Forgot your password?
typodupeerror
Advertising Security Stats IT

CAPTCHA Using Ad-Based Verification 174

Posted by samzenpus
from the more-human-than-human dept.
mk1004 writes "Yahoo news has an article explaining how the text-based CAPTCHA is giving way to ad-based challenge/response. It's claimed that users are faster at responding to familiar logos, shortening the amount of time they spend proving that they are human. From the article: 'Rather than taking just a mere glance to figure out, recent studies show that a typical CAPTCHA takes, on average, 14 seconds to solve, with some taking much, much longer. Multiply that by the millions and millions of verifications per day, and Web users as a whole are wasting years and years of their lives just trying to prove they're not actually computers. This has led many companies to abandon the age-old system in favor of something not only more secure, but also easier to use for your average Webgoer: Ad-based verification, which can actually cut the time it takes to complete the task in half.'"
This discussion has been archived. No new comments can be posted.

CAPTCHA Using Ad-Based Verification

Comments Filter:
  • more ads (Score:5, Insightful)

    by spokenoise (2140056) on Friday February 22, 2013 @01:38AM (#42976365)
    It's only because some company will pay to use their logo or watch their mini movie for the answer.
    • Re:more ads (Score:4, Interesting)

      by Sockatume (732728) on Friday February 22, 2013 @06:27AM (#42977571)

      They also know that if you have to write down the name you're more likely to remember the brand. There's a lot of research right now in working around people's wonderful capacity to tune out commercials.

      (I think I saw a Microsoft patent for Kinect-based ads where you could skip the ad, but only by saying the product's name (or whatever).)

  • translation (Score:5, Insightful)

    by the_Bionic_lemming (446569) on Friday February 22, 2013 @01:39AM (#42976371)

    Heh, This is a desperate attempt to stop people like me from adblocking so we can actually use the service.

    • Hahaha! They thought text-based CAPTCHAs were getting too easy to automatically solve! Wait until they try logo-based captchas! Hahahaha!

      This is too funny.

      First off, TFA is W-A-Y off: companies didn't abandon text-based CAPTCHAs because they took too long! They have been abandoning them because they are TOO EASY for machines to solve! I have been paid to do CAPTCHA - solving apps myself.

      Put logos in there instead, it will just get easier!

      And "to add insult to injury", as the saying goes: even m
      • by Zemran (3101)

        On one of my sites, I found that the spam bots were getting through Google Captcha as if it wasn't there. I tried a math test and the spam bots stopped getting through... Can you explain to me why as I would find it much easier to write a script that could solve simple math?

        My biggest problem with Captcha is that the clients do not like it at all. They want an easy life.

        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Doh, because the spam bots weren't configured/programmed to solve math problems.

          Of course you'll find many humans aren't able to solve math problems either and thus have problems using your site. This may or may not be a feature depending on the type of site. For a site like slashdot it may be a feature if people who can't solve simple math problems are prevented from posting.

          • by tlhIngan (30335)

            Doh, because the spam bots weren't configured/programmed to solve math problems.

            Not necessarily - most CAPTCHAS are solved by human labor. Perhaps as a fake entry to "free porn" and other things. Doing this is ridiculously easy - user signs up and the webserver registers for an account on some web site, captures the CAPTCHA and presents it as its own. It then asks the user to do it, and forwards the response.

            Sometimes there are even farms of people who do this - just solving them day in and day out (for lik

        • Probably because there are pre-made applications to solve certain types of CAPTCHA. I don't know for sure, but I would imagine that anything from Google would be a prime target for that kind of thing. If you are a smaller site, you might be more likely to be hit with one of those, and less likely to have someone outsource human CAPTCHA-drones.

          Somebody hired me a couple of years back to scrape information from a government site, which was technically public information, but it used a CAPTCHA. Turned out t
      • Just wait until captchas turn into 30-second flash videos, followed by freeform text answers with questions like, "How many cups of ___'s delicious Mountain Roast coffee did Jane buy?", followed by "What color was the scarf of the elderly woman behind her" and "what is the 800 number you can call to send a gift certificate for CoffeeCo's tasty rich dark coffee to a cherished friend?".

        Before you argue that the number questions would be small, remember... advertisers will be shooting loads on their computer s

        • "Just wait until captchas turn into 30-second flash videos, followed by freeform text answers with questions..."

          I don't deny it could happen. But I wouldn't sit through them.

