Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Evolution of the 'Captcha'

CmdrTaco posted more than 7 years ago | from the why-can't-i-even-read-them-half-the-time dept.

The Internet 383

FireballX301 writes "The New York Times is running an article about the small word puzzles various sites use in order to defeat automated script registration while still letting humans through. It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created. This, of course, seems breakable as well — is there a feasible alternative to the captcha, or are we stuck jumping through more and more hoops to register at places?"

Sorry! There are no comments related to the filter you selected.

I am torn (5, Funny)

jollyreaper (513215) | more than 7 years ago | (#19463983)

As a Christian fundamentalist, I cannot in good conscience believe that catchpas have evolved, yet at the same time since I can never figure out what to type to make them work, I cannot believe any intelligence was involved in their design.

Re:I am torn (5, Funny)

dattaway (3088) | more than 7 years ago | (#19464025)

Here in Kansas, captcha evolution has been subject to legal review. Kansas City's Road Runner is employing packet shaping to eliminate the evolution of captchas. You might not see the captcha, but others believe it exists.

woah (1, Insightful)

weighn (578357) | more than 7 years ago | (#19464097)

+5 Funny in 7min 15sec AND frost pist!
Come to think of it - its great to see fp without some sort of script bollocks - welcome back to /.

Re:I am torn (3, Interesting)

lcoughey (975892) | more than 7 years ago | (#19464231)

I thought I could avoid using Captcha's by simply request the user type in their IP address that I showed in at the bottom of the screen. I know that bot can easily get the IP address too...I was thinking that my request was vague enough that the bot wouldn't understand the question. My guess is that the bot didn't understand the question and reported the error to its writer. The writer must have explored my website, found the source of the error and then added a subroutine to deal with my question.

This is really annoying...not damaging, just a big pain in the butt. I could start blocking the IP addresses being used, but that would be in vain, knowing how many zombies are out there.

As an athiest... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19464273)

I am gay!!! Lololololol. SO FUNNY.

Knowledge tests... (3, Interesting)

Anonymous Coward | more than 7 years ago | (#19463991)

The other day I saw a system that posed the question:
'Germany is a country in Africa?'

Your duty to prove you were human was to change it to the proper continent and the question mark to a period. Seems pretty fool proof, especially if you combine it with things like "and make 'country' all capitals."

Re:Knowledge tests... (5, Funny)

CrazyTalk (662055) | more than 7 years ago | (#19464075)

Ummm I dont think this would work in the US, where (considering our educational system) some people might answer "yes". In fact, some celebrity (I forget which) recently thought that Japan was a country in Africa, which is why Africa has the best sushi.

Re:Knowledge tests... (4, Funny)

Anonymous Coward | more than 7 years ago | (#19464159)

No great loss in keeping people with that kind of education and/or intelligence away from the internet. Kinda like you'd like to keep the caveman with the club away from the nuclear bomb.

Re:Knowledge tests... (3, Funny)

OhPlz (168413) | more than 7 years ago | (#19464185)

Well then, that's an added bonus, isn't it? It not only weeds out the spam bots, but also the celebrity know-nothings.

Yes, this is fine (1)

Colin Smith (2679) | more than 7 years ago | (#19464375)

Ummm I dont think this would work in the US, where (considering our educational system) some people might answer "yes".
The system would be performing it's function admirably.

 

Re:Knowledge tests... (1)

Opportunist (166417) | more than 7 years ago | (#19464413)

I wouldn't call that a flaw of the system. Sounds more like a feature.

Re:Knowledge tests... (5, Funny)

bobmarleypeople (1077639) | more than 7 years ago | (#19464195)

I've seen several sites using questions similar to yours except they were more obvious. An example was:

Which is a food?
A) pink
B) car
C) Britney Spears
D) Hamburger

There is of course the possible registration by a disturbed and horny male who would say "Britney Spears" but you get the idea.

Alternative? (3, Insightful)

morgan_greywolf (835522) | more than 7 years ago | (#19463995)

In my mind, anything that can be put out by an automated system for purposes of determine whether the communications on the other end is from an automated system can, with enough ingenuity, be answered by an automated system. IOW, all 'captchas' and similar methods are ultimately defeatable. It's an arms race, just like DRM: clever people will always figure out how to defeat what protections you put in place no matter how clever your protections are.

Re:Alternative? (2, Interesting)

thetroll123 (744259) | more than 7 years ago | (#19464043)

Nonsense. There are plenty of things humans are good at that computers are rubbish at. How about displaying four photographs with the question "which image contains a bottle?"

