Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Audio CAPTCHAs Cracked; ReCAPTCHA Remains Strong 157

Falkkin writes "Ars Technica reports that audio CAPTCHAs consisting of only distorted digits or letters can be easy to crack using machine learning techniques. This includes most of the audio CAPTCHAs currently in use on the Web. The reCAPTCHA team has discussed their new audio CAPTCHA, which is resistant to this attack."
This discussion has been archived. No new comments can be posted.

Audio CAPTCHAs Cracked; ReCAPTCHA Remains Strong

Comments Filter:
  • I'm sick fo CATCHA (Score:5, Interesting)

    by theaveng ( 1243528 ) on Monday December 08, 2008 @11:24AM (#26033059)

    It was okay at first, but now it's reached the point where it takes me 3 or 4 tries to finally guess the letters.

    It's become more hassle than it's worth. Isn't there a better way to stop bots from getting accounts?

    • by LilGuy ( 150110 ) on Monday December 08, 2008 @11:27AM (#26033107)

      It's almost gotten to the point where it's easier for the bots to guess the letters than for an actual human.

      Reverse captcha?

      • Re: (Score:2, Interesting)

        by Zebra1024 ( 726970 )
        Hmmm - Maybe a good idea for a Firefox add-on. It could "read" the CAPTCHA for you.
        • by LilGuy ( 150110 )

          Hey that's a great idea!

          Anyone care to do this?

          • Re: (Score:2, Informative)

            by fastfinge ( 823794 )

            It's already been done:

            But good luck getting an invite. Users are pretty careful who we give them to. Also, I'm pretty sure webvisum sends the contents of every single page you visit with the extension on to the webvisum servers. So it has privacy implications. It's probably only worth it if, like me, your choice is between having no privacy or having no ability to solve CAPTCHAs.

            • by spazdor ( 902907 )

              Has anyone noticed that Slashdot's audio CAPTCHA actually comes out and SPELLS the word for you, rather than just saying it?

    • Yes, but we didn't think your mother would want to sleep with each person/cyborg who applied for an account.
    • by socsoc ( 1116769 ) on Monday December 08, 2008 @11:44AM (#26033385)

      A method I use is to put an input field with a name like "subject" in a contact form and then hide it via CSS. Then if that field is populated in the form submission, the server side drops the request.

      It isn't the most accessible-friendly method in the world, but once I started doing this, all spam submissions dropped out. It's not foolproof and it's just another step in an arms race, but I agree that CAPTCHAs have gotten out of hand. They are especially confusing to people who are not tech savvy and don't know why they are trying to decipher a spirograph drawing in order to do something simple on your website.

      • by X0563511 ( 793323 ) on Monday December 08, 2008 @11:52AM (#26033555) Homepage Journal

        Well, kudos for using CSS instead of javascript to hide it.

      • by greatgregg ( 1106739 ) on Monday December 08, 2008 @11:54AM (#26033585)
        This only works for small sites. Certainly the Yahoos and Googles of the world can't rely on something that can be broken with 2 minutes of hacking.
        • Well, the Yahoos and the Googles of the world can afford better solutions than this. I deal with spam messages on my site that is pretty low traffic, and this seems like a great solution.

      • Re: (Score:3, Interesting)

        meh... i haven't haven't had that hard of a time with CAPTCHAs. occasionally i might get one wrong and have to spend an extra 2-3 seconds to fill out another one, but i think properly implemented CAPTCHAs are still the most effective means of reducing spam submissions/sign-ups.

        i don't think any kind of CAPTCHA will be completely fool-proof, and their effectiveness will inevitably drop over time. but even still they stop 99% of all attacks by blocking all but the smartest AI algorithms and spammers. and the

      • by Instine ( 963303 )
        And for your blind users...?
        • by rhizome ( 115711 ) on Monday December 08, 2008 @01:46PM (#26035691) Homepage Journal

          And for your blind users...?

          I'm not the poster you're replying to, but I have a guess at how this works.

          First off, the blind person can't see, right? So the chances of them viewing source for a random page (or every form page they encounter) is probably pretty miniscule. At least I'll say it's comparable to the rate that sighted people view source as a matter of course in their browsing sessions.

