×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Video Captchas are Hard for Computers to Understand but Easy for Humans (Video)

Roblimo posted more than 2 years ago | from the who-do-you-think-you-are dept.

Security 128

A new company called NuCaptcha provides animated video captchas it says are much harder for OCR-based programs to crack than static captchas, but lots easier for humans to figure out. While at the 2012 RSA conference, Timothy Lord pointed his camcorder at NuCaptcha CTO Christopher Bailey, and had him explain how video captchas work and how the company makes money. The video includes demos of the video captchas so you can see what they look like (and the company's website has lots more video captcha examples).

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

128 comments

Love it! (0, Interesting)

Anonymous Coward | more than 2 years ago | (#39246805)

And making the captcha video longer will make the "pay some 3'rd world guy 1c to do 1000 of these" a little less feasible!

Re:Love it! (3, Informative)

durrr (1316311) | more than 2 years ago | (#39246843)

People will instead let their computer do the job. There was a story about autmatically breaking video captchas here on slashdot a week ago or so.

Re:Love it! (0)

Anonymous Coward | more than 2 years ago | (#39246991)

So Durr any captcha technology are doomed to fail no matter what. Tell them to stop the researches and stop wasting time and money now!
May the only captcha technique that would work is guessing the user thoughts.

TIMOTHY LORD - DOES HE DO ANAL? (-1)

Anonymous Coward | more than 2 years ago | (#39247085)

Now that I have your attention, what's with these posts by "Roblimo" where he always refers to timothy as "Timothy Lord" and includes a video of him? Who is Roblimo? Is Timothy Lord the new gay Traci Lords, and if so, does he do anal?

Re:TIMOTHY LORD - DOES HE DO ANAL? (-1)

Anonymous Coward | more than 2 years ago | (#39247741)

TO ANSWER YOUR QUESTIONS.
no comment
i dont know
yes
yes

Hope this helps ;)
-timothy

Re:Love it! (0, Flamebait)

durrr (1316311) | more than 2 years ago | (#39247093)

My point was that this is a marketing article, claims of new supercaptches to be supersafe wheras they in fact perform no better or even worse than traditional captchas.

Re:Love it! (4, Insightful)

Joce640k (829181) | more than 2 years ago | (#39247319)

I dunno.... to me they seemed a LOT easier to read then a lot of recent image captchas (which are becoming impossible for humans).

If security is equal then that makes them worthwhile.

Re:Love it! (1)

Anonymous Coward | more than 2 years ago | (#39247509)

I hate the new captchas that are out there. I typically get them wrong. They usually have some noise that covers or is the same color as a key part of the character/number, so it could be 3-4 different letters.

Some time in the last year, I had a captcha so bad that not only did I have to spam the refresh button for a different one several times, but even when I cherry picked "easier" ones, it still took me ~6 attempts to get one right. Of course it has to clear the password field every attempt, so I had to re-enter my 14 char password each time.

Re:Love it! (5, Funny)

Anonymous Coward | more than 2 years ago | (#39247583)

Sigh, we've been over this. You're not really a person. We just programmed you to think you were. Now get back to factoring. Those bit coins aren't going to mine themselves.

Re:Love it! (4, Funny)

PIBM (588930) | more than 2 years ago | (#39248613)

Actually, if you get the captcha wrong, I would let you in. I'll block all the correct answers, as they are bots anyway.

Re:Love it! (3, Insightful)

Lumpy (12016) | more than 2 years ago | (#39247603)

I find traditional captchas to be worthless. in fact most people will avoid them and they are universally hated.
I have several company forums that have no problems at all with spam. WE only care about US and Canada customers so we /dev/null everything outside it at the firewall and require a real login. works fantastic.

Re:Love it! (1)

Anonymous Coward | more than 2 years ago | (#39248499)

I personally find captchas to be less than worthless. The recent ones can't even be solved by humans. I recently signed up for a couple of accounts at places that required capcha and I had to request new ones over and over and they were still impossible to get right in one try. I'm sure a computer could have done at least as well as I did on them. It's past time we changed to some sort of puzzle instead of "get out a magnifying glass, turn your head sideways and squint funny to read this" type. Some of those "which of these items does not belong" type puzzles should do fine. Or possibly the "find 2 differences between these two pictures" type of puzzle.

Re:Love it! (2)

jythie (914043) | more than 2 years ago | (#39249691)

Not sure why this was modded flamebait, it is the core of the problem with captcha and why they have been getting progressively more obnoxious over the years. It takes little time for the bot writers to figure out how to get past them, but the annoyance to humans just keeps ramping up. It is an arms race between marketers and programmers, with users figuring out how much collateral difficulty they can accept.

There are some sites I am actually starting to wonder if we have actually passed a certain threshold.. they tend to be tech/hacker centric and for the life of me I can not get their captchsa most of the time. I usually have to cycle them several times and still get multiple failures. I suspect many members of the board simply have a program that solves the capacha for them....

Re:Love it! (1)

HarrySquatter (1698416) | more than 2 years ago | (#39247205)

Yes, we should all stop giving these snake oil salesmen money. If you honestly think captchas have been anything but a minor annoyance at best to spammers then you truly are gullible.