Re:Alternative? (4, Insightful)

moranar (632206) | more than 7 years ago | (#19464115)

Doesn't work well: a bot will be right 25% of the times, just by answering at random. And more pictures mean difficult layout, or small picture size. Plus, it becomes an undue hassle on real users.

Porn sites to circumvent CAPTCHA (1)

tepples (727027) | more than 7 years ago | (#19464131)

How about displaying four photographs with the question "which image contains a bottle?"
Couldn't a bot just download all the photographs, have members of the bot operator's porn site catalog them in exchange for access to more porn, and then compare challenges to this photo database to find the bottle? And what would be the blind-friendly version of this?

Re:Porn sites to circumvent CAPTCHA (1)

Opportunist (166417) | more than 7 years ago | (#19464445)

Similar systems already exist, where sites offer you free porn if you do captchas for them.

Re:Alternative? (1)

Hognoxious (631665) | more than 7 years ago | (#19464165)

How about displaying four photographs with the question "which image contains a bottle?"
Flowers.jpg? Nope. Piglet.jpg? Not that one either. Probably not EiffelTower.png, so must be the other one.

I figure somebody somehere must have implemented a captcha system where the name of the image file was the same as the word.

Re:Alternative? (2, Insightful)

JesseMcDonald (536341) | more than 7 years ago | (#19464335)

Nonsense. There are plenty of things humans are good at that computers are rubbish at. How about displaying four photographs with the question "which image contains a bottle?"

Your search space wouldn't be large enough -- you can only have a limited number of photographs, since they have to be manually generated, and once the correct answers have been identified the captcha-breaking algorithm would reduce to "which image is closest to something in this set", a fairly trivial image-matching problem. This is exactly the issue the GP was referring to: the captchas must be randomly computer-generated to create a suitably large search space, but they mustn't be computer-solvable.

Alternatively, shift the paradigm (1)

the_kanzure (1100087) | more than 7 years ago | (#19464453)

This is exactly the issue the GP was referring to: the captchas must be randomly computer-generated to create a suitably large search space, but they mustn't be computer-solvable.
Not yet knowing what humans are capable of (they are always surprising us), I wonder if we can get a proof that there are some set A of tasks that do not belong to set B of tasks that computers can solve. The only tasks that I can think of off the top of my head are those that are physical and rely on wetware. But that would get awkward, and fast. Rethinking the system could potentially get rid of situations where we need to moderate for spam, unless we can hack up a proof (from bare-bones logic).

Re:Alternative? (1)

morgan_greywolf (835522) | more than 7 years ago | (#19464377)

As others have stated, a bot will get that right at least 25% of the time by dumb luck. The odds can be increased through edge detection techniques that are in use by law enforcement around the world for purposes of facial recognition and can be adapted to match almost anything. I may not be able to do this well with a standard PC, but with a sufficiently large cluster, probably. It's all about the cheapness of the attack, just as with all security.

Re:Alternative? (1)

slashbob22 (918040) | more than 7 years ago | (#19464425)

Nonsense. There are plenty of things humans are good at that computers are rubbish at. How about displaying four photographs with the question "which image contains a bottle?"
I can't find the linky at the moment, but I remember reading about a photo application with object recognition such that it would tag your photo's automatically. Why couldn't something like that be used in this case? This avenue already seems dead.

Re:Alternative? (4, Insightful)

twistedsymphony (956982) | more than 7 years ago | (#19464305)

What ever happened to email validation?

You give script your email address, it sends you an email and you follow a validation link within the email. Implementing this on my website where I had a captcha before got rid of 100% of the spam.

There are also other little dirty tricks you can do to ensure it's a human on the other end, one of my favorites is to check the referrer URL when accepting a comment... if it's not being referred from my entry forum then it just happily throws the request away. Even if it's not spam it's probably something malicious anyway.

Another thing I used to use that worked really well in conjunction with registration is "approving" any account in which the first post doesn't contain any links or any words on a "spam list". If the first post of the newly registered account contains any links or spam words at all, it's held for moderation and must be approved manually. A vast majority of the legit people leaving comments for the first time wont be including any links or talking about viagra on a tech site, no links or spam words means they've been validated as "not spam" and if they've included links it only takes a human a few seconds to qualify if the account should be canceled as spam or approved as a non-spam account. This one obviously takes some man power so it only really works on smaller sites. It might be easy for a spam bot to counteract this but the way it validates is not apparent, not to mention this is already after an email has been validated.

