Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Log In

Log In

[ Create a new account ]

Will Solve Captcha for Money?

Posted by CmdrTaco on Wed Sep 06, 2006 08:37 AM
from the i've-done-worse-for-less dept.
alx_lo writes "Captchas are a nice idea to protect your blog or guestbook from being spammed by robots. But what good is this protection when you can hire "data entry specialists" to solve captchas for $0.60 per hour for 50 hours a week? Anyone here who can think up a solution that does not include drastically changing the global economy? How about captchas that require cultural background knowledge to solve?"
This discussion has been archived. No new comments can be posted.
Will Solve Captcha for Money? | Log In/Create an Account | Top | 490 comments (Spill at 50!) | Index Only | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1) | 2
  • no good solution for now (Score:5, Interesting)

    by PrinceAshitaka (562972) * on Wednesday September 06 2006, @08:38AM (#16051619)
    (http://www.euvsus.blogspot.com/)
    The cultural background idea sounds good, but that may just reduce the number of Captchas these laborers can solve in an hour. A simple internet search should be able to solve these questions. What would be a few examples of a good Captcha for Americans. You will always find a good portion of Americans that are unable to answer even the simplest.

    US customs has been known to ask cultural questions at border crossings. My sister was once asked what Dan Quayle's parents did for a living after she said she lived in Indiana. This question is a bit before her time. (His parents ran a newspaper in Indiana.) This also brings into question age. My parents kill me in the original version of trivial pursuit that they play, but I win when playing the newest version.

    A temporary stop gap measure might be to use the current Captchas in combination of looking at the users geolocation. I can see how this measure though would really anger free speech advocates for the third world.

    How about a mathematical Captcha that cannot be solved with a calculator. Well educated foreigners will not even work for $.60. Then again, how many Americans could solve these.
  • "Who's Hot" (Score:4, Interesting)

    by neoform (551705) <ian@newsique.com> on Wednesday September 06 2006, @08:39AM (#16051622)
    (http://www.newsique.com/)
    I remember seeing an example of a captcha type game a while back where you would have to pick the hottest girl out of 3 pictures in order to continue..

    problem of course is when people disagree on what's "hot"..
    • Re:"Who's Hot" (Score:5, Funny)

      by osgeek (239988) on Wednesday September 06 2006, @08:47AM (#16051683)
      (http://slashdot.org/)
      Yeah, but when the choices are Bea Arthur, Rosie O'Donnell, and Natalie Portman; selecting either of the first two should give you an electric shock on top of not allowing you to post.
      [ Parent ]
      • Re:"Who's Hot" by AmberBlackCat (Score:1) Wednesday September 06 2006, @09:35AM
        • 1 reply beneath your current threshold.
      • Re:"Who's Hot" by ReptileQc (Score:1) Thursday September 07 2006, @12:46AM
      • 1 reply beneath your current threshold.
    • Re:"Who's Hot" by neonprimetime (Score:2) Wednesday September 06 2006, @08:48AM
      • Re:"Who's Hot" by Morphine007 (Score:2) Wednesday September 06 2006, @08:57AM
      • Re:"Who's Hot" by NormalVisual (Score:2) Wednesday September 06 2006, @10:11AM
      • 1 reply beneath your current threshold.
    • Re:"Who's Hot" by rgoree (Score:2) Wednesday September 06 2006, @09:46AM
    • Re:"Who's Hot" by ArsenneLupin (Score:2) Wednesday September 06 2006, @09:50AM
      • Re:"Who's Hot" by soft_guy (Score:2) Wednesday September 06 2006, @10:02AM
        • Re:"Who's Hot" by Grishnakh (Score:2) Wednesday September 06 2006, @01:08PM
    • Re:"Who's Hot" (Score:4, Insightful)

      by squiggleslash (241428) on Wednesday September 06 2006, @10:45AM (#16052765)
      (Last Journal: Friday November 09, @04:36PM)

      Ignoring any issues about offensiveness or whatever, that's not the problem with it. The problem is that it's easily broken.

      How do you break it? Easy. Just pick a random number between one and the number of options you have. For a three option CAPTCHA, you have a one-in-three chance of getting through. You're a spammer remember, so these odds do not deter you, all you have to do is run your automated script three times and you'll be close to sending out the same number of spamvertisements as you would have sent without the CAPTCHA.