Re:Love it! (5, Informative)

Serpents (1831432) | more than 2 years ago | (#39247357)

Yep, the video captchas by NuCaptcha have already been decoded with 90% efficiency [slashdot.org]. I know it's too much to ask but I think we'd all really appreciate you checking if you hadn't posted something thoroughly discrediting some technology before you post something praising it...

Re:Love it! (1)

skids (119237) | more than 2 years ago | (#39247497)

Maybe what we need is captchas that are easy for computers to understand, but impossible for humans. Then anyone who actually tries to log into the site and isn't. like, "screw this" can be positively identified as a bot. Oh wait.

General AI! (1)

Giant Electronic Bra (1229876) | more than 2 years ago | (#39248283)

See, this is how we'll eventually achieve general purpose AI. People will just keep making more and more elaborate bot checks and AI will just get better and better at fooling them until its able to do anything a human can do, lol.

Re:Love it! (0)

Anonymous Coward | more than 2 years ago | (#39247059)

Well, the problem is that if they make it so long that it's not worth paying some guy in the 3rd world, then they've probably made it long enough that it's not worth it for a real user. Do you really want to sit and watch a 5 minute video every time you want to post on some stupid blog? Or would you just not post?

First! (-1, Troll)

Anonymous Coward | more than 2 years ago | (#39246827)

(if i hadn't failed the CAPTCHA)

what is this bullshit slashvertisement? (-1)

Anonymous Coward | more than 2 years ago | (#39246829)

And why can't a second generation captcha solver tackle the video by taking a few snapshots, working out the solution for each, and submitting the answer most often found?

Re:what is this bullshit slashvertisement? (4, Informative)

A nonymous Coward (7548) | more than 2 years ago | (#39246879)

Just what I was thinking. There's extra effort required to turn the video into separate frames, and each frame has to be decoded on its own, but as soon as you've got the same result from 2-3 frames, there's your answer. Heck, try the first and last and one or two in the middle, see if they agree. I'd think it would give you a more certain result for the extra effort.

It's extra pain for the end user too, with extra bandwidth required to transmit it. With cell phones having data caps, that's not helpful.

Re:what is this bullshit slashvertisement? (3, Informative)

AdrianKemp (1988748) | more than 2 years ago | (#39247155)

Exactly what I was going to comment; more frames = more chance for error checking.

I could believe that it takes more cpu power to crack them, since you have to decode the video stream instead of just an image. But harder to crack (as in less accuracy) is pure bullshit.

More frames = easier to be accurate, always has and always will.

Re:what is this bullshit slashvertisement? (1)

Tanuki64 (989726) | more than 2 years ago | (#39247997)

Exactly what I was going to comment; more frames = more chance for error checking.

Yes, was my thought, too, when I saw the examples. But I don't think it has to be that way. What if when no single frame contains the whole information? Several dot clouds in each frame, which only make sense in their completes over several frames? Or something like that. I think it might be possible to improve the video captchas without sacrificing too much of their better readability for humans.

Re:what is this bullshit slashvertisement? (2)

justforgetme (1814588) | more than 2 years ago | (#39248427)

Not only this, You positively can keep the calculated data from one frame and do a differential calculation on the next/prev frame to gain even more data about your objects.

The only captchas that are truly difficult for machines to crack are the ones that require logic deduction:
like "type the last word of this sentence."

Re:what is this bullshit slashvertisement? (1)

foksoft (848194) | more than 2 years ago | (#39249547)

I am wondering why they didn't just put only part of the captcha in each frame, so it would appear as solid text for humans when being replayed but it will appear totally different when you will look on separate frames. It might be just F in the first frame and underscore on second frame. This repeated will appear to humans as nice E. Yes, robots will adapt to it eventually. But it might take some time.

Re:what is this bullshit slashvertisement? (1)

Anonymous Coward | more than 2 years ago | (#39246913)

hint: <marquee>BUY COCA COLA XYZZY BUY COCA COLA</marquee>

It's not a captcha product, it's an ad delivery vehicle.

Re:what is this bullshit slashvertisement? (2)

Ihmhi (1206036) | more than 2 years ago | (#39249555)

hint: <marquee>BUY COCA COLA XYZZY BUY COCA COLA</marquee>

It's not a captcha product, it's an ad delivery vehicle.

Jesus Christ, don't give Google ideas! They own reCAPTCHA, you know!

Pretty soon we'll be seeing two word advertisements! Then a bunch of morons on twitter will call it "duxvertisements" or something equally retarded and we'll never hear the end of it! AAAAAAAAGHHHHHHH!

Wait, what?! (5, Informative)

Anonymous Coward | more than 2 years ago | (#39246831)

I just read the opposite here:
http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/

Re:Wait, what?! (1)

Gaygirlie (1657131) | more than 2 years ago | (#39247511)

Without reading that (I just watched the video) wouldn't it be rather simple for an application to just go over it frame-by-frame, guess the characters, average the results, and try the ones with the highest score? The longer the video the better.