Great idea (3, Insightful)

grimdawg (954902) | more than 7 years ago | (#19463997)

What word did you have to type to prove you weren't a bot? A good sample might give us an insight into which words are used: why? I had to type 'interest' - which seems to have no real distinguishing feature.

Are they chosen for any good reason, or are they completely arbitrary? Are there letters that bots have trouble with? Fonts? Who knows?

The only thing that's sure is that every protection will eventually be broken.

What's more, maybe if you can't solve a simple word puzzle, I don't want you registering at my site...

Re:Great idea (4, Insightful)

Turn-X Alphonse (789240) | more than 7 years ago | (#19464007)

So people with eye sight problems aren't welcome on your site then?

I have perfect vision and I struggle to tell if some S/5/Zs are one of the letters. The fonts and distortion is getting worse and worse to the point where it's usually 2 or 3 attempts before I can get one correctly, purely because letters are so distorted in them these days.

Re:Great idea (5, Insightful)

0123456 (636235) | more than 7 years ago | (#19464189)

Indeed: these things are getting to be an appalling nuisance. If I see a site that use them I increasingly just say 'fuck it' and leave; particularly the sites that keep asking for another one every few pages.

Meanwhile, having an automated system feed them to Chinese people on $0.50 an hour can't be too hard, and they'll have at least as good a chance of getting the correct result as I do.

Re:Great idea (1)

foobsr (693224) | more than 7 years ago | (#19464233)

The fonts and distortion is getting worse and worse to the point where it's usually 2 or 3 attempts before I can get one correctly, purely because letters are so distorted in them these days.

THNX, I thought I was the only one.

CC.

Another problem with registrations (0)

Anonymous Coward | more than 7 years ago | (#19464193)

Half of the sites that require registration are supposed to send an e-mail to finalize the process. I have had three or four of these that show me as a registered user and all, but I can't get full access because I never receive the *&#@ e-mail confirmation.

I can even go in and ask for it to be re-sent and it assures me this has happened but still no e-mail reaches me. I don't know if these mysterious missives are being devoured by overly gung-ho spam catchers along the route or what, but it's danged frustrating.

Inverted problem (5, Funny)

sveinb (305718) | more than 7 years ago | (#19464015)

Ask the user to perform a task that only a computer is likely to succeed at, like factorizing a 6-digit number. If the user gives the right answer, and this is the cunning part: Then it's not a human!

MAN, I feel clever some times.

See you in court? (5, Funny)

tepples (727027) | more than 7 years ago | (#19464163)

Ask the user to perform a task that only a computer is likely to succeed at, like factorizing a 6-digit number. If the user gives the right answer, and this is the cunning part: Then it's not a human!
Now you're discriminating against autistic savants [wikipedia.org] like Dustin Hoffman's character in Rain Man, in possible violation of disability discrimination acts in the United States, the United Kingdom, or other countries. See you in court.

real q's (1)

kilauea (263775) | more than 7 years ago | (#19464021)

Why not just ask actual questions?
Big db of easy questions, sets of which are rotated often.

Re:real q's (1)

ben there... (946946) | more than 7 years ago | (#19464157)

Why not just ask actual questions?
Big db of easy questions, sets of which are rotated often.

Yeah, and then we could open source it. Then it would be available to everyone who has a use for it! Wait a minute...

Re:real q's (1)

1u3hr (530656) | more than 7 years ago | (#19464179)

Why not just ask actual questions? Big db of easy questions, sets of which are rotated often.

No matter how "big" the set, in a few days or weeks at the most, enough will have been collected and solved and sold to spammers to make them useless. Even a million questions would be fairly trivial to collect and defeat.

Re:real q's (0)

Anonymous Coward | more than 7 years ago | (#19464463)

You know, sometimes when I think about the sheer amount of RAM, hard disk space, and CPU crunching power devoted to spam ... it makes me really sad.

Re:real q's (1)

aadvancedGIR (959466) | more than 7 years ago | (#19464229)

On paper, it seems easy, but you will soon find that:
-Many people (including myself) can be interested in an english based site without fully mastering that language, in particular when the captcha is to find the name of a thing on a photo.
-Many people simply won't know the answer of questions you will find easy, some because they are stupid or did not listened when the answer was taught in elementary school, but many because they have widely different cultural backgrounds.
-Whithin a couple of hours, one of your users will sell the Q/A database you spent mounthes to build to a bot producer for a few bucks.