      Realistically no multiple choice system, as advocated by a number of posters here, will succeed unless it has so many choices that it's improbable a real user will be able to use the system without issues.

      CAPTCHAs are a bad idea in general. Yet again they're a poor, unwieldy, temporary "solution" to a problem the inventors barely understand that causes more problems than it fixes. Like 99% of anti-spam solutions. The only thing worse than a CAPTCHA is what'll replace them.

      [ Parent ]
    • Which is why it's the most stupid captcha ever by Moraelin (Score:2) Wednesday September 06 2006, @10:51AM
    • Re:"Who's Hot" by Yogs (Score:1) Wednesday September 06 2006, @11:45AM
    • Re:"Who's Hot" by treeves (Score:2) Wednesday September 06 2006, @08:15PM
    • 2 replies beneath your current threshold.
  • Just don't by omeg (Score:2) Wednesday September 06 2006, @08:42AM
    • Re:Just don't by stoolpigeon (Score:3) Wednesday September 06 2006, @08:48AM
    • Re:Just don't by Finn61 (Score:1) Wednesday September 06 2006, @09:38AM
      • Re:Just don't by ergo98 (Score:1) Wednesday September 06 2006, @09:44AM
        • Re:Just don't by ElleyKitten (Score:2) Wednesday September 06 2006, @03:14PM
          • Re:Just don't by ergo98 (Score:1) Thursday September 07 2006, @08:17AM
    • Re:Just don't by Skim123 (Score:2) Wednesday September 06 2006, @10:19AM
    • Re:Just don't by Vexorian (Score:1) Wednesday September 06 2006, @11:49AM
    • 1 reply beneath your current threshold.
  • Unique Reg Form (Score:5, Informative)

    I admin a PHPBB-based forum and the spam (from bots) was getting out of hand. They were going through the built-in CAPTCHA with no problem. The solution ended up being that I had to modify the registration form so that it wasn't just the default form. Throw a couple of oddball questions on the form, make them required, and bots can't deal with it since the bot script can't account for deviations from the norm.
    • Re:Unique Reg Form by varunvnair (Score:1) Wednesday September 06 2006, @09:06AM
    • Re:Unique Reg Form by duh_lime (Score:1) Wednesday September 06 2006, @09:20AM
    • Re:Unique Reg Form by Yvanhoe (Score:3) Wednesday September 06 2006, @09:21AM
    • Re:Unique Reg Form (Score:5, Interesting)

      by soliptic (665417) on Wednesday September 06 2006, @09:30AM (#16052076)
      (http://www.keiretsumusic.com/steve/ | Last Journal: Saturday February 17 2007, @05:51PM)
      I actually did something fairly similar with my phpbb installation.

      I noticed that bots were signing up but not actually posting, (I donno, maybe they were meant to post but that part of the script broke -- either way, they never posted, but it annoyed me having them there.) They were just there, with links to sites selling vicodin/viagra/etc. Which annoyed me somewhat, but one time a child porn link showed up which was really the straw that broke the camels back, and I decided to stop it. I noticed that 99% of the sites were *.ru so I altered the reg form to throw an error if it detected a *.ru domain in the website field. Then I just started getting non *.ru domains instead, so I just thought, fine, fuck it.... Now if anybody signs up with ANY website in the website field, it throws an error, and has a message along these lines:
      I notice you have a website listed. To prevent spam bots signing up to link their websites, this has been disabled on registration. If you are not a spam bot, just complete your sign up with no website, you will be able to add it back in by editing your details once you have registered
      Since then, no spam bots. w00t. Of course, that forum only gets a handful of signups per year, so I don't really care if it inconveniences people slightly, it's primarily intended as a "private"ish (real life friends) forum anyway.
      [ Parent ]
      • Re:Unique Reg Form (Score:5, Interesting)