      • by Rockoon (1252108)
        I wouldnt say that text captcha's are "too easy" for computers to solve.. its just that it costs almost nothing for a machine to fail and try again. Even with a dismal success rate like 10% you can easily see how futile the captcha's are when being attacked by computers that will never get tired or frustrated about failing 9 out of 10 times.
      • I have been paid to do CAPTCHA - solving apps myself.

        So you rent yourself out to spammers? Or something less objectionable? I'm trying to think of a legitimate reason for mass cracking of captchas but I can't think of one. Have I missed something?

    • It's more than that (Score:2, Interesting)

      by Anonymous Coward

      If a person hears or reads something that they don't like (e.g. an ad) their brain will often discard it immediately. But if you can make them say it, or in this case type it, they're more likely to remember it, and even start to believe it.

      This is, essentially, low-grade mind control.

      • which is why I think this is terrible. And honestly, I don't look at adds. I don't have cable. I have ad blocker, the chance of me knowing a slogan is slim.
      • by Yer Mom (78107)

        They can make me type the company's name.

        In fact, I'll type it twice. The second copy will be in companies_never_to_buy_from.txt.

  • Just ID computers (Score:5, Insightful)

    by pubwvj (1045960) on Friday February 22, 2013 @01:42AM (#42976387)

    It would be better to simply prove that the computer is used reasonably and then stop presenting the captcha's after the initial few tests. If the computer starts being detected as a spammer then it must prove again, harder this time, that it is a valid user to become reaccepted. This would save time and processing power.

    • Re: (Score:3, Interesting)

      It's a v.good idea, but how would that sell advertising?
    • by torsmo (1301691)
      My ISP leases me an IP address for a period of 24 hours. It then resets. How does your solution work out for me?
      • by watice (1347709)
        By using identifiable information OTHER than your IP? There are tons of other options, ya know...
      • by pubwvj (1045960)

        The IP address is indeed one way of identifying computers but falls down. That is why I said, 'identify the computer' rather than the IP. IP's fall down because they may be dynamically assigned like yours or they may be used by many computers such as behind a router or WiFi point. Identifying the individual computers can be done in a number of ways.

        • Identifying the individual computers can be done in a number of ways.

          That are all easily defeated. Ping fingerprinting isn't reliable because of firewall configuration. Agent strings are easily spoofed. Cookies are trivial to circumvent. Javascript *could* tell you what processes are running on a system, but with sandboxing and default security settings in modern browsers (even Internet Exploder), it wouldn't be feasible. Even using Flash to do it wouldn't work, because Flash isn't installed everywhere any more, and because it's sandboxed on most installations now. To get an

          • We do identify computers pretty reliably. You mentioned five factors that can be used. You pointed out none of those five factors BY ITSELF is sufficient. But the COMBINATION of all five factors you mentioned plus a few you didn't mention works pretty darn well. I can't identify you by the first digit of your phone number, nor by the second digit, nor by the tenth. But if I look at all the digits together I can have pretty good idea of who it is.

            Add to that we're confirming that you are indeed who you
    • There's an easier way to slow down spammers... generate a random string with some bit of known plaintext, save it in session context, generate a random 40-bit encryption key, save it in session context, encrypt the random string with that random key, deliver it to the user's client app, and make the client app bruteforce the encryption key & submit the decrypted value as a formvar along with the new message. Even phones are fast enough now to bruteforce a 40-bit key within a few seconds if you give them

    • What about all the computers that are zombie's? and the user doesn't even know? I'm sure spam is not coming from the real spammers computer.
      • by pubwvj (1045960)

        The zombies would do bad things and web masters like me who flag them would mark those zombies as spammers. A single flag should not be enough to nail them but several would demote them to a 'proved not valid' status from which it is much harder to get back to both 'unknown' and then 'valid'. This sort of thing is already done with some software. The addition I'm suggesting is combining it with the Captcha which suggests 'valid' and at some point doesn't need to be done (no more Captcha) if the user/compute

    • That's what we do with the CAPTCHAS in our security system - you only have to do the CAPTCHA once, then never again for most people.
      In our case, we use the CAPTCHA to reduce brute force on a login-in system. Once you enter the CAPTCHA correctly once, you don't have to enter again as long as you enter your user name and password correctly. If you start entering incorrect user names and passwords, that could be a brute force attack, so you have to enter CAPTCHAS again.
  • Yeah? (Score:5, Insightful)

    by WillKemp (1338605) on Friday February 22, 2013 @01:48AM (#42976409) Homepage

    A fancy rationalization of a money making scam. Nobody's wasting years of their lives doing captchas. And what about those of us who have very low exposure to advertising - how are we supposed to recognize logos?