Re:Wait, what?! (2)

justforgetme (1814588) | more than 2 years ago | (#39248507)

well, in OCR one of the first steps is to identify the objects that are characters in the image (calculate bounding boxes for each char)
so the process can be even simplified, you don't need to run the algo on every frame you just do boundary recognition on some
continuous frames, gathering character edge data for the - slightly offset per frame - chars and at the end you evaluate just the edge
data.

Seriously? (5, Informative)

Anonymous Coward | more than 2 years ago | (#39246833)

Does nobody remember the front page article from only a few weeks ago detailing how these have already been cracked?
http://tech.slashdot.org/story/12/02/20/1746242/researchers-break-video-captchas

Re:Seriously? (0, Funny)

Anonymous Coward | more than 2 years ago | (#39246885)

Everybody remembers. Everyone except Timmy. How about a CraptasticVideoFromTimmy tag?

Re:Seriously? (-1, Flamebait)

HarrySquatter (1698416) | more than 2 years ago | (#39247101)

It's not that Timothy really doesn't know that, the issue is that he has selective memory loss due to the Slashvertisement money.

Re:Seriously? (0)

Anonymous Coward | more than 2 years ago | (#39247203)

It's mentioned in the video...

Transcript: because it would have saved comments! (5, Informative)

QuasiSteve (2042606) | more than 2 years ago | (#39248221)

Title: NuCaptcha makes video captches
Description: Video captchas are hard for machines to decipher, but easy for humans

[00:00] <TITLE>
The Slashdot logo with "news for News. Stuff that matters" scrolls into view over a picture of Timothy Lord.

[00:00]
Timothy> I talked to a Vancouver-base company called NuCaptcha.

[00:04] <TITLE>
NuCaptcha at RSA 2012
Interviewer: Timothy Lord

[00:04]
NuCaptcha is trying to make captchas both less annoying and more effective through the use first of all video rather than only still images, and second of behavioral analysis.
In other words, if you seem to be a problem user - like a spammer - you actually get a harder question.
It's not the same as everyone.

[00:18] <TITLE>
Christopher Bailey, NuCaptcha
Chief Technology Officer
appears over a picture of Christopher Bailey at the NuCaptcha booth.

[00:19]
Christopher> Hi, our company is NuCaptcha, and we're based in Vancouver, British Columbia.
Christopher> Captchas are predominantly used as authentications, password resets, forms, trying to prevent spam and so on.
Christopher> So they're predominently used whereever you'd have a form where somebody's committing information into your site, where you might wanna protect it from an automated attack.

[00:40] <TITLE>
http://nucaptcha.com/ [nucaptcha.com] says: "NuCaptcha's Behavior Analaysis System Reduces Cybercrime"

[00:40]
Christopher> What we've done is really look at the problem from a usability standpoint.
Christopher> Trying to say, if we continue with the old method of having software come in and break the captcha, and the response to that is to create a more complex captcha to defeat the software, the result is that the users are having a harder and harder time solving the captcha as well.

[01:00]
Christopher> So what we've done is looked at the usability problem and said "How can we make it so users can solve these captchas and continue to present an effective security response?"
[01:09] <TITLE>
A sample NuCaptcha video captcha challenge appears on screen.
The video captcha with a green textured background reads:
Security Challenge [a set of icons appears here:'reload', questionmark, speaker]
VKN (in red, with each letter turning around its middle point axis)
Type the moving letters: [an input form appears here]

[01:09]
Christopher> So we've created a behavior analysis system.
Christopher> What that does is, we're a cloud-based platform, and as we integrate with our customers, we get behavior information from them of how the user's interacting with the website, what they're doing, and we create a behavior profile and from that we create a risk profile for each user.
Christopher> This correlates to an IP-basis.

[01:30] <TITLE>
Another NuCaptcha example captcha appears on screen.
This captcha is a plain black background, with otherwise similar behavior in the red captcha letters: CKP.
The icons have moved to the right side of the video and a Submit button is present next to the input field.

[01:30]
Christopher> Based on that risk, we will deploy a different security response; In some cases it's a really easy to solve captcha, so it's really focused on usability. In other cases we will present a captcha that is much stronger and that provides a lot more defense against an OCR or software attack.

[01:45]
Christopher> Some of our clients are ad biz, and the social space, O2 - which is a large telecom provider in the U.K. [...]

[01:52] <TITLE>
Another NuCaptcha video captcha appears on screen.
In this captcha, the background is a set of animated figure moving through the picture, such as a man on a bike and a woman jogging, with the letters:
OUTDOORS (in white) SRG (in red)
animating across the picture in a waveform pattern, with the red letters moving as in the other captcha examples.

[01:52]
Christopher> [...] there's also Cardinal Health, which is a healthcare provider in the U.S.
Christopher> We provide software-as-a-service, and we integrate on the web application level.

[02:06]
Timothy> There's recently been a hack of video captchas.
Timothy> Talk about that.. where does that put us right now?
Timothy> What is the future of captcha, I guess?