        by ahsile (187881) on Wednesday September 06 2006, @09:34AM (#16052114)
        (http://www.zenwerx.com/personal/)
        I had the same issue. I searched all over for some sort of blacklist plugin for phpbb to fix the issue, because i was just sick and tired of banning all sorts of domains every day. In the end, I ended up changing the website field to "hidden" on new user registration, and if the bots enter text into it... then I throw an error message.
        [ Parent ]
      • Re:Unique Reg Form by MythoBeast (Score:2) Wednesday September 06 2006, @10:57AM
      • Re:Unique Reg Form by Ruprecht the Monkeyb (Score:2) Wednesday September 06 2006, @11:09AM
      • Re:Unique Reg Form by niceone (Score:1) Wednesday September 06 2006, @11:19AM
      • Re:Unique Reg Form by soliptic (Score:1) Wednesday September 06 2006, @04:56PM
      • Re:Unique Reg Form by NaDrew (Score:2) Thursday September 07 2006, @11:20PM
    • why not give them all random names? by cyclomedia (Score:1) Wednesday September 06 2006, @09:51AM
    • Re:Unique Reg Form by philmck (Score:2) Wednesday September 06 2006, @09:53AM
    • Re:Unique Reg Form by mikeboone (Score:2) Wednesday September 06 2006, @10:28AM
    • 1 reply beneath your current threshold.
  • SweatShopSoftware.com (Score:5, Funny)

    by osgeek (239988) on Wednesday September 06 2006, @08:44AM (#16051664)
    (http://slashdot.org/)
    My team of fine Southeast Asian workers will remove spam from your web site/bulletin board/blog for a low low price of $.60 US/hour.

    Incidentally, for those of you in the market to advertise your wares: My team of fine Southeast Asian workers will circumvent those inconvenient captchas on web sites/bulletin boards/blogs for a low low price of $.60 US/hour.

    Here at SweatShopSoftware.com, we have a solution to every problem.
  • Reverse Turing Tests by neonprimetime (Score:2) Wednesday September 06 2006, @08:45AM
  • Still hurts spammers (Score:5, Insightful)

    by ZachPruckowski (918562) <zachary.pruckowski@gmail.com> on Wednesday September 06 2006, @08:46AM (#16051679)
    This still hurts spammers, because spamming is otherwise pretty cheap. Once you've grabbed bots, all you have to do is upload a few hundred KB of scripts to an IRC channel. It's practically zero overhead. This adds some to the equation. Adding overhead puts smaller spammers out of business, and it's the way to win. We can't stop spam, just make it harder.
  • That's Ironic.... (Score:3, Informative)

    by Gemini_25_RB (997440) on Wednesday September 06 2006, @08:48AM (#16051700)
    Yesterday, I saw a presentation by Dr. Luis Von Ahn (developer of the ESP Game, and other CAPTCHA type games). He claimed that spammers and porn companies are willing to pay about $2.50 an hour for 720 CAPTCHAs an hour, or about 1/3 cent per CAPTHCA. (The CAPTCHA solcing is needed to create more free email spamcounts.) I don't know why people would solve them for so much less...
  • Timing (Score:4, Insightful)

    by kevin_conaway (585204) on Wednesday September 06 2006, @08:49AM (#16051702)
    (http://pyscrabble.sf.net/)

    Perhaps a solution is making the captcha time-intensive? If it takes an additional 30 seconds of 45 seconds, it might cut down on the number of captchas a person could solve in an hour.

    This would probably work better for sites where you only enter the CAPTCHA once, say for creating an account.

    • Re:Timing by TheBogBrushZone (Score:3) Wednesday September 06 2006, @09:32AM
      • Re:Timing by darkmeridian (Score:2) Wednesday September 06 2006, @10:21PM
      • Blind people by tepples (Score:2) Wednesday September 06 2006, @05:10PM
      • 1 reply beneath your current threshold.
    • Re:Timing by OakDragon (Score:2) Wednesday September 06 2006, @09:45AM
      • Re:Timing by Alfred, Lord Tennyso (Score:3) Wednesday September 06 2006, @10:13AM
    • Re:Timing by poot_rootbeer (Score:2) Wednesday September 06 2006, @12:10PM
    • Re:Timing by halcyon1234 (Score:1) Wednesday September 06 2006, @06:04PM
    • 2 replies beneath your current threshold.
  • refundable micropayments. (Score:5, Interesting)