          So OK, they aren't just reading the source, finding a hidden form field and wondering why this hasn't been presented to them by their screen reader. They've just been checking news, blogs, posting a comment or two here and there, but nowhere in their Internet Travels have they had to contend with this curious case of a hidden "Subject:" field. What to do?

          It turns out the answer is quite simple. That the blind person, much like their sighted counterpart, does not submit a given form with hidden fields filled in pegs them as a curious person indeed. Since the only submissions without the Subject field filled in will be from people who read the source and (for some reason) decided not to fill in the subject line, or people who just don't know about it. Quite the conundrum! Thankfully from the grandparent post, we know that posts with this hidden Subject: field are disposed of, deleted. Wacky, eh? So it seems, and I'm just speculating here, that filling in hidden fields is actually a way...hold on determine that the submitter is not a person. Beyond that, and really

          I have no idea how he does this, blind people are not treated any differently in this regard.
          I know, right? It took me awhile to figure it out, but I think I at least have the gist of it.

        • Re: (Score:3, Informative)

          <input type="text" value="Spam Catcher" style="visibility: hidden; speak: none;" />

          CSS can do everything man.

    • by c0p0n ( 770852 )
      Not only that, there are lots of people that can read english no problem, and therefore register on english speaking sites, but that can't speak or understand spoken english.
    • Captcha is really security by obscurity. Readily identifiable information is obscured in such a way as the computers (supposedly) can't find it.

      Real security requires a secret. It's as simple as that. So long as the secret can be identified without knowing the secret, your security system is a joke.

      Computers are getting better, faster, smarter, cheaper. Moore's wall gets higher [] every single year, and soon, it will be routine for computers to match or exceed human intelligence. (It can be argued that they al

  • by Dan East ( 318230 ) on Monday December 08, 2008 @11:26AM (#26033091) Journal

    I'm half afraid to admit this publicly, but did anyone else try clicking the "play" button on screenshot of the audio CAPTCHA player in the first article? I took me a few tries before I realized it was only an image.

  • A CAPTCHA is only worth $.0025 to break down on the Chinese Turing farms. Thus since a CAPTCHA can only protect something worth $.0025 anyway, making it more crack resistant doesn't buy all that much.

    • by flux ( 5274 ) on Monday December 08, 2008 @11:31AM (#26033185) Homepage

      If you can make it to a longer time for a human to crack it, it would increase the costs. Double the time, double the cost.

      But, say, if it now takes 10 seconds to crack a captcha, it would need to take more than an hour to cost $1 per captcha :-).

      I wonder how a web-of-trust system combined with more difficult captchas (more trust -> easier captchas) would work; if a branch of the web is a spammer, it's easier to cut off.. But, this must've been suggested even in this context already, so hit me with the "your spam protection idea doesn't work, because.." form ;-).

      • Re: (Score:3, Interesting)

        by poetmatt ( 793785 )

        Only until someone finds a way to make cracking the captcha more efficient and suddenly it is back to the original cost to crack the same captcha again. This is what that machine learning is all about.

        Meanwhile, the problem is that this back and forth with captchas is essentially causing programmers who wish to break it, to come up with very complex AI.

        At some point, if the AI is smarter than the person, as mentioned above people won't be able to crack the captcha.

        On this very article the only reason this "

        • by torkus ( 1133985 )

          It's Simple... :)

          Eliminate anon registrations and/or privacy. You're responsible for your account with strong multi-factor authentication. Granted I meant simple to define the solution's goals, not the underlying methods/privacy issues/etc.

          It's a fine balance between making something easy for any random, anon user to participate and blocking out malicious use/intent. The funny part is you could probably design a system to validate users legitimacy based on their facebook/myspace/fubar/etc. pages and prof

    • Just the other day I was trying to get a crack for a program* and I came across this site that wanted me to type in a CAPTCHA to download. The first thing I wondered was whether these CAPTCHAs were actually from a legit site like and they were serving it to me to get me to break it.

      * Yes, sometimes you need the crack for programs to run properly on Linux through Wine. Sucks, no? I'm sorry guys, I contributed to spam.
  • hell (Score:3, Funny)

    by nomadic ( 141991 ) <nomadicworld AT gmail DOT com> on Monday December 08, 2008 @11:29AM (#26033151) Homepage
    I'm a human being and I can't break audio captcha. Sounds like gibberish to me.
  • Why does anyone bother using captcha, or asking silly questions, or any of that anymore? Computers are better at it than people. Give it up, and just start banning hosts until something better comes up.
    • by compro01 ( 777531 ) on Monday December 08, 2008 @11:46AM (#26033415)

      Banning that way doesn't work real well when you consider dynamic IPs, distributed attacks (bot nets), proxies, etc.