I like what /. does with it's not-logged-in captch (0)

Anonymous Coward | more than 7 years ago | (#19464029)

They are quite hard to read, but they are also always real words. So I can easily narrow it down.

Unfortunately, that also means a bot armed with a dictionary might be able to do the same- ^H^H^H^H^H^H^H^H

B uy your v*|*g*r*4 here! Ch3ap! [udum.ass]

Re:I like what /. does with it's not-logged-in cap (1)

froggero1 (848930) | more than 7 years ago | (#19464069)

um... I don't know where you've been registering, but the ones I usually see are something like

JCMS5IK

I don't really mind them, except when they use I's, 5's, s's, 1's or l's, I've also seen a few that are case sensative and use m's or something like that.

Some are getting better by not using those characters, while others are getting worse and for everytime you get it wrong they give you a new one... sometimes you just have to keep hitting refresh till they give you a decent one.

OTOH, some now also use a short audio clip pronouncing the letters... (I believe facebook is doing that, I may be wrong though)

Re:I like what /. does with it's not-logged-in cap (0)

Anonymous Coward | more than 7 years ago | (#19464087)

um... I don't know where you've been registering,

I don't know,b ut with a subject like:

I like what /. does with it's not-logged-in captcha

Maybe slashdot?

Log out, try post AC in reply to an article or post.

Notice the captcha?

Re:I like what /. does with it's not-logged-in cap (0)

Anonymous Coward | more than 7 years ago | (#19464221)

I think that he was just going for the +1 funny ...

Re:I like what /. does with it's not-logged-in cap (1)

froggero1 (848930) | more than 7 years ago | (#19464449)

nah, it's just early and I haven't finished my morning pot of coffee yet... can't read right now...

!you can't solve them ; machine can (1)

weighn (578357) | more than 7 years ago | (#19464045)

We recently heard (someone else will post the link) that scanned books would be used for an experimental captcha program since machines aren't picking everything up. So I guess there's still differing opinions here ...

Re:!you can't solve them ; machine can (2)

jawil73 (936247) | more than 7 years ago | (#19464155)

http://recaptcha.net/ [recaptcha.net]

Re:!you can't solve them ; machine can (1)

the_kanzure (1100087) | more than 7 years ago | (#19464279)

Maybe that can help with the supershredder [slashdot.org] :

Reminds me of that somewhat bizarre subplot in Vinge's latest novel "Rainbow's End" where there was a big project to digitize all the university libraries, and some guy came up with the fastest way to do it: just throw all the books into a giant shredder, and then gave lots of cameras taking pictures of every last bit from every andle as it comes blowing out the other end...then re-assemble it all in a computer.
And the experimental captcha program is out there, let me go find the link.
* reCaptcha [recaptcha.net]
* Distributed Proofreaders [pgdp.net] - not captchas, but entire pages.

Captcha too hard (4, Insightful)

aepervius (535155) | more than 7 years ago | (#19464049)

OK, I am a bit shrotsighted, but still, some of the captcha are so garbled with bright color random pixel/forms while the font color of what was to be read was light gray/pink/blue on white background (and naturally distorted) that frankly I swore loudly while trying for the 5th time to enter the correct random combo of lower case, upper case and digits.

I am not sure if a picture is better, but it is defintively a step forward if I don't have to spend 5 time retrying.

Re:Captcha too hard (2, Insightful)

HouseArrest420 (1105077) | more than 7 years ago | (#19464219)

I hate the pictures that your describing. Being color blind, I'm about %100 percent sure not to see anything but 2 letters or less, in which case I have to beg for someone to help me out.

Re:Captcha too hard (0)

Anonymous Coward | more than 7 years ago | (#19464309)

I hear that.
It's even worse when you get it wrong and have to re-enter information..
Sometimes it feels like I might as well be reading bones.

worst captchas ever (2, Funny)

escay (923320) | more than 7 years ago | (#19464057)

I find some of the most cryptic captchas on the ticketmaster site. granted that the site deserves a stringent bot control given the risk of scalpers but some of their patterns border on the ridiculous. TFA mentions someone who achieved 25% success in deciphering those ticketmaster ones and I am thinking, "how does he do that?!"

Re:worst captchas ever (1)

IndustrialComplex (975015) | more than 7 years ago | (#19464137)

Some companies go to extremes with these things. I probably have to register 10 times with a site before I actually guess the numbers they are trying to display. It gets even worse when they become case sensitive, is that an 'o', 'O', '0', '()'?