    by yourestupidjerks (948216) on Wednesday September 06 2006, @08:49AM (#16051709)
    Refundable micropayments. Seriously. Require people pay $1 to post a comment, payable via paypal or whatever. Once you have checked their comment, you can add them to a whitelist that will never be charged again and refund them their $1. Spammers don't get their dollar back, don't get added to the whitelist, and have their comment removed. The result over the course of a large number of blog entries would be to significantly increase the cost of doing business for spammers, while providing only a very minor inconvenience for legitimate users.
  • What are CAPTCHAs really for? (Score:3, Insightful)

    by MasterC (70492) <cmlburnett@nOspAm.gmail.com> on Wednesday September 06 2006, @08:50AM (#16051711)
    (http://www.candysporks.org/)
    Maybe I missed the memo/boat on this, but aren't CAPTCHAs here specifically to stop automated spamming, automated account creation, etc.? After all CAPTCHA == Completely Automated Public Turing test to tell Computers and Humans Apart [wikipedia.org].

    So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.

    Then the "other side" will volly back with an image algorithm to thwart CAPTCHA, then we'll get CAPTCHA 2.0 with synergistic AJAX-enabled authentication, and then we'll have Terminators ruling the world.
    • Re:What are CAPTCHAs really for? by kiveol (Score:1) Wednesday September 06 2006, @09:09AM
    • Re:What are CAPTCHAs really for? by LordEd (Score:2) Wednesday September 06 2006, @09:26AM
    • Re:What are CAPTCHAs really for? (Score:5, Informative)

      by pla (258480) on Wednesday September 06 2006, @09:58AM (#16052338)
      (Last Journal: Monday April 03 2006, @07:23PM)
      So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.

      Yes and no - That solves the problem of precreated CAPTCHAs, by throwing CPU time at it, but the FP's complaint doesn't actually involve what CAPTCHAs solve.

      CAPTCHAs, if effective (which a market for human solvers suggests), only prove that a human has responded. If a human solves it for pay on behalf of a spammer - The CAPTCHA worked perfectly. Virtually every suggestion on this topic has missed that key point. Using culturally-dependant information, or judgements of aesthetics, or awkwardly-phrased audio clips, or even time-wasting math problems, all still just prove that a human answered the question.

      The real problem here involves the misuse of CAPTCHAs by those who assume they do something which they don't. They don't weed out "undesireables". They weed out non-humans. It really doesn't matter how complex you make them; if a human can solve it, you still have the same underlying flaw - Namely, that we have a HUMAN enemy in this battle.



      Instead, we need to exploit a human vulnerability - Mortality. We need to hunt down spammers and kill them, slowly and painfully. We need to torture their wives and kids in front of them, then string the lot of 'em up in town squares as an example to others. We then need to hunt down all the companies funding these spammers as a form of advertising and castrate their boards of directors.

      Or better yet, we need to trick them into running P2P nodes and let them and the RIAA weaken each other to the point that we can easily eliminate the winner.
      [ Parent ]
    • Re:What are CAPTCHAs really for? by 14CharUsername (Score:3) Wednesday September 06 2006, @11:39AM
    • Re:What are CAPTCHAs really for? by dk.r*nger (Score:3) Wednesday September 06 2006, @12:04PM
  • by cowscows (103644) on Wednesday September 06 2006, @08:50AM (#16051712)
    (http://shawn.redhive.com/ | Last Journal: Thursday May 26 2005, @09:04AM)
    This issue quickly runs into the same sorts of problems that copy protection on software does. People who are dedicated to breaking the system will still be able to, but normal people trying to work with the system are just getting annoyed.

    It's a mild pain in the ass to match a swirled up picture of letters (I've known the alphabet for about 25 years, and I still get them wrong sometimes), but I'll usually go through it. Make it much more difficult than that, however, and I'm pretty likely to decide it's not worth it, and go waste my time on another website.

    The solution to this problem is not to make the visitor do more work, because you can easily drive your visitors away by making your website a hassle. The spam needs to be filtered on the server side, or just deleted as it appears.

