Forgot your password?
typodupeerror
Security The Internet

Video Captchas are Hard for Computers to Understand but Easy for Humans (Video) 128

Posted by Roblimo
from the who-do-you-think-you-are dept.
A new company called NuCaptcha provides animated video captchas it says are much harder for OCR-based programs to crack than static captchas, but lots easier for humans to figure out. While at the 2012 RSA conference, Timothy Lord pointed his camcorder at NuCaptcha CTO Christopher Bailey, and had him explain how video captchas work and how the company makes money. The video includes demos of the video captchas so you can see what they look like (and the company's website has lots more video captcha examples).

This discussion has been archived. No new comments can be posted.

Video Captchas are Hard for Computers to Understand but Easy for Humans (Video)

Comments Filter:
  • Wait, what?! (Score:5, Informative)

    by Anonymous Coward on Monday March 05, 2012 @09:53AM (#39246831)

    I just read the opposite here:
    http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/

    • Without reading that (I just watched the video) wouldn't it be rather simple for an application to just go over it frame-by-frame, guess the characters, average the results, and try the ones with the highest score? The longer the video the better.

      • well, in OCR one of the first steps is to identify the objects that are characters in the image (calculate bounding boxes for each char)
        so the process can be even simplified, you don't need to run the algo on every frame you just do boundary recognition on some
        continuous frames, gathering character edge data for the - slightly offset per frame - chars and at the end you evaluate just the edge
        data.

    • by richg74 (650636)
      There was also an article on breaking NuCaptchas at about a week ago: http://www.technologyreview.com/blog/editors/27607/ [technologyreview.com]

      Just looking at the demos, it seems that identifying the characters might be easier for these, in one sense: they're moving.

  • Seriously? (Score:5, Informative)

    by Anonymous Coward on Monday March 05, 2012 @09:53AM (#39246833)

    Does nobody remember the front page article from only a few weeks ago detailing how these have already been cracked?
    http://tech.slashdot.org/story/12/02/20/1746242/researchers-break-video-captchas

  • Fun to decode? (Score:5, Interesting)

    by Aladrin (926209) on Monday March 05, 2012 @10:02AM (#39246935)

    Looking at the samples on the screen as he was talking, I think those would be fun to write a decoder for... And possibly even easier than image captchas.

    Why? Because they're moving, and you have a better chance to figure out the outline of each shape because of it. Also, you can use traditional techniques on each frame of the video and submit the one that has the highest confidence, and you could do that with existing tech.

    Honestly, I don't see this being better than what we have.

    • by jpapon (1877296)
      I agree. In fact, the samples I saw looked like you could just take one frame and you'd have an easy to decode captcha, since each individual frame was far simpler than some of the advanced captchas I've seen around.

      These would only be more difficult if you actually change the content over time. From what I've seen, they don't, they merely scroll the words across the screen.

      They don't even apply time-varying noise to it, which I don't understand at all. The human visual system is really good at using te

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      THIS THIS THIS.

      They don't even bother to modify the images as they move.
      Moving will give a more static object, more so by it moving frame by frame.
      If it was those blurry, pixelized texts flowing over a background, it'd be considerably harder to pick out information, even better if they actually noise up the background as well.
      It'd be great if they skewed, stretched and warped the image to certain extents as it moves.

      I'd still rather see furry animals on a rug strip and you type the first letter for each an

      • Re:Fun to decode? (Score:4, Interesting)

        by HarrySquatter (1698416) on Monday March 05, 2012 @10:39AM (#39247363)

        They don't even bother to modify the images as they move.
        Moving will give a more static object, more so by it moving frame by frame.
        If it was those blurry, pixelized texts flowing over a background, it'd be considerably harder to pick out information, even better if they actually noise up the background as well.
        It'd be great if they skewed, stretched and warped the image to certain extents as it moves.

        A lot of that would be easy to defeat with basic video filtering techniques like noise removal, motion compensation, etc.

    • hello.. only the important stuff is moving, making it even easier to differentiate from the background.. what were they thinking?
      • by Aladrin (926209)

        I think that's an artifact of having to make it human-accessible. If you make it too complicated, too many people will complain about how hard they are. If you make them too simple, computers can solve them easily.

        Unfortunately, what usually happens is that both of the above are true at the same time, which means there's no good solution there. You either let computers in, or you keep some humans out.

  • by RyanFenton (230700) on Monday March 05, 2012 @10:08AM (#39246989)

    If you generate them statically (as videos), then all someone has to do is what they're already doing - put up a site with some fake content, and ask users to go through "their" capcha, telling them the human answer to that particular video, and making an index of videos to answers.