      Unless you're willing to ban at least a third of the world, you're not going to get much out of that.

      • Re: (Score:2, Insightful)

        by X0563511 ( 793323 )

        Just let the spam flow and crap up everything. When everything is useless, perhaps they will give up.

        Right now, they push tons of shit with the hope that the peak of it might show through. If all of it is seen, the volume might backfire.

        It sure will suck for everyone though.

      • by SkyDude ( 919251 )

        Unless you're willing to ban at least a third of the world, you're not going to get much out of that.

        Yeah, but doing so will make admin-ing your site a whole lot easier. And. it's probably the third that no one likes anyway....

      • by neoform ( 551705 )

        Ban? No, but if a given IP fails the captcha 10 times in 10 minutes, you can always blacklist the IP and auto-fail any further attempts from that IP for 24 hours..

    • I know it is a lot but you would need a valid e-mail to post, and administrator would need to follow up with you to OK your account, your registration e-mail would actually have to contain the actual reason of why you want to post, all posts would have to be moderated/verified before they became visible, ex...

      I can hear you all protesting already: But what about anonymity, what about ease-of-use?

      Yes, yes... But it IS the only way.

      It's a price I'd be willing to pay to end the spam because as we have seen, mo

  • REPATCHA strong? (Score:4, Interesting)

    by RiotingPacifist ( 1228016 ) on Monday December 08, 2008 @11:33AM (#26033229)

    i thought RECAPATCHA was susceptible, as if enough bots guess the same answer on an image they will make that a valid answer. Does this not work or has nobody bothered?

    • Re: (Score:2, Informative)

      by greatgregg ( 1106739 )
      This doesn't work because they distort the images different every time.
    • Re:REPATCHA strong? (Score:5, Interesting)

      by Anonymous Coward on Monday December 08, 2008 @11:47AM (#26033445)

      If you get it wrong, they'll temporarily start sending you captchas in which both words are known. The chances of a bot guessing both words correctly are minuscule.

      • But your missing the botnet aspect of this, each bot only need to guess only once*.

        *Obviously there are a lot of different images but to get two bots answering the same image requires significantly less bots than images (birthday attacks, reloading the image so you only guess when you see a z, etc).

  • In my crystal ball I see some fool who does not turn off the sound on the PC in an office. Unfortunately, history has shown that many people also still have digital camera's that make the *click* noise, so I have no hope that this will not disturb the peace.
    • by tepples ( 727027 ) <tepples@gmail.BOHRcom minus physicist> on Monday December 08, 2008 @11:47AM (#26033433) Homepage Journal

      In my crystal ball I see some fool who does not turn off the sound on the PC in an office.

      By law, offices of companies over a certain size must accommodate people whose disability requires sound to do their jobs.

      Unfortunately, history has shown that many people also still have digital camera's that make the *click* noise

      By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

      • By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

        Yet more law with little real thought put into it.

        How does that stop someone from wiring in a switch to bypass the speaker? Heck, if you use the right inductor instead of a straight bypass, the device couldn't even tell.

        • Stopped the same way all other law offenses are dealt with. If a policeman notices your camara doesn't make the "click" noise he can haul your ass into jail : P

        • by torkus ( 1133985 )

          Here's irony for you (two-fold even) - my fancy blackberry has a camera built in. To "disable" the click noise all I need is headphones plugged in - they take over all the sound output.

          Second, my canon sd1100is is smaller than the blackberry storm* it's sitting next to yet it offers the option to disable all noises. The SD1100is is also not the smallest digicam you can buy, just what I own.

          *paragraph one and two seem to conflict, I know. The blackberry storm is not being called fancy - I simply have mult

      • by Waffle Iron ( 339739 ) on Monday December 08, 2008 @11:58AM (#26033651)

        By law, camera phones must make the click noise when operated within some countries to help fight voyeurism.

        That's a great idea. However, we need a law for video cameras, too.

