Research Unveils Improved Method To Let Computers Know You Are Human

An anonymous reader writes CAPTCHA services that require users to recognize and type in static distorted characters may be a method of the past, according to studies published by researchers at the University of Alabama at Birmingham. Researchers focused on a broad form of gamelike CAPTCHAs, called dynamic cognitive game, or DCG, CAPTCHAs, which challenge the user to perform a gamelike cognitive task interacting with a series of dynamic images. For example, in a "ship parking" DCG challenge, the user is required to identify the boat from a set of moving objects and drag-and-drop it to the available "dock" location. The puzzle is easy for the human user to solve, but may be difficult for a computer program to figure out. The game-like nature may make the process more engaging for the user compared to conventional text-based CAPTCHAs. There are a couple research papers available: "A Three-Way Investigation of a Game-CAPTCHA: Automated Attacks, Relay Attacks and Usability" and "Dynamic Cognitive Game CAPTCHA Usability and Detection of Streaming-Based Farming."

Watch them get ignored

[boondaburrah]

Man if these start showing up, They're going to look exactly like those "hit the target 3 times to win" flash-based advertisements. I'll probably glaze over them multiple times trying to submit a form before I notice that a 'completing the game' captcha is what's preventing me from leaving my incredible razor wit splattered all over someone's comments section.

My only question: does it work at Google-scale?

[Anubis IV]

The nice thing about current text-based CAPTCHAs is that they can be applied to any website, whether large or small, and require very little input or tinkering from individual web administrators. The other nice thing about this is that they have an infinite number of possible variations, what with the different ways you can transform text.

This new idea would work great for a small site that will never be a target of a directed attack, but we already have hundreds of different CAPTCHA variations that can be used for that sort of thing. I use a simpler but similar idea on one of my sites, where I have new registrants drag words into matching categories that I set up. I've had zero bot registrations since I set it up a few years back, and a number of comments from actual users that love the system.

But if you apply something like what I use or this new idea to a site like Google, the folks trying to break in will inevitably code up algorithms to handle each of the finite number of minigames they set up with their finite number of items in them, rendering the whole thing pretty useless. The only way to get infinite variation out of it is to start applying image transformation to the items being used so that they can't be as easily identified, and if you start doing that, you're right back where we are now.

Re:Watch them get ignored

[Anonymous Coward]

You you just wait. They'll start putting advertisements in the captchas.

They'll soon figure out it's more profitable to make you find the $(NameBrand) ship and drag it from the $(NewProduct) port to the $(TownNearYou) port.