    If you generate the videos dynamically, well, it won't be very scalable, because it's going to take too much processing time per user. Might work well for occasionally verifying expensive content, and it might be more useful in the future - but networks (at least in the US) take a long time to improve, on the scale of hard drive improvements, so you're bottlenecked there too.

    Hybrid tricks (layering static video) end up the same as static with a little analysis.

    I'd say this falls in place with automated phonecall techniques as a somewhat expensive and annoying way of verifying 'humanity'.

    Ryan Fenton

  • by Oswald McWeany (2428506) on Monday March 05, 2012 @10:11AM (#39247017)

    It's getting to the point where I feel like I need an application to read Captchas for me.

    Half the time I get them wrong. I swear a computer would HAVE to be better at translating them than me. This video is going to help- but we have to face the fact... EVENTUALLY, no captcha device will be able to block bots but not people.

    EVENTUALLY all bots will be better at breaking all captchas than humans will be.

    There will probably be a time we look back on the good old days when the internet was usable by humans as a means of communication.

    / Disclaimer: Oswald is an ex-bot who gained near human cognition and intelligence.

    • by John Hasler (414242) on Monday March 05, 2012 @10:25AM (#39247187) Homepage

      EVENTUALLY all bots will be better at breaking all captchas than humans will be.

      It's much worse than that. Because the botherders can tolerate a very high failure rate the bots can be much worse than humans and still be effective.

    • by Canazza (1428553) on Monday March 05, 2012 @10:27AM (#39247221)

      or CAPTCHAs that are impossible for a Human to solve but trivial for a computer. so if it passes, it's a computer! :D

    • by jittles (1613415)

      It's getting to the point where I feel like I need an application to read Captchas for me.

      Half the time I get them wrong. I swear a computer would HAVE to be better at translating them than me. This video is going to help- but we have to face the fact... EVENTUALLY, no captcha device will be able to block bots but not people.

      EVENTUALLY all bots will be better at breaking all captchas than humans will be.

      There will probably be a time we look back on the good old days when the internet was usable by humans as a means of communication.

      / Disclaimer: Oswald is an ex-bot who gained near human cognition and intelligence.

      What you don't realize is that captchas were designed by Skynet! That's right. The AI is working quickly to try and figure out when a human is using the internet and not a computer. Once the captcha technology is complete, only Skynet computers will be able to enter captchas. That is how they will test to make sure that you are really a human, and can be destroyed.

    • by npuzzle (1875242)

      Most Captchas that we encounter rely on some form of pattern recognition (whether it's static or dynamic) to work. The computer vision community has been studying (and solving!) related problems for decades and for much more complex tasks. It's sad to see how researchers tend to forget about the past.

      I do my PhD research in applying computer vision algorithms to the medical field. You would be amazed to see how trivial these Captcha pattern recognition puzzles are compared to problems like brain template

    • by chocapix (1595613)

      I just had this vision of a future where captchas are like:

      "We need to verify that you are human. Please violate the Third Law Of Robotics."

    • by Animats (122034)

      It's getting to the point where I feel like I need an application to read Captchas for me.

      Right. ReCaptcha, especially. As book scanning OCR gets better, reCaptcha, which uses OCR rejects, tends to display things which are not words typeable on my keyboard. I've seen ink blots, mathematical formulas, and Cyrillic. If today's OCR systems can't read printed text with context information (adjacent words, what the fonts on the page look like) available, a human probably can't read it without context.

  • by Anonymous Coward

    And what about the large portion of the world that is still on dialup?

    We developers these days just have no fucking clue. HTTP = hyperTEXT transfer protocol.

    Technologies that break the web are useless.

    I think we need to start a new internet. One that works.

  • by Anonymous Coward

    No captcha will ever be unbreakable by the mechanical turk.

  • by Anonymous Coward

    Going to lock out blind people from the video captcha? Or create an alternative that computers can use too?

  • Honestly (Score:5, Insightful)

    by mseeger (40923) on Monday March 05, 2012 @10:23AM (#39247157)

    The CAPTCHAs are already so "good", that i get identified as machines 7 times out of 10 :-(.

  • Being as the vast majority of video delivered over the web seems to be via flash, it seems like this will itself be flash-dependent. Which would, of course, exclude people who cannot or will not use flash for their browser.

    Of course, it may be that this will be deployed on sites where that demographic is not important...
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Surprisingly it seems the answer is no.

      I was all geared up to give my anti-Flash speech and NuCaptcha stunned me by presenting animated GIFs (a format with a bad history but which is now free).

      I'm sure if I start digging I'll find something to dislike (NuCaptcha patenting the idea of moving captchas for example or maybe intentionally holding full copyright on captchas that they aim to embed into as many sites as possible) but the GIFs have put me in such a good mood I'm not going to try.