The worst ones are those that reserve the screennames as you make the attempts. I've had many a simple screenname turned into AOL IM gibberish by the time I've successfully registered.

Re:worst captchas ever (1)

silas_moeckel (234313) | more than 7 years ago | (#19464311)

The funny thing is I have a client that pulls 10mbs all day every day getting tickets out of ticket master and the like and then auctioning them off. I talked to him once and he uses a mix of computer and human analysis to defeat them. Capcha's do not work when you can pay somebody a few cents to do the work to buy a tens to hundreds of dollars in tickets.

Stop testing the Humans, test the Robots (5, Insightful)

Anonymous Coward | more than 7 years ago | (#19464077)

I always get annoyed by captchas.. its like a forced human intelligence test.
We know that humans are more intelligent than scripts, so I always thought it should be easier to test the lack of intelligence in scripts than proving intelligence in humans.

For example just use a simple honeypot in a html form. Put a dummy input field in a form. You can hide the field with CSS/noscript tag or just mark it: "This field should be left intentionally blank" or something of that nature to make it more human friendly.

Seeing that all form fields are generally blank, the spambot/script will fill your dummy field. On server side check if the field has data, ignore the submission. It would be a VERY intelligent script that could COMPREHEND the purpose of any particular html input field.

my anonymous 2c

Re:Stop testing the Humans, test the Robots (5, Interesting)

jimstapleton (999106) | more than 7 years ago | (#19464113)

have a random or semi random set of field names, with an associated "key" field. Use the key field to retrieve the field names of interest. Also have a "name" and "password" field set up so they are invisible to a normal user.

Block any IP submitting a non-blank "name" or "password" field.

Re:Stop testing the Humans, test the Robots (1, Informative)

Anonymous Coward | more than 7 years ago | (#19464261)

This works unless you're talking about a popular open source project in which case it is trivial for the spambots to be coded around it.

Blind people (1)

tepples (727027) | more than 7 years ago | (#19464081)

It seems many people can't actually solve them anymore, so new alternatives (image recognition) are being created.
Especially with provisions of Section 508 [wikipedia.org] and the ADA [wikipedia.org] (and foreign counterparts) that ban discrimination against blind people, who use computers through screen readers that render text as speech or braille.

audio captcha (2, Informative)

weighn (578357) | more than 7 years ago | (#19464153)

Especially with provisions of Section 508 [wikipedia.org] and the ADA [wikipedia.org] (and foreign counterparts) that ban discrimination against blind people, who use computers through screen readers that render text as speech or braille.
some sites are including an audio option.
examples are here [captcha.net] (under Guidelines > Accessibility) and here [accessibilityblog.com]

Re:audio captcha (1)

tepples (727027) | more than 7 years ago | (#19464295)

blind people, who use computers through screen readers that render text as speech or braille.
some sites are including an audio option.
That's a good step forward for accommodating people who use text to speech. But what about those people who use text to braille? And what about those people who use text to speech on a machine where Apple® QuickTime® brand software is unavailable?

Re:Blind people (1)

EMeta (860558) | more than 7 years ago | (#19464175)

TFA mentioned that many sites now have audio captchas--forcing the user to make out words amongst static and background noise. You really only want those for the blind community, however, since most of us would rather have a mute internet experience. I'm not the only one on here at work.

Cat and dog images... (1)

Karganeth (1017580) | more than 7 years ago | (#19464085)

Where on earth will they generate all these images of cats and dogs? If they use the same images over and over in a test, it will be very easy for a program to do. The only way would be to have many, many pictures of cats and dogs, ideally with each image being unique. Exactly how will they generate these images?

Easy... (1)

Junta (36770) | more than 7 years ago | (#19464147)

Fark forums, with text captions helpfully photoshopped at random.

Re:Easy... (0)

Anonymous Coward | more than 7 years ago | (#19464403)

"OH HI, I IS CAPTCHA"

LOLcats http://en.wikipedia.org/wiki/Lolcat [wikipedia.org]

Re:Cat and dog images... (1)

1u3hr (530656) | more than 7 years ago | (#19464213)

Where on earth will they generate all these images of cats and dogs?

RTFA. I'm not going to paste it in for you, but it is explained.