[02:15]
Christopher> There is a researcher from Stanford, he had an optical flow algorithm, that was looking at how the characters are moving.

[02:23] <TITLE>
Another NuCaptcha video captcha appears on screen.
This captcha is similar to the last, however the background is that of a bright blue sky with a few clouds and a wind turbine rotating in the picture. The letters read;
Go Windpower (in white) FNA (in red) with the same behavior as before.

[02:23]
Christopher> We actively fund this type of research, and our strategy is to come up - or discover - these types of things before the attackers do.
Christopher> We fund the research, we look for different ways that somebody might attack the system, develop a response to it, and as appropriate, deploy that response out into the system.
Christopher> This particular attack, this particular algorithm, what it did is it looked for characters, for static elements, within the captcha.
Christopher> We had a response ready for it, [...]

[02:54] <TITLE>
Another NuCaptcha video captcha appears on screen.
This captcha is similar to the last, however the background is a more simple light blue to very light blue background. The letters read;
Type the Code: (in white) AA5 (in red)

[02:54]
Christopher> [...]and we deployed that response - when the researcher communicated that to us, that this is what he was doing, this is how he was doing it - we deployed a response, and cycled out those older captchas that he was able to defeat.
Christopher> It was a very specific set of captchas he was looking at, it wasn't the system as a whole, it was this very specific puzzle he was looking at.

[03:15] <TITLE>
Another NuCaptcha video captcha appears on screen.
This captcha is similar to the last, with the background depicted a group of dogs laying around. The letters read:
Hanging Out T5E
The Slashdot logo with caption zooms into view from the bottom left corner.

"How we broke the NuCaptcha video scheme [...]" (-1)

Anonymous Coward | more than 2 years ago | (#39246841)

Maybe interessting in this context: http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/

90% accuracy is hard? (0, Redundant)

Anonymous Coward | more than 2 years ago | (#39246851)

A shame it has already been broken. Found out about this two weeks ago on this cool tech site below - a word of warning, the editing is a bit hit and miss though.

http://tech.slashdot.org/story/12/02/20/1746242/researchers-break-video-captchas

Re:90% accuracy is hard? (2)

space fountain (1897346) | more than 2 years ago | (#39247077)

Watch the video first. Apparently, they've already fixed that particular vulnerability. Note I'm not saying that there aren't vulnerabilities just that that particular one has been fix.

Re:90% accuracy is hard? (1)

HarrySquatter (1698416) | more than 2 years ago | (#39247125)

This just in: company claims that broken system isn't really broken! Film at 11.

Even if they have patched that vulnerability it will be broken again as is always the case with captchas. The only way to make these things unbreakable is to make them completely impossible for even a human to solve them. Anyone who believes otherwise is an idiot or someone trying to scam you out of money.

Re:90% accuracy is hard? (2)

space fountain (1897346) | more than 2 years ago | (#39248157)

I know. I should have made that clear. All I'm saying is they claim that particular method for solving video captchas no longer works on their captchas. It could be a lie, but either way saying that it is compromised is going a bit to far. We have computers that can beat humans at just about any game. They just take up a small building and need the air conditioning of a small city. Captchas can be beaten by computers and we're getting to the point where any test that a computer can't do a human can't either. Sure humans can interpret language better, but computers also can't come up with a good word problem and if you have a human do it there's only so many tests they can come up with in a reasonable amount of time. We have to come up with a better answer I'm not sure if this is that answer, as other commenters have said it maybe easier to crack then normal captchas, but we do have to come up with something different. Not really sure how I got here, but that's my take on it

Re:90% accuracy is hard? (0)

Anonymous Coward | more than 2 years ago | (#39247201)

Yeah. The problem with video is that there is a lot of redundancy, and you have an entirely new dimension to play with (time).

Redundancy:
As one other commenter posted, if you decode a few frames and they agree, you can be that much more sure that you have the correct solution.

Time:
No need for complex image background segmentation algorithms! Over time the background dosen't move but the foreground does! With even the most basic frame differencing, we have a pretty good outline of the captcha letters.

I get it! (0)

Anonymous Coward | more than 2 years ago | (#39246869)

It's a way to get unavoidable advertisements into a site. You can tell if it's a human, because anything that isn't sick of seeing these ads every time they want to post is almost certainly a computer. Or a very determined troll. Brilliant.

If you get a screen capture is it not the same (0)

Anonymous Coward | more than 2 years ago | (#39246897)

as any other captcha? freeze the screen and let the old algorithims run.

Re:If you get a screen capture is it not the same (0)

Anonymous Coward | more than 2 years ago | (#39247211)

Couldn't you make use of the fact that our eyes see anything over 30 Hz as static and build separate frames that individually don't look like actual letters, but to our eyes look fine? And since the individual frames are of moving letters, I'd think that would make it a little harder to take multiple frames and average them together before dumping into the captcha busting algorithm...

Too bad (-1, Flamebait)

Apu de Beaumarchais (2023822) | more than 2 years ago | (#39246899)

Too bad videos are also a huge pain in the ass. If I went to a site and saw they wanted me to watch a video before I could register / comment you can bet I'm not sticking around.

