Why the CAPTCHA Approach Is Doomed 522
TechnoBabble Pro writes "The CAPTCHA idea sounds simple: prevent bots from massively abusing a website (e.g. to get many email or social network accounts, and send spam), by giving users a test which is easy for humans, but impossible for computers. Is there really such a thing as a well-balanced CAPTCHA, easy on human eyes, but tough on bots? TechnoBabble Pro has a piece on 3 CAPTCHA gotchas which show why any puzzle which isn't a nuisance to legitimate users, won't be much hindrance to abusers, either. It looks like we need a different approach to stop the bots."
Re:My solution is simple & elegant: (Score:5, Informative)
The author was arguing that one of the primary reasons to do captcha breaking is to get freebee email accounts on GMail/Yahoo to send spam from.
Limit the email the account can send, and you reduce the desire for the account. Reduce the usefullness of the account, and you reduce the desire to crack the captcha on new account signups, or at least the profitability in doing so.
It's one approach that would make a difference, but it's clearly not the only solution.
Re:That wooshing sound.... (Score:3, Informative)
Wrong implementation (Score:4, Informative)
Most CAPTCHAs are hacked because their implementation is amatuerish. They are hacked by resusing session ids or dictionary attacks and nothing to do with actual image itself. Long story short CAPTCHAs reduce the amount of spam by more than 50% simply because it's not worth the effort for a spambot to break it, after all they have the entire internet to spam.
Some are good some are bad and most are downright horrible, but you wouldn't want your favorite forum to be trolled by spambots would ya? Might as well live with it. Nothing works 100% you should know that by now
Re:8==C=A=P=T=C=H=A==D (Score:4, Informative)
Already been done [thephppro.com].
Re:Browsing Trends (Score:3, Informative)
I agree there are ways to circumvent it, but the majority of bots will not go to the trouble of doing that, and that's the key.
Another idea would be to observe mouse movements through Javascript to detect a real user. This would be VERY inefficient for a bot, and probably not worth the while.
This would work great until the majority of websites do it, then it is worth the overhead for the bot to go to the trouble of doing it. When CAPTCHA started it wasn't worth the bot writers' trouble to crack it. They just went to easier sites, but as more and more sites adopted CAPTCHA the value of cracking it became greater. Any successful system will eventually be adopted by a large enough number of websites to make it worth the bot writers' time to crack. At which time they will.
Re:So what next? (Score:5, Informative)
Not really (Score:5, Informative)
Re:That wooshing sound.... (Score:5, Informative)
Yup. I used PHPBB2 and changed the CAPTCHA code.
"Type the following text in the CAPTCHA box . Ignore the image below."
All spamming stopped. Regular users were fine.
Re:That wooshing sound.... (Score:3, Informative)
Re:I really like the concept behind Re-Captcha (Score:3, Informative)
Re:That wooshing sound.... (Score:2, Informative)
Re:Stuck in the old ways (Score:5, Informative)
Re:That wooshing sound.... (Score:3, Informative)
I tend to think using Recaptcha just earns somebody money, it is not really doing any particular good for the world.
Would it be asking too much to suggest you check the FAQ [recaptcha.net] or About Us [recaptcha.net] links? Is it enough that "reCAPTCHA channels this human effort into helping to digitize books from the Internet Archive", or does it help that "reCAPTCHA is a project of the School of Computer Science at Carnegie Mellon University"?
Or perhaps you'll take the word of Science magazine [recaptcha.net]. Of course, the link is to a .pdf reprint hosted at recaptcha.net, so YMMV (depending on the tightness of your tinfoil hat). It could all be an evil spammer plot. Yes. Yes it could.
Re:That wooshing sound.... (Score:4, Informative)
Yes, me too. I simply ask "How do you spell spam?" for my question. Stopped the spambots in their tracks :)
Re:That wooshing sound.... (Score:1, Informative)