Re:Cat and dog images... (0)

Anonymous Coward | more than 7 years ago | (#19464269)

If you'd read TFA you'd have found out that it was 2 million.

the hell with registration (1, Informative)

Anonymous Coward | more than 7 years ago | (#19464091)

use http://www.bugmenot.com./ [www.bugmenot.com]

Bugmenot? B&. (1)

tepples (727027) | more than 7 years ago | (#19464187)

I've noticed lately that a lot of web sites apply the banhammer rawther quickly to accounts listed on bugmenot.

Imagine if it were consolidated (1)

IndustrialComplex (975015) | more than 7 years ago | (#19464095)

Consolidate all these little snippets of our life (Keylogging over a period of time) and I'm sure that you could build a profile of my life that is more complete than any federal database in existance.

I'm actually considering inventing a 'Password doppleganger' with a fake address, mother's maiden name, last 4 digits of my SSN, first 3 digits of my SSN, Zip code, billing address, shipping address, dog's name, cat's name, place of birth, date of birth, favorite color, first street address, favorite car, favorite password.

Because all of these sites and companies use different 'snapshots' of our personal data to identify us, I'm pretty sure that they have overlapped 100% of the information necessary to perform a perfect identity theft.

Digital Certificates are the answer (3, Insightful)

rtobyr (846578) | more than 7 years ago | (#19464111)

One day, everybody will have a digital ID. You know, the kind used to digitally sign e-mail. If you had to digitally sign your request to create an account with a certificate issued from a trusted CA, then using a bot creates the potential of the user having his digital certificate revoked.

Re:Digital Sign of the Beast (1)

GottliebPins (1113707) | more than 7 years ago | (#19464215)

Yeah, one day we'll all have digital ID's on microchips implanted in our bodies and we won't be able to buy or sell anything without them.

Re:Digital Certificates are the answer (1)

Chatterton (228704) | more than 7 years ago | (#19464353)

Could be good if we revoke them too :)

Why register? (2, Interesting)

the_kanzure (1100087) | more than 7 years ago | (#19464117)

With the likes of BugMeNot.com, which people can use to distribute usernames and passwords for websites, there is little incentive to collectively continuously register. Look at how many websites are eating us [google.com] and desperately trying to hold our attention to feed them users. Maybe there is another model, one better than subscription-based?

Bugmenot wants to join our b&. (2, Insightful)

tepples (727027) | more than 7 years ago | (#19464249)

With the likes of BugMeNot.com, which people can use to distribute usernames and passwords for websites, there is little incentive to collectively continuously register.
And bots operated by web sites that require registration can spider bugmenot and ban all accounts that are listed there.

Re:Why register? (1)

Darren Bane (21195) | more than 7 years ago | (#19464303)

I much prefer 2ch/4chan-style sites that don't require registration. Anonymous posting allows people to argue with the message rather than the person.

There are better captchas out there... (1)

gravyface (592485) | more than 7 years ago | (#19464135)

I was on a site this weekend (I'd link to it if I could remember) where the author of the blog had several images of himself in various poses and facial expressions. To post a comment, the captcha "puzzle" required you to click on x out of 9 thumbnails that matched the questions: "angry Bob" (image of Bob filled with rage), "happy Bob" (big shit-eating grin), "flying Bob" (arms spread out like wings) etc.

It seems surprisingly effective, although I can't say I know much about the state of OCR technology right now and if/how this could be defeated.

Re:There are better captchas out there... (1)

Chatterton (228704) | more than 7 years ago | (#19464409)

Unfortunately a bot just need to try them or 'click' on one at random and have 1/9 chance to 'guess' it right :/
Adding more picture just reduce a little bit the chances to 'guess' at a growing pain for the reals users...

cat and mouse (1)

hackstraw (262471) | more than 7 years ago | (#19464151)


Right now this is a cat and mouse game. I've come across captchas that I cannot do. However, in 2020 computers are supposed to be as smart as a human. So, when that happens, how can we then differentiate between them?

and in 2017, they'll say it'll happen in 2030 (1)

tepples (727027) | more than 7 years ago | (#19464331)

However, in 2020 computers are supposed to be as smart as a human.
Futurologists always predict that a computer will pass the Turing test and that this will happen about 10 to 20 years in the future. Where is your evidence that this date is going to stop being delayed every few years?

Craptchas (1)

backwardMechanic (959818) | more than 7 years ago | (#19464169)

My father is partially sighted. He has enough trouble reading the actual page (try navigating around advertising with a very limited field of view). Captchas just lock him out of the site.

Ask questions (1)

4D6963 (933028) | more than 7 years ago | (#19464173)

Instead of asking use to recognize visual things, why not use sentences, like questions, to which only humans could correctly reply, like, for example, What's yellow and dangerous?