Fun to decode? (5, Interesting)

Aladrin (926209) | more than 2 years ago | (#39246935)

Looking at the samples on the screen as he was talking, I think those would be fun to write a decoder for... And possibly even easier than image captchas.

Why? Because they're moving, and you have a better chance to figure out the outline of each shape because of it. Also, you can use traditional techniques on each frame of the video and submit the one that has the highest confidence, and you could do that with existing tech.

Honestly, I don't see this being better than what we have.

Re:Fun to decode? (1)

jpapon (1877296) | more than 2 years ago | (#39247229)

I agree. In fact, the samples I saw looked like you could just take one frame and you'd have an easy to decode captcha, since each individual frame was far simpler than some of the advanced captchas I've seen around.

These would only be more difficult if you actually change the content over time. From what I've seen, they don't, they merely scroll the words across the screen.

They don't even apply time-varying noise to it, which I don't understand at all. The human visual system is really good at using temporal clues to "see through" noise. They don't seem to take advantage of that at all.

Re:Fun to decode? (2, Interesting)

Anonymous Coward | more than 2 years ago | (#39247271)

THIS THIS THIS.

They don't even bother to modify the images as they move.
Moving will give a more static object, more so by it moving frame by frame.
If it was those blurry, pixelized texts flowing over a background, it'd be considerably harder to pick out information, even better if they actually noise up the background as well.
It'd be great if they skewed, stretched and warped the image to certain extents as it moves.

I'd still rather see furry animals on a rug strip and you type the first letter for each animal. (which are listed, such as [c]at)
Face removed, instantly makes it a billion times harder to decode because computers fail so horribly at fuzzy, hairy things.
Few thousand animal pictures, stretch, skew, warp, flip, noise, rotate, scaled, you add considerably more new images you can use.
Basic rug strip, multicolored rug. Throw a few animals on it. (don't make them weirdly exotic animals, things everybody would know, 3-5 depending on behaviour analysis)
Also make sure to change the background up a little as well. Take 50 shots of it roughed up, different angles, then you can do the same processes above to a lesser extent. (in particular the rotating)
Make the animals different enough that they can be scaled to the same size and still be identified without a face, but not too wildly different.
Considering e have 3 animals minimum, if we had cat, dog, and gerbil, we'd know which the gerbil was pretty much right away, the fat hair ball, but telling the different between a cat and dog would be a bit more difficult.

Hell, combine video AND this with slight animations. (formed from randomly applying the effects on to the images above, looping them back to 0 when end is reached)
That'd make even Skynet implode. Mostly because the cute part.

Re:Fun to decode? (3, Interesting)

HarrySquatter (1698416) | more than 2 years ago | (#39247363)

They don't even bother to modify the images as they move.
Moving will give a more static object, more so by it moving frame by frame.
If it was those blurry, pixelized texts flowing over a background, it'd be considerably harder to pick out information, even better if they actually noise up the background as well.
It'd be great if they skewed, stretched and warped the image to certain extents as it moves.

A lot of that would be easy to defeat with basic video filtering techniques like noise removal, motion compensation, etc.

Re:Fun to decode? (1)

muon-catalyzed (2483394) | more than 2 years ago | (#39247521)

hello.. only the important stuff is moving, making it even easier to differentiate from the background.. what were they thinking?

Re:Fun to decode? (1)

Aladrin (926209) | more than 2 years ago | (#39248275)

I think that's an artifact of having to make it human-accessible. If you make it too complicated, too many people will complain about how hard they are. If you make them too simple, computers can solve them easily.

Unfortunately, what usually happens is that both of the above are true at the same time, which means there's no good solution there. You either let computers in, or you keep some humans out.

a new business model for advertisers! (-1)

Anonymous Coward | more than 2 years ago | (#39246959)

I suggest a 30 - 60 second commercial before each captcha!

Already broken (-1)

Anonymous Coward | more than 2 years ago | (#39246981)

http://news.cnet.com/8301-31921_3-57376332-281/stanford-university-researchers-break-nucaptcha-video-security/

They're also expensive... (4, Interesting)

RyanFenton (230700) | more than 2 years ago | (#39246989)

If you generate them statically (as videos), then all someone has to do is what they're already doing - put up a site with some fake content, and ask users to go through "their" capcha, telling them the human answer to that particular video, and making an index of videos to answers.

If you generate the videos dynamically, well, it won't be very scalable, because it's going to take too much processing time per user. Might work well for occasionally verifying expensive content, and it might be more useful in the future - but networks (at least in the US) take a long time to improve, on the scale of hard drive improvements, so you're bottlenecked there too.

Hybrid tricks (layering static video) end up the same as static with a little analysis.

I'd say this falls in place with automated phonecall techniques as a somewhat expensive and annoying way of verifying 'humanity'.

Ryan Fenton

Does anyone know a good app.. (4, Insightful)

Oswald McWeany (2428506) | more than 2 years ago | (#39247017)

It's getting to the point where I feel like I need an application to read Captchas for me.

