Building a Better CAPTCHA 197
jcatcw writes "Steven J. Vaughan-Nichols reports that CAPTCHA cracking isn't that difficult these days. It has even become a business. For example, DeCaptcher.com will solve CAPTCHAs for your spamming needs at a rate of $2 per 1,000 successfully cracked CAPTCHAs. In response, newer systems are in development. Both Carnegie Mellon and Penn State (is there something about the water in PA?) are working on image-based systems. ESP-PIX and SQ-PIX both require the viewer to interpret pictures. Imagination CAPTCHA from Penn has the user find the center of an image. The idea is that humans are better at image recognition that computers, but humans can legitimately disagree on their interpretations and some humans are color blind. Problems remain. For now, sites would be well advised to look at reCAPTCHA — the system that works with Google Books and the Internet Archive to digitize printed texts — which comes with a wide variety of application and programming plug-ins and an open API."
Indecipherable (Score:5, Insightful)
Youtube captchas are terrible. (Score:2, Insightful)
I speak for everyone. Captchas SUCK.
Get rid of them.
Dying Technology (Score:5, Insightful)
C.A.P.T.C.H.A - Completely Automated Public Turing test to tell Computers and Humans Apart.
This is a dying technology.
1) Computers and synthetic systems in general are ONLY going to get better at doing anything a human can do. I mean anything.
2) Humans are a substitute for our lack of a synthetic system to solve a CAPTCHA.
A CAPTCHA has two answers to it's owner. This is a Human and this is a Computer. Humans can be hired to solve CAPTCHA at economically viable rates to meet the demand with a supply. Computers are catching up at being able to solve various CAPTCHAs creating an "arms race" between developers and those that need to crack CAPTCHA automatically with high throughput.
The window for this technology to be effective in its use is shrinking rapidly and it will only be a matter of time before it is nearly impossible to tell without phsyical inspection what is a synthetic human reponse and an actual one.
How to get around CAPTCHA for Porn? (Score:5, Insightful)
Even if they had a perfect system that could tell a person from a computer, how can they prevent a CAPTCHA for porn system?
(You make a website offering porn for entering the solution to a CAPTCHA from a 2nd site, and then use that solution on that 2nd site)
Worded questions? (Score:2, Insightful)
I thought the ideal captcha would be worded questions presented in the same image-like format as current captchas, e.g. "Two and Two makes?" or "The opposite of day is..?" Whilst the image recognition is now feasible, making a general system to solve this problem would be somewhat more difficult than just improved single-word captchas.
Annoyingly, however, the system to create such captchas cannot really be automated (in terms of creating the questions). So I suppose as long as the captchas are computer created / can be made automatically, they will also be computer crackable/solvable
Re:How to get around CAPTCHA for Porn? (Score:4, Insightful)
Captchas have right or wrong answers, which can be immediately verified.
Spam or not spam can not. Some imbeciles can just make random selections without caring. Even if you give posts to multiple people to see if they agree, you can get enough imbeciles to ruin the system.
Suck it, Vernor & Kurzweil (Score:3, Insightful)
No one could ever predict that it would be spammers and porn merchants who would solve the hardest problems in AI.
Stop Comment Spam By Analysing the Actual Content (Score:2, Insightful)
Enough with the annoying captcha's stop comment spam by just analyzing the content.
Free and works well:
http://defensio.com/
Re:Dying Technology (Score:4, Insightful)
Using a human being to solve a CAPTCHA is not "cracking" the CAPTCHA, nor does it make the next blog or even the next CAPTCHA any less secure. If the CAPTCHAs are actually successful enough that the only solution is to hire third-worlders to do them for you, a large part of the battle is already won.
Will it stop all spam? No. Will all spam ever be stopped? Nope, so let's take what we can get while we can get it.
Re:Pay captcha creators :) (Score:3, Insightful)
Presumably the universe of tunes every internet user could be expected to know is quite small, so it would only be a matter of matching to that set. There's already an iPhone app (Shazam, I think it's called) that can identify ambient music and send you to the iTunes purchase link. That's presumably a much harder problem (a vastly bigger universe and probably poorer sound quality), and it's already been solved.
Nope, that won't work either. (Score:4, Insightful)
Give me the frames of such an animation and I can trivially write a program that simulates persistence of vision by smearing the pixels over time, thus making it solvable by a computer.
In the long run, CAPTCHAs are doomed.
Re:Dying Technology (Score:3, Insightful)
And:
3) As you make it harder to solve for computers, you also make it harder to solve for humans.
Since current CAPTCHAs are getting quite difficult for humans to solve, the process has already reached it's limit. Facebooks captchas are difficult enough for me that I have to ask for a new one 5-10 times to get one I'm fairly sure of.
This one involving optical illusions is absurd, there will be large numbers of people who can never get it right.
Re:Indecipherable (Score:4, Insightful)
pretty much. It's outsourcing your captcha solving to impoverished third-world solvers. So really, there's nothing they can do to make Capchas better - humans ARE solving them, it's just an economic imbalance being exploited.
I use it because I'm sick of capchas everywhere and it's dirt cheap. I figure if we break them bad enough people will stop trying dumb technical solutions to social problems. (spam)
Re:Youtube captchas are terrible. (Score:3, Insightful)
Yes, they are. They are not stopping all spammers, but that is very different from not stopping them at all.
Re:Dying Technology (Score:3, Insightful)
That's not what I meant. A Turing test is designed to test subjects and from their answers determine if it is a human or a computer. You are talking about the answer that a subject may give to the test itself. I was talking about the result that the Turing test may give to the researchers or the system. They are two different things.
Clicking "I don't know" or "Give me another" equates to a failure result from the CAPTCHA's point of view, not a third result type.
Re:Dying Technology (Score:2, Insightful)
That's heading towards the voight-kampff test.
Re:OCR (Score:3, Insightful)
Who the hell knows that shit??? O_o
Google.
In other news, it's probably a bad idea to base a captcha on something Google will look up for you.