Seriously, only limiting captchas to recognizing something in an image makes it pretty limited, they might wanna try asking questions to the user, if they haven't tried that yet.

Re:Ask questions (2, Insightful)

JDHannan (786636) | more than 7 years ago | (#19464259)

I don't think many people know that its a canary with a machine gun. And i'm not sure i want that many people knocked off the internet in one swell foop

Re:Ask questions (1)

mpe (36238) | more than 7 years ago | (#19464477)

I don't think many people know that its a canary with a machine gun. And i'm not sure i want that many people knocked off the internet in one swell foop

But would it consider "a canary with a Kalashnikov" to be a valid answer? The problem with word games is that they can have more than one "correct" answer.

Re:Ask questions (1)

aadvancedGIR (959466) | more than 7 years ago | (#19464405)

"What's yellow and dangerous?"

Kim Jong Il?

Seriously, I'm quite sure it's not the expected answer, but I just can't find it. I'm not natively english speaker (but I don't think it matters for that particluar riddle), went through college (SW degree), and I believe I have a reasonably large and varied culture (please forget my nickname, I swear, I'm 30 and watch other things than cartoons), so I would like to volunteer as a living example that someone's easy question can be someone else's trick.

Re:Ask questions (2, Funny)

Chatterton (228704) | more than 7 years ago | (#19464473)

Yes, users need to answer riddles like in notpron [deathball.net] . The kind you need 10 hours to find the solution /Grin/ :D

Re:Ask questions (0)

Anonymous Coward | more than 7 years ago | (#19464495)

What's yellow and dangerous?
The sun? Pac-man? No seriously, I haven't got a clue.

Why not just show an image and multiple choice (1)

sobolwolf (1084585) | more than 7 years ago | (#19464191)

An image comes up, for example a dog and then there are multiple choice check boxes with only one of them being right. Each checkbox should also have an image instead of text, ie match the checkbox image to the main image (with the dog you would make it two different types of dog).

Accessibility is the issue, but you could have the images pronounce the word when clicked.

Filtering by reputation (2, Interesting)

G4from128k (686170) | more than 7 years ago | (#19464199)

Between ever-better computer image recognition algorithms and cheap offshore labor, captchas are doomed. Morevoer, captcha's don't even solve the actual problem because the goal isn't to distinguish human from nonhuman, but to distinguish spammer from nonspammer. This means we need some mechanism to identify a registrant and be aware of their behavior.

Why don't sites band together, share data on abusive registrants, and require each new registrant to provide "references" in the form of their logins to 3-5 other sites. A person with a normal online life could easily demonstrate a pattern of nonspammy behavior. People with no prior history might be placed on probation (their posts are reviewed and may not contain any link-like data). If a registrant posts spam they temporarily (or permanently) lose their accounts on that site and all connected sites.

At some point in time, the only thing that will work is a system that tracks the identity behind the account, assigns a reputation and ostracizes miscreants.

Re:Filtering by reputation (1)

stonecypher (118140) | more than 7 years ago | (#19464323)

Why don't sites band together, share data on abusive registrants, and require each new registrant to provide "references" in the form of their logins to 3-5 other sites. A person with a normal online life could easily demonstrate a pattern of nonspammy behavior.
In an odd way, one could suggest that this is exactly what Akismet, an anti-spam plugin for Word Press, does. The deal with Akismet is that comments don't go live until human moderated.

That may seem dumb until you realize that Akismet has three advantages most things don't have:
  1. Akismet is swarm-driven, meaning that if five other bloggers called that message spam, Akismet will generally know before you see the message;
  2. Akismet is packaged by default with Word Press, meaning it has an enormous user base;
  3. Akismet has shown itself to be resistant to poisoning attacks (its mechanism to break poisoning remains unknown, but they've shaken off some pretty serious coordinated poisoning attempts, so...)
And, before you laugh me off the internet for saying Word Press has a good anti-spam solution, please realize it's not turned on by default; if it seems ineffective, it's because lots of sites are run by people who don't take the thirty seconds to fix the problem.

Re:Filtering by reputation (1)

Foolicious (895952) | more than 7 years ago | (#19464481)

Because captchas are used for more than registrations first of all. If I have to provide references to post a comment about something or other somewhere, I'm not going to post a comment. Or if I have to provide references to search a forum (like Spring support forums if you're not logged in), I'm going to be pretty frustrated. Also I hate sharing information with sites as it is. Now I'd also have to share more information with them -- about the other sites with which I am registered? And I'm not even a tinfoil-hatted slashdotter!