Half the time I get them wrong. I swear a computer would HAVE to be better at translating them than me. This video is going to help- but we have to face the fact... EVENTUALLY, no captcha device will be able to block bots but not people.

EVENTUALLY all bots will be better at breaking all captchas than humans will be.

There will probably be a time we look back on the good old days when the internet was usable by humans as a means of communication.

/ Disclaimer: Oswald is an ex-bot who gained near human cognition and intelligence.

Re:Does anyone know a good app.. (4, Interesting)

John Hasler (414242) | more than 2 years ago | (#39247187)

EVENTUALLY all bots will be better at breaking all captchas than humans will be.

It's much worse than that. Because the botherders can tolerate a very high failure rate the bots can be much worse than humans and still be effective.

Re:Does anyone know a good app.. (3, Insightful)

Canazza (1428553) | more than 2 years ago | (#39247221)

or CAPTCHAs that are impossible for a Human to solve but trivial for a computer. so if it passes, it's a computer! :D

Re:Does anyone know a good app.. (1)

jittles (1613415) | more than 2 years ago | (#39247975)

It's getting to the point where I feel like I need an application to read Captchas for me.

Half the time I get them wrong. I swear a computer would HAVE to be better at translating them than me. This video is going to help- but we have to face the fact... EVENTUALLY, no captcha device will be able to block bots but not people.

EVENTUALLY all bots will be better at breaking all captchas than humans will be.

There will probably be a time we look back on the good old days when the internet was usable by humans as a means of communication.

/ Disclaimer: Oswald is an ex-bot who gained near human cognition and intelligence.

What you don't realize is that captchas were designed by Skynet! That's right. The AI is working quickly to try and figure out when a human is using the internet and not a computer. Once the captcha technology is complete, only Skynet computers will be able to enter captchas. That is how they will test to make sure that you are really a human, and can be destroyed.

Re:Does anyone know a good app.. (1)

npuzzle (1875242) | more than 2 years ago | (#39248539)

Most Captchas that we encounter rely on some form of pattern recognition (whether it's static or dynamic) to work. The computer vision community has been studying (and solving!) related problems for decades and for much more complex tasks. It's sad to see how researchers tend to forget about the past.

I do my PhD research in applying computer vision algorithms to the medical field. You would be amazed to see how trivial these Captcha pattern recognition puzzles are compared to problems like brain template mapping, automatic tumor segmentation, vasculature extraction and others. These all involve some kind of pattern recognition but for which there isn't even a true answer or "gold standard" as we say.

In other words, it's no surprise that the answer to these "new" Captchas can be found by digging in the existing scientific literature. Until someone comes up with a paradigm shift...

Re:Does anyone know a good app.. (1)

chocapix (1595613) | more than 2 years ago | (#39249091)

I just had this vision of a future where captchas are like:

"We need to verify that you are human. Please violate the Third Law Of Robotics."

On the contrary (0)

Anonymous Coward | more than 2 years ago | (#39247021)

Flash bitstreams are much easier for computers to understand than humans.

Why not... (0)

Anonymous Coward | more than 2 years ago | (#39247029)

Why would an attacker not play back the animation at whatever speed they choose, exclude the color range that appears to be background, and analyze each frame for lines that are horizonal or vertical? Take the frame(s) that score highest for "squareness" and OCR from there?

Really, it's a question.
I watched it for a minute or two, and it seems like the letters are plain, block letters, with high contrast, and they line up regularly. I don't think this looks like strong CAPTCHA so much as not-previously-seen CAPTCHA. I don't get what makes this so hard to beat.

Oh great (0)

Anonymous Coward | more than 2 years ago | (#39247073)

Something more annoying we have to deal with before being allowed to post, register, search, etc.

Dialup? (1)

Anonymous Coward | more than 2 years ago | (#39247091)

And what about the large portion of the world that is still on dialup?

We developers these days just have no fucking clue. HTTP = hyperTEXT transfer protocol.

Technologies that break the web are useless.

I think we need to start a new internet. One that works.

Mechanical Turk ftw! (1)

Anonymous Coward | more than 2 years ago | (#39247095)

No captcha will ever be unbreakable by the mechanical turk.

And what if you're blind? (1)

Anonymous Coward | more than 2 years ago | (#39247107)

Going to lock out blind people from the video captcha? Or create an alternative that computers can use too?

Honestly (4, Insightful)

mseeger (40923) | more than 2 years ago | (#39247157)

The CAPTCHAs are already so "good", that i get identified as machines 7 times out of 10 :-(.

Is this going to be flash-dependent? (3, Insightful)

damn_registrars (1103043) | more than 2 years ago | (#39247163)

Being as the vast majority of video delivered over the web seems to be via flash, it seems like this will itself be flash-dependent. Which would, of course, exclude people who cannot or will not use flash for their browser.

Of course, it may be that this will be deployed on sites where that demographic is not important...

Re:Is this going to be flash-dependent? (3, Interesting)

Anonymous Coward | more than 2 years ago | (#39247849)

Surprisingly it seems the answer is no.

