thrown in. The next image of the plane is the same image at a different angle with different shading. If I convert these images to 2 bit to remove the shading then spin them around, they will look very similar. I convert crap like this to 2 bit all the time to OCR it. Will this fool the Russians spreading malware? Enlighten me.

It's already broken... (1)

jberryman (1175517) | more than 5 years ago | (#27367367)

because a bot already has a one-in-nine success rate by selecting a model randomly. *facepalm*

slow way to create real AI ... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27367417)

Pose increasingly difficult problems as captchas and wait for someone to create a program that solves it.

Porn and necessity are the parents of invention.

It would be nice if voters had to pass a CAPTCHA (1)

NotQuiteReal (608241) | more than 5 years ago | (#27367435)

No really, make sure a real human is voting, and all that.

Impossible triangle (1)

'The '.$L3mm1ng (584224) | more than 5 years ago | (#27367445)

I'd like to see a bot that tries to recognize the 3D shapes and crashes (or loops infinitely) if you feed it an impossible triangle [google.com] . :)

3D recognition is a solveable problem. (2, Informative)

Animats (122034) | more than 5 years ago | (#27367579)

3D recognition is a solveable problem. As someone else mentioned, there are machine learning techniques that work. Recognizing a 3D object from multiple angles is a very old AI problem, one that DoD-funded work was addressing as early as the 1960s. It's easier than 3D reconstruction from multiple 2D images, which is a commercially available technology.

I think we're reaching the end of the line on CAPCHAs. There's now overlap between the smarter vision programs and the dumber users.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>