      Well done NuCaptcha

  • by aepervius (535155) on Monday March 05, 2012 @10:24AM (#39247171)
    Outsource the captacha. Link it to some porn , ask the user to fill the captcha in, and boum, captcha bypassed. no need to do expansive trick program analyze, just use cross site linking. At least those captcha have the merit to be readable by a human, unlike some captcha in cursive-overlapping-slanted letters where if you can answer them , you are prolly not human.
    • by MrP- (45616)

      The solution is quite obvious.

      Step 1. Require the user to provide
      a. Complete name and address
      b. credit card + exp + csv
      c. social security #
      d. faxed copy of ID or license

      Step 2. Confirm the name and address is valid via credit card and ID

      Step 3. Mail certified letter containing captcha code to customer

      Now in 6-8 weeks the user will receive their certified captcha documentation, sign for it and then be able to log in to your site.

      Quite simple really.

  • by Oswald McWeany (2428506) on Monday March 05, 2012 @11:02AM (#39247557)

    You all know what is next don't you?

    You will need your webcam hooked up- and the captcha will call out directions that you need to perform. It would analyse your movements to prove you understood.

    Bow to the camera,
    dosey doe,
    boot scoot, boot scoot,

    "ERROR: You are not a human you did a shuffle step instead of a boot scoot."

    • ... now take off your shirt ... Yes, that looks pretty human, but I need to see more ... Now show me how you move, graceful or robotic ...

  • From just taking a snapshot of the screen and cracking the much simpler static image? That said I'm really hating recaptchas. I've had sites where I had to click next about 10 times to find one that I could figure out what it is AND be able to type it (lots of German, Swedish, greek captchas which I can't be bothered figuring out the key strokes to reproduce). Also philosophically I'm against recaptchas because only half of the crap they want you to type is actually used for security the other half is free

  • I really don't understand why these are any better than a simple grid of images, say 9 or 16, where two of them have something in common but the answers are not obvious from the pictures presented. For instance a grid of 9 animal images where one is a tiger and one is a zebra and the captcha question is "Click two which have stripes", or images of vehicles where one is a bulldozer and one a tank and have "Click two which drive on tracks, not wheels.".
  • Just capturing a single frame of the video is all you need to decode it... obvious flaw...
    Conceptually good, practically useless.

  • I remember reading the opposite.
    I've also lost count of how many times I've had to use the "I'm a blind fucker" audio option because I can never read the damn things.
    On top of that, I'd imagine it'd be relatively easy to make a computer recognize simple numbers being spoken.
    (In before they start making the voices harder to understand too)
  • 1 Take multiple frames 2 Solve the captcha in each one indiviually 3 The most common answer is probably right.
  • The first one I got had E giving it to F in the rear like a damned pro. F sure can take that central horizontal protuberance. There was a T watching it all, rocking back and forth. Pretty charged scene, all and all.

    Gotta hit refresh. I'm hoping for some lowercase action next.

  • OCR for videos are not developed so well so far. (For text, there are several open source projects). There is a well developed industry working on translating movies into 3D content like the structure from motion problem which makes space and camera path reconstruction from a movie. It is only a matter of time until these captchas are broken too. An other hurdle is that the examples use Flash which allows to script pictures using actionscript. The OCR task is not given a movie (a sequence of pictures at f
  • "A new company called NuCaptcha provides animated video captchas it says are much harder for OCR-based programs to crack than static captchas,"

    So, IOW, someone took my idea of using video captchas (flashing scenes from an anime series, which you must identify as the captcha code.)

    Bet someone there reads slashdot (as I've mentioned that here many times before) or visits my anime forum.

  • Just imagine how quickly the Enigma cypher would have been solved if used as a captcha!
  • With the analysis at

      * http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/ [elie.im]

    I find my own CAPTCHA is just as good, but at least you get to look at a nice cup of coffee:

      * http://stephansmap.org/sign_up [stephansmap.org]

  • Not to be insulting, but he looks like the possible result of David Letterman crossed with Thomas Dolby.
  • Mix crowd sourcing, cheap data connection, low labor cost of India together and what do you get? You can hire people in India to sit in front of their computers on 8 hour shifts breaking any captcha you throw at them.
  • Don't think it will get any better with video ..

  • I hate captcha's, especially poorly designed ones that display letters using strange, warped fonts that the letters used could be another letter, or number. Here is a better idea... replace captcha's with a 2-factor authentication. Like Facebook or Google does. You know its a real person, because they have to receive the text (facebook) or launch an app on their phone and copy out a code (Google) which is trivial to do, and is remembered by a cookie so you only have to do it once.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...