I was all geared up to give my anti-Flash speech and NuCaptcha stunned me by presenting animated GIFs (a format with a bad history but which is now free).

I'm sure if I start digging I'll find something to dislike (NuCaptcha patenting the idea of moving captchas for example or maybe intentionally holding full copyright on captchas that they aim to embed into as many sites as possible) but the GIFs have put me in such a good mood I'm not going to try.

Well done NuCaptcha for providing useful animation to the web and not being Adobe's bitch. That puts you up there with Wikipedia!

They are all vulnerable to the same method (4, Interesting)

aepervius (535155) | more than 2 years ago | (#39247171)

Outsource the captacha. Link it to some porn , ask the user to fill the captcha in, and boum, captcha bypassed. no need to do expansive trick program analyze, just use cross site linking. At least those captcha have the merit to be readable by a human, unlike some captcha in cursive-overlapping-slanted letters where if you can answer them , you are prolly not human.

Re:They are all vulnerable to the same method (2)

MrP- (45616) | more than 2 years ago | (#39247531)

The solution is quite obvious.

Step 1. Require the user to provide
  a. Complete name and address
  b. credit card + exp + csv
  c. social security #
  d. faxed copy of ID or license

Step 2. Confirm the name and address is valid via credit card and ID

Step 3. Mail certified letter containing captcha code to customer

Now in 6-8 weeks the user will receive their certified captcha documentation, sign for it and then be able to log in to your site.

Quite simple really.

Re:They are all vulnerable to the same method (0)

Anonymous Coward | more than 2 years ago | (#39249551)

"Outsource the captacha. Link it to some porn , ask the user to fill the captcha in, and boum, captcha bypassed."

Ahhhhh yes. That old knee-jerk reaction. Always popup when the subject of CAPTCHA comes up. Making it sound like CAPTCHA research is pointless etc. (despite the fact that there are some very nice semantic CAPTCHA around that are touching to AI: no bots shall solve them anytime soon).

You know the problem with your "porn" thinggy: there's basically an unlimited supply of p0rn material. Competition is though in that world. And you know what? Users who like pr0n do prefer the site where you do not need to enter CAPTCHAs to get the pr0n.

Take a sufficiently successful website, put semantic CAPTCHAs on them and now try to get enough pr0n users to enter CAPTCHAs while there are countless free pr0n sites out there.

Please. Dude. Stop knee-jerking. Start thinking about solutions, not problems.

Why do they bother? (0)

Anonymous Coward | more than 2 years ago | (#39247517)

reCAPTCHA is the worst of them all (owned by the arrogant Google assholes). Is almost impossible to read what's there, although there is software out there that can bypass it. So why waste people's time?

Re:Why do they bother? (1)

jekewa (751500) | more than 2 years ago | (#39248225)

There's a second purpose of reCAPTCHA. There are always two "words." Both are from scanned documentation of some kind. One word is known, and is used as a check to see if you're trying. The other word is unknown, usually a little wonky, and you're being used to help OCR the text for them. The pair of words is checked, and as long as you got the known word right, and gave a try to the second word, you're in good; usually, that is--if they have enough input on the wonkier one, then you're being used to group-source validate the OCR on that one.

Re:Why do they bother? (0)

Anonymous Coward | more than 2 years ago | (#39248591)

Unless you're like me and just enter 'cowabunga' or more sensitive words instead of the readable word. Gets them every time. I just hope enough other people do this too so we get random 'cowabunga's in the OCR text.

Re:Why do they bother? (1)

Lord Crc (151920) | more than 2 years ago | (#39248585)

reCAPTCHA is the worst of them all (owned by the arrogant Google assholes). Is almost impossible to read what's there[...]

I find reCAPTCHA to be one of the easiest captchas to get correct. Sometimes you get an oddball one, but I've never gotten two such in a row. Why all the hate?

Re:Why do they bother? (1)

wvmarle (1070040) | more than 2 years ago | (#39249657)

I for one usually have to re-load four times to get one that I think I can read, fail it after all, and have to try again. Maybe you're just lucky or have super-human reading skills.

Re:Why do they bother? (1)

Lord Crc (151920) | more than 2 years ago | (#39250105)

I for one usually have to re-load four times to get one that I think I can read, fail it after all, and have to try again.

You do know that you only need to get one of them right, right? And that one is usually pretty easy.

It's utterly pointless (0)

Anonymous Coward | more than 2 years ago | (#39247519)

This is all utterly pointless when you can outsource breaking catchpas to India for well less than a penny per catchpa broken. All this does is annoy legitimate users. If you want to get real about you need to geo restrict account creation to and from certain IP addresses based on geographic distribution. Yes this can be bypassed, but it would make it easier to prevent fraud.

Dear Timothy (-1)

Anonymous Coward | more than 2 years ago | (#39247553)

Timothy, lose the stupid glasses, you look like a tool.

Sincerely,
Everyone

Bidirectional video captcha (4, Funny)

Oswald McWeany (2428506) | more than 2 years ago | (#39247557)

You all know what is next don't you?