    • by Cryacin (657549)

      how are we supposed to recognize logos?

      You must be a communist! (ducks)

    • Re:Yeah? (Score:5, Insightful)

      by Spacejock (727523) on Friday February 22, 2013 @02:23AM (#42976587) Homepage
      And the logos - there's no point showing a US-centric firm's logo to an Aussie visitor, for example. I wouldn't know what most of them look like or who they represent.
      • by clemdoc (624639)
        Another thing that came to my mind while reading the BBC article [bbc.co.uk] linked to by the Yahoo article in TFS (yeah, I actually read all that stuff, I must be new here) is the fact that while many people with non-english native language may be comfortable reading articles in english (maybe sometimes using Google translator or some other stuff) but not necessarily be able to easily answer the question, even if they knew the brand.
        The "Ad-CAPTCHA" in question (image [bbcimg.co.uk]) asks to describe the brand "dyson". A valid answe
        • by scdeimos (632778)
          My answer for Dyson: fucking overpriced.
          • Cheaper vacuums that don't work nearly as well are available. Typical vacuum, it's hard to tell if the suction is working at all, without putting your hand over the aperture. A Dyson tends to pull the carpet up from the floor.

            (That may have changed since Dyson's patent on cyclonic vacuums ran out. I haven't tried any of the Dyson copies.)

      • And the logos - there's no point showing a US-centric firm's logo to an Aussie visitor, for example. I wouldn't know what most of them look like or who they represent.

        With a little bit of remedial studying and some perseverance, you'll be able to become more like an American consumer. I don't see how this would be be considered a bad thing to an advertiser.

        Plus, I hear Aussies like to pay more for the same things, that's got to be good news for advertisers as well.

  • Spyware (Score:5, Interesting)

    by matria (157464) on Friday February 22, 2013 @01:53AM (#42976441)
    I've examined a few of these "services". They keep track of who is using these things. Some of them even provide you with some of their data, such as a weekly or monthly report on how many people solved their question and how many failed. And some of them use cookies, allowing anybody to track your users.
    • Re:Spyware (Score:4, Interesting)

      by TaoPhoenix (980487) <TaoPhoenix@yahoo.com> on Friday February 22, 2013 @02:02AM (#42976493) Journal

      Nice catch.

      (shock, horror) I actually read The Article, and you're spot on about how thin it is.

      I don't know anymore. Maybe slashdot editors feel like they're under a gun to produce something/"anything" in the timeframe, but the cost to the readers of bad stories is growing. In other news sites I wouldn't care because we expect that drivel from some of them. But "news for *nerds" ... yes this matters, but aren't / weren't nerds the ones who dug into the details!? The ones who got thrown into the dumpster because we asked too many questions in class?

      Supposedly the raw code to slashdot is open, but I haven't once seen us fork slashdot to only include (fewer?) high quality stories. (Not saying someone didn't, just saying that this medium regular user never saw it.)

      • Glad it wasn't just me with that dumpster thing ...
      • I haven't once seen us fork slashdot to only include (fewer?) high quality stories.

        Kuro5hin originally ran the SLASH software that powers Slashdot before Rusty rewrote it from the ground up to create Scoop.

    • by TheSpoom (715771)

      Everybody tracks everything in the web development world. Analytics are key. Nobody should really be surprised by this any more.

      They don't care about you as a person, and the reports aren't on you personally, they're aggregate. Mostly, they're built and sent by the ad-CAPTCHA provider to the client(s) to prove that they're doing what they say they're doing.

  • They are only trying this bullshit because of Adblock. If an advertisement is required to be used to solve a question, that renders Adblock completely useless, and will force people to view crap ads they have been able to block for ages now. If the internet becomes the ad-infested crap fest that I remember from the days before Adblock Plus, and Privox, I'll disconnect from it permanently. I'm not willing to endure a deluge of ads to enjoy a service that I'm already paying a pretty penny to receive,.
    • by azalin (67640)
      So Adblock needs to evolve to autosolve these captchas. You could even crwodsource it quite easily, so every new captcha would have to be solved once and all other users could now bypass it.
    • No, it's not just because adblock. That's bullshit and you know it. Advertisers have upped the stakes every time they can.

      Remember when google ads were unobtrusive text? During that time I whitelisted them and sometimes even clicked them, because that was fine. Then the advertisers won their case to annoy the hell out of users, and blacklisted it went. They would have gone to this point to convince people to pay attention to their damn ads anyways.