    I've encountered this problem on my own neglected website, and I haven't found a good solution that I have the skills to implement. I generally just delete the spam as it appears, and I turn off commenting on older posts. This works for my personal site, because it's low traffic, but I'd imagine someone who gets more readers and spam could find the motivation to set up some sort of filtering, similar to email spam filters.
  • Leisure Suit Larry (Score:5, Funny)

    by jconley (28741) on Wednesday September 06 2006, @08:50AM (#16051714)
    (http://gotperl.com/)
    I wish I had someone that could have answered the questions at the beginning of Leisure Suit Larry for me when I was 11...I would have broken open the piggy bank to play!
  • Reputation ID (Score:5, Interesting)

    by robotsrule (805458) * on Wednesday September 06 2006, @08:51AM (#16051717)
    (http://www.robotsrule.com/phpBB2/)
    This is why I believe in the future there will be two Internets. The one we have now which is wild and wooly where you can remain anonymous, and one where you can't do anything without a Reputation ID that is tied to a biometric identification method (fingerprint, voiceprint, etc.). There will be third party companies like Google that have Reputation ID accounts and will handle the authentication. The Reputation ID based Interent is where eCommerce, government and medical records, etc. based web sites will live.

    I hope to heaven that instead of a biometric authentication, someone can come up with a card reader for driver's licenses or some other ID method, but current events seem to indicate biometric authentication will prevail. Even in that case, I hope it is a "authenticated-user" token passing scheme so that the web site that you want to visit never knows who you are, just that you are a valid user that owns the account ID you claim to own (the Reputation ID web site acts as middleman and privacy shield, pray they are never hacked).

    By the way, I don't like the thought of privacy problems and Reputation ID spoofing scenarios this implies. I just don't see any other way way to build an Internet with a high degree of trust. As I type this I am looking at the SlashDot captcha box for comments.
    • Re:Reputation ID by Tharkban (Score:2) Wednesday September 06 2006, @09:20AM
    • Re:Reputation ID by CortoMaltese (Score:2) Wednesday September 06 2006, @10:05AM
      • Re:Reputation ID by slothman32 (Score:2) Wednesday September 06 2006, @09:20PM
      • 1 reply beneath your current threshold.
    • Re:Reputation ID by Jack9 (Score:2) Wednesday September 06 2006, @10:46AM
    • Re:Reputation ID by Lord Ender (Score:2) Wednesday September 06 2006, @11:45AM
      • Sign out. by Grendel Drago (Score:2) Wednesday September 06 2006, @02:27PM
    • Re:Reputation ID by bzerodi (Score:1) Wednesday September 06 2006, @12:15PM
    • Re:Reputation ID by lavaface (Score:2) Thursday September 07 2006, @04:27AM
    • PGP by Luke-Jr (Score:1) Friday September 08 2006, @07:16PM
    • 1 reply beneath your current threshold.
  • Correct me if I'm wrong... (Score:3, Interesting)

    by grasshoppa (657393) <skennedy AT tpno-co DOT org> on Wednesday September 06 2006, @08:55AM (#16051744)
    (http://tpno-co.org/)
    ...but haven't they been doing this for a few years now? I seem to remember a story, at least a year back, where spammers were giving porn away for free, as long as you solved a captcha every couple views.
  • Moderation (Score:5, Interesting)

    by truthsearch (249536) on Wednesday September 06 2006, @08:55AM (#16051750)
    (http://seenonslash.com/ | Last Journal: Friday May 11 2007, @04:02PM)
    I helped develop one of the largest websites in Europe (in terms of traffic and volume of content). Human spammers have been bypassing our CAPTCHA for a while now. We still keep the CAPTCHA to block most bots. The data input goes through a custom spam filter. These human spammers are trying to spread their URLs, email addresses, and phone numbers just like most spam, so this helps to a large extent. Anything that gets through that can be flagged as spam by users. On top of all that there's some human moderation by the business which owns the site.

    So in the end spam filters can help but human moderation is still the only real working solution today.
    • Re:Moderation by mgblst (Score:2) Wednesday September 06 2006, @09:31AM
      • Re:Moderation by truthsearch (Score:2) Wednesday September 06 2006, @09:34AM
      • Re:Moderation by ArsenneLupin (Score:2) Wednesday September 06 2006, @09:56AM
  • Oops! by laughingcoyote (Score:2) Wednesday September 06 2006, @09:05AM
    • Re:Oops! by SydShamino (Score:2) Wednesday September 06 2006, @10:22AM
      • Re:Oops! by laughingcoyote (Score:2) Wednesday September 06 2006, @02:11PM