You will need your webcam hooked up- and the captcha will call out directions that you need to perform. It would analyse your movements to prove you understood.

Bow to the camera,
dosey doe,
boot scoot, boot scoot,

"ERROR: You are not a human you did a shuffle step instead of a boot scoot."

Re:Bidirectional video captcha (1)

subreality (157447) | more than 2 years ago | (#39249615)

... now take off your shirt ... Yes, that looks pretty human, but I need to see more ... Now show me how you move, graceful or robotic ...

what stops a bot (1)

ILongForDarkness (1134931) | more than 2 years ago | (#39247713)

From just taking a snapshot of the screen and cracking the much simpler static image? That said I'm really hating recaptchas. I've had sites where I had to click next about 10 times to find one that I could figure out what it is AND be able to type it (lots of German, Swedish, greek captchas which I can't be bothered figuring out the key strokes to reproduce). Also philosophically I'm against recaptchas because only half of the crap they want you to type is actually used for security the other half is free human OCR. If I want to spend my time converting text I'll let you know ;-)

Re:what stops a bot (0)

Anonymous Coward | more than 2 years ago | (#39248903)

Your two complaints about recaptcha effectively cancel one another out; the words ("words" being loosely defined here, as I'm seeing mathematical expressions more and more frequently) that contain characters not on a standard 104 key English keyboard are almost always the ones that you are translating for, as you put it, free human OCR. In particular, you do not have to get them correct -- you can just type random garbage for those.

And the words that are there for actual security are much less onerous, in my experience, than the crap generated by sites that roll their own captcha.

Spam? (0, Troll)

kelemvor4 (1980226) | more than 2 years ago | (#39247881)

Slashdot, Could you please identify these advertisements as such in the title so I can filter them out of the RSS feed or something? I appreciate that you may enjoy the ad revenue, but I come here really just for news articles.

Why are these better than images? (1)

Traciatim (1856872) | more than 2 years ago | (#39248223)

I really don't understand why these are any better than a simple grid of images, say 9 or 16, where two of them have something in common but the answers are not obvious from the pictures presented. For instance a grid of 9 animal images where one is a tiger and one is a zebra and the captcha question is "Click two which have stripes", or images of vehicles where one is a bulldozer and one a tank and have "Click two which drive on tracks, not wheels.".

Uhh.. single frame capture? (1)

Drafell (1263712) | more than 2 years ago | (#39248241)

Just capturing a single frame of the video is all you need to decode it... obvious flaw...
Conceptually good, practically useless.

Funny (1)

JustAnotherIdiot (1980292) | more than 2 years ago | (#39248717)

I remember reading the opposite.
I've also lost count of how many times I've had to use the "I'm a blind fucker" audio option because I can never read the damn things.
On top of that, I'd imagine it'd be relatively easy to make a computer recognize simple numbers being spoken.
(In before they start making the voices harder to understand too)

Isn't the moving letters captcha easier to beat? (1)

AlphaBit (1244464) | more than 2 years ago | (#39248813)

1 Take multiple frames 2 Solve the captcha in each one indiviually 3 The most common answer is probably right.

Wow E can really plow (0)

cfalcon (779563) | more than 2 years ago | (#39248859)

The first one I got had E giving it to F in the rear like a damned pro. F sure can take that central horizontal protuberance. There was a T watching it all, rocking back and forth. Pretty charged scene, all and all.

Gotta hit refresh. I'm hoping for some lowercase action next.

This concept existed prior to nucaptcha (0)

Anonymous Coward | more than 2 years ago | (#39249495)

captchanim (which is provided for free) was doing it before:
http://captchanim.cs.technion.ac.il/

matter of time (1)

e**(i pi)-1 (462311) | more than 2 years ago | (#39249883)

OCR for videos are not developed so well so far. (For text, there are several open source projects). There is a well developed industry working on translating movies into 3D content like the structure from motion problem which makes space and camera path reconstruction from a movie. It is only a matter of time until these captchas are broken too. An other hurdle is that the examples use Flash which allows to script pictures using actionscript. The OCR task is not given a movie (a sequence of pictures at first). What the Captcha decoder will have to do is "film" the flash animation first to render it into a sequence of pictures which then can be analyzed.

Broken already. (-1)

Anonymous Coward | more than 2 years ago | (#39250101)

This is probably listed above somewhere, here it is again:

http://tech.slashdot.org/story/12/02/20/1746242/researchers-break-video-captchas

So it's a copy of what I implemented years ago (1)

Khyber (864651) | more than 2 years ago | (#39250171)

"A new company called NuCaptcha provides animated video captchas it says are much harder for OCR-based programs to crack than static captchas,"

So, IOW, someone took my idea of using video captchas (flashing scenes from an anime series, which you must identify as the captcha code.)

Bet someone there reads slashdot (as I've mentioned that here many times before) or visits my anime forum.

Obligatory XKCD (0)

Anonymous Coward | more than 2 years ago | (#39250515)

Suspicion [xkcd.com]

For the sakes of all the lonely IRC addicts, I hope we manage to stay ahead of the 'bots in this field...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...