  • I get the idea behind advertising but don't ads lose their effectiveness when they're so pervasive?
    • Yeah, they cause me to use adblock and ghostery no matter how often they crash Safari

    • by grumbel (592662)

      There might be some fall of of effectivness, but in general I don't think anybody really cares, given how bad ads on the Internet are. Not only are they still almost completely untargeted, they are also incredible repetitious, boring and not even made for the Internet. If Youtube for example shows me a video, why not tell me the name of the product at the start of the video? I am going to skip it in 5sec anyway, so you could just tell me now and reenforce that logo into my brain or I won't see it. Also why

      • Not only are they still almost completely untargeted

        That's the fault of people using "do not track" and other similar privacy measures. I leave tracking on so that the ads I see are more likely to interest me. But it appears that a lot of advertisers don't care, as they continue to serve SWF ads that neither my laptop (which runs SWF in click-to-play) nor my tablet (which doesn't support SWF at all) can play.

        why not tell me the name of the product at the start of the video?

        For the same reason infomercials don't show you the price in minute one: the brand name might turn some people off. They want to show you the attributes

        • by grumbel (592662)

          That's called clicking the ad.

          That only brings me to a webpage with a bigger version of the same ad or the companies webpage. In the days of the Internet I would expect it to bring me straight to Amazon where I can buy the product or to a price search engine that gives me the place with the lowest price. Or at least some place where I can get actual information on the product, reviews and such, a webforum, something, not just more marketing bullshit, I already clicked the ad, so don't bother me with even more of it, provide me with the

  • by ohnocitizen (1951674) on Friday February 22, 2013 @02:28AM (#42976615)
    Captcha's don't take all that long to solve if they are halfway readable. Seamless web uses a method I find interesting - image recognition and classification. "Identify which items are food! Go!". I find it hard to believe speed is the issue. It seems far more likely the companies realized the combination of captive traffic in front of a desired activity was too good of an opportunity to pass up. "Our users will see an ad every time they go to rate a restaurant they recently ordered from" is a hell of a pitch.
    • by osu-neko (2604)

      Captcha's don't take all that long to solve if they are halfway readable.

      This is correct, both for humans and computers. The last part is why many of the captchas I see these days aren't even halfway readable.

  • by Anonymous Coward

    Well... isn't placing well-known logos, which can be easily image-matched by computers, kind of defeating the purpose of a CAPTCHA?

    (And this CAPTCHA I just had to solve took me MUCH less than the fourteen seconds they claim as an average.)

    • by gl4ss (559668)

      it's not a captcha system.

      it's a make-sure-the-ad-was-shown system.

      and that's nothing new!

      • by gl4ss (559668)

        (oh and since computer use can be scripted they would still need a regular captcha for anything that really needs one)

  • How often do you personally deal with a captcha?

    This is a waste of time, and another vector for ad-servers to throw malicious javascript and flash attacks at you.

  • In addition to all the other posters qualms about this, I really wonder how this would work on the internet. How many brands are generally recognized around the world? Fine, you can do some localization, but still.

    It seems that this will be either choosing between the logos of Coca Cola, Apple and Nike, or presenting me with an ad of the biggest, most famous mattress company in the whole US.

  • Adblock and Hosts Files
  • Multiply that by the millions and millions of verifications per day, and Web users as a whole are wasting years and years of their lives just trying to prove they're not actually computers.

    Web users as a whole are wasting years and years of their lives just trying to look at cute cat pictures. Does this mean we should embark upon the CATcha?

    Just another attempt to make viewing ads compulsory...

  • I had an experience with one of these... Yikes, I hate companies that support annoying adds it was loud and had no volume control on the app >. Whatever un-named body of dark stagnant water the people that throw up the "Buy my terrible anti-virus program that will tell you when naughty cookies are downloaded, no no we don't fix it that's this other product we sell" captach. Your being paged back to you cesspool, please don't touch the white telephone.
  • Mmmm it tastes just like butter, really??? Slashdot do you really need to place advertisments in this manner? Check the approval process for this piece of crap and you'll find someone taking kickbacks. If it wasn't deliberate ie a corporate decision then you have someone in the ranks getting kickbacks.

  • If I have to use ads to view a service, that service can fuck right off.
  • by 1u3hr (530656) on Friday February 22, 2013 @04:23AM (#42977061)
    How any logos are there that the average person could recognise? A few hundred? Say a thousand. Much easier to add these to the "OCR" library than the mangled text in captchas. There are only so many ads. And all the ads could be harvested and catalogued automatically, as they'd just reuse ones on other sites with identifying metadata.