Scraping works too (2, Insightful)

zumajim (681331) | more than 7 years ago | (#19464211)

I read some time ago about a guy who wanted to spam a large ISP (Can't recall the company), so he created a porn site, botted the ISP and scraped the capchas, putting them on his porn site where a good old human was waiting to do the work for him. Seems porn can power anything.

Re:Scraping works too (1)

stonecypher (118140) | more than 7 years ago | (#19464471)

I'm sure there's a good Catholic Church joke here.

Turing Test (1)

pr0nbot (313417) | more than 7 years ago | (#19464253)

Perhaps captcha bots will evolve into the first programs to pass the Turing Test [wikipedia.org] ?

hate captcha .... (0)

Anonymous Coward | more than 7 years ago | (#19464271)

i had something i wanted to post a reply on slashdot last week. But i couldn't read the captcha nor could i get a new one to try to post my reply.... i hate them....

slashdot's captchas can be just as bad...

NYT would not need so many captchas ... (1)

Skapare (16644) | more than 7 years ago | (#19464283)

... if they would just drop the stupid login requirement for reading articles. I can understand needing it to post a comment. But it should be entirely voluntary for reading. Maybe their reporter should be doing a story on this silliness that seems to be rampant among a lot of major newspapers.

alternatives (1)

xbytor (215790) | more than 7 years ago | (#19464285)

Spam-registration-bots are reading captchas far too well. I gave up on them on a site I admin. A more feasible solution is to have a registration code that they have to enter that is present on some other part of the site or have them answer a question like 'how many beers are left in six pack if you drink two of them'. Humans can, in general, understand this question and answer it correctly far more easily than a registration-bot.

-X

The biggest problem with CAPTCHAs... (1)

adonoman (624929) | more than 7 years ago | (#19464329)

...is the level of overlap between the most capable computer programs, and the least capable people. Make the problem difficult enough for computers and you'll end up keeping out a number of real humans, either by requiring some specific sense (sight / hearing) that some people lack, or by requiring intelligence that some people lack.

Alternative suggestion? (2, Funny)

hanshotfirst (851936) | more than 7 years ago | (#19464341)

Replace the mangled-text-and-response captcha with a skill test, like punch-the-monkey. Maybe I could win an iPod while I'm at it.

Unrelated question....how do you validate the captcha if you are browsing with lynx?

Mod self -1,weird-mood-on-a-monday

This is missing something. (1)

onyxruby (118189) | more than 7 years ago | (#19464359)

The co-evolution of the outsourced Indian worker being paid $1-$2 per hour to solve hundreds of catchpas per hour. Not to mentions various porn sites and warez sites where you have to solve a catchpa to get in, it just happens to be someone else's catchpa. You want a catchpa for someplace like a bank to work? Simple, get the person to input something that was chosen off site and the would know. At best though it would still be security through obscurity and flawed. Catchpas are fundamentally flawed, and as such are doomed to the dustbin of history like so many other things. Remember spam is a large business, if they have to outsource grunt labor (catchpa's), they'll do it. All you've done is add an inconvenience that solves nothing.

feasible alternative (0)

Anonymous Coward | more than 7 years ago | (#19464387)

...is there a feasible alternative to the captcha...?

"Describe in single words, only the good things that come into your mind. About your mother."

Akismet? (1)

Herve5 (879674) | more than 7 years ago | (#19464459)

This is just to mention, on my Wordpress (free) installation there is a (free) plugin named Akismet that apparently is a very efficient collaborative filter service to remove comment filling attempts by bots.

I really don't know how it works, but it works perfectly well.

Every now and then I log into my site and check the suspicious, "on hold" attempts: 100% are bot-generated...
H.

They should use the Sesame Street captcha (1)

Centurix (249778) | more than 7 years ago | (#19464529)

You know, "One of these things is not like the other, one of these things is not quite the same.", then show pictures of things with one different. Maybe a difference in concept, like for example, outlines of 4 birds, one flying three not. Which is the odd one out.

Am I the only one that hates these? (1)

kabocox (199019) | more than 7 years ago | (#19464535)

There are somethings that I hate with a passion. Whenver I run into one of these (even the easier ones) these get into my top ten things I really wish the person that designed them has to spend time in a special hell filling out every one of these things successfully before they are allowed into heaven.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?