    Complete bullshit. And you know for a fact that in no time we'd be having to answer questions about crap like "One weird secret for losing weight/Mom is 54 and looks 27". Then we'd have to watch a flash animation. And listen to a jingle....

    • Yeah, that's the joke of these systems. They are completely insecure and utter failures at actually being CAPTCHAs. Common sense should be enough to determine this, but apparently it's not. Ad-based CAPTCHAs are one of the most ridiculous scams I've seen for a long time.

  • Another issue is that most people don't "see" adverts, and will skip over these.

    Video and audio adverts are the worst - one of the things that annoys me about Spotify is the adverts, which are so annoying they make me less likely to even pay for the service and just stick to playing my own music. Every three songs I get some guy quack-quack-quacking away in a foreign language, which surely makes no commercial sense.

  • "It's claimed that users are faster at responding to familiar logos..."

    I have no TV (but a 55" monitor to watch torrented stuff without ads), use adblockers everywhere, refuse ads in my mailbox, I wouldn't recognize a logo that I don't know from childhood and most of those have changed.

    " shortening the amount of time they spend proving that they are human."

    I wouldn't qualify ad-watchers as 'human'.

    • "It's claimed that users are faster at responding to familiar logos..."

      I have no TV (but a 55" monitor to watch torrented stuff without ads), use adblockers everywhere, refuse ads in my mailbox, I wouldn't recognize a logo that I don't know from childhood and most of those have changed.

      Do you also never go outside? Visit a store? Or purchase any products?

      I also block as many ads as I can, but I am still exposed to plenty of logos and such merely by going outside in any relatively urban area. Even interacting with any people you will see logos, since people wear all sorts of them on their clothing. There's also a logo on almost any product you can buy, even if you never go outside and never see any other people.

      If you don't know any logos, you must have been living under a rock. Say, d

  • by EmperorOfCanada (1332175) on Friday February 22, 2013 @07:13AM (#42977793)
    I don't care how good your information is I won't interact with an add that you have forced upon me. I'd even give up slashdot if tomorrow I went to log in and an ad-captcha popped up. This is exactly the sort of MBA type crap that is ruining so many companies. Some douche does a spreadsheet showing how they will make x cents per user logging in with the ad-captcha. First the spreadsheet doesn't show how many customers will soon flee and second you suddenly have a new incentive to start ad-captcha'ing all over the place. First you just log people out more (a great way to lose customers because they can't be bothered to retrieve their login) and then you start putting ad-captchas between the user and just about everything. At first this will look great on the bottom line as you will probably triple your ad revenue overnight but 2 years later you are laying off 90% of your staff because you only have 10% of your readers.

    The equivalent logic would apply to a grocery store putting all their prices up 20%. In the first week they would be rolling in profits due to customer inertia but by week 52 they are closed as there are so many other stores roughly 20% less.

    But the worst logic is that an ad-capcha takes less time. Again MBA logic; the user is taking less time but seething the for that time and for a while after. Also keep in mind that most people (we aren't most people) don't have a clue what captchas are about but it must be something technical. But an ad everybody can understand.

    So my prediction is that the best that ad-captcha sites can hope for will be that their growth will slow down; but my thinking is that most ad-captcha implementing sites will be taking it down and publicly saying that it was one of the worst decisions in the site's history.
  • This will not work for the same reason that image-based captchas, riddles and maths questions do not work: There is only a small number of logo/slogan combinations. It is trivial to construct a database (1:1 mapping) of these.

    The problem with captchas is to find a mapping which is easy for a computer to do one way, and difficult the other way. Initially, the ad-based captchas are a good idea, because it is impossible for a computer to derive the correct answer from the question. The problem is that computer

  • by AnalogDiehard (199128) on Friday February 22, 2013 @11:21AM (#42979655)
    Back in 2000 I got so fed up with all the advertising on TV and radio and print, coupled with the poor quality of content and product placement, that I ceased listening to broadcast TV/radio and cancelled magazine subscriptions that are heavy in ads. I actively avoid ads and will not patronize chains that advertise movies (I'm talking to YOU, Burger King and Pizza Hut). Today I don't know the latest movie or TV show or any Lady GaGa songs, and I DON'T CARE. My personal life is so much better not being bombarded with ads.

    I really despised TV news broadcasts using movie advertisements disguised as "news", and this is an advertising gimmick disguised as "security". I won't recognize most brands today, will not waste my time researching them, and will move to another web resource without flinching. Ad-based CAPTCHAs is a big fail.
  • Even the "google goggles" app on my phone can recognise logos

He who is content with his lot probably has a lot.

Working...