        I propose that by law, each video camera must be equipped with a prominent hand crank, and shall only record while the crank is being turned. Furthermore, as added protection, people with video cameras must wear a beret and carry a conical megaphone at all times while operating said device.

      • Don't care, and it's not illegal for me to take pictures of things in public.

        My camera phone does not make the click because I unlocked my phone and ripped that shit out.

        The OP was referring to traditional digital cameras though, I believe, not shitty cameras in phones.

      • >>>By law, offices of companies over a certain size must accommodate people whose disability requires sound to do their jobs.

        Apparently this law either (a) does not exist or (b) was never read by my employer General Dynamics. They make us do training modules online, but don't have any headphones or speakers to let us hear the modules. That makes passing the test rather difficult.

        • by tepples ( 727027 )

          Apparently this law either (a) does not exist or (b) was never read by my employer General Dynamics.

          General Dynamics is a U.S. government contractor. Look up "Americans with Disabilities Act", "Rehabilitation Act", and "Section 508" on your favorite search engine and see what doesn't apply.

  • by ashp ( 2042 ) on Monday December 08, 2008 @11:36AM (#26033269)

    They should just make a CAPTCHA that requires strong AI to crack; we could make a great leap ahead in AI by letting the spammers solve all the problems for us!

    • Congratulations, you just came up with the inspiration behind ReCAPTCHA.
    • They should just make a CAPTCHA that requires strong AI to crack

      The impression I got from this Technology Review article [] is that your CAPTCHA will eventually happen. But a business using one of these might eventually run into a disability discrimination problem if the system confuses real people of below-average intelligence with bots.

      • by Ihmhi ( 1206036 )

        Keeping people of below-average intelligence off of my website? That doesn't sound like discrimination, that sounds like reduced costs and maintenance in tech support.

        • Keeping people of below-average intelligence off of my website? That doesn't sound like discrimination, that sounds like reduced costs and maintenance in tech support.

          It's also reduced costs and maintenance not to repair your wheelchair ramp. As I wrote in my other post [], one can be a genius at one subject but (to put it mildly) less than a genius at another; your CAPTCHA has to measure competence in the subject at hand. For example, how many people not immersed in African-American culture could pass BITCH-100 []?

    • You say that in jest, but the fact is that spammers are already leading the field- captchas are getting more and more complicated because the bots are getting smarter.

  • Why don't they use DHTML and JavaScript to simulate the 3 cups and 1 ball game? You'd start off with the ball in the middle cup and then it could mix the cups up and you have to pick the right cup. Audio would be supported too:

    "Keep your eye on the ball! Follow it! Don't watch the other cups, just the one with the ball in it!"

    • Because then any spam bot would have a 1 in 3 chance of getting it correct. And then if you try to scale if up to 100 cups and 1 ball, then it would not be feasible for even a human to follow.

  • by ouder ( 1080019 )
    Isn't this just an advertisement for ReCAPTCHA disguised as a news item?
    • no. if anything the previous post about the new phone for sale is ten times the slashvertisement than this is.
  • RECAPTCHA (Score:5, Insightful)

    by EddyPearson ( 901263 ) on Monday December 08, 2008 @11:43AM (#26033357) Homepage

    People crack CAPTCHAs for profit. They either sell the algorithms to spammers or spam themselves.

    The thing is, if you managed to reliably crack RECAPTCHA, then you've succeeded where all the best OCR software on the market has failed (All Recaptcha's are words that couldn't be deciphered by existing software). At which point there's big bucks to be made legally selling the software.

    • by S3D ( 745318 )

      The thing is, if you managed to reliably crack RECAPTCHA, then you've succeeded where all the best OCR software on the market has failed

      I don't think so. For spammer 10% of success is a reliable CAPTCHA crack, but for OCR it's a failure.

    • by Rich0 ( 548339 )

      The scary thing is that when AI is finally invented it will be for the sole purpose of sending spam.

      Just think, our first artificial sentient being will be a salesman peddling Vigora!

  • So, "machine learning" can now translate any speech in any language to text. Where's my universal translator then?

    • Re: (Score:3, Informative)

      by Xest ( 935314 )

      I don't really understand how translating from speech into text is equal to translating from speech to text in a different language.

      I could listen to every word you say and write it down no problem, but ask me to translate it into Japanese or something and I wouldn't have a clue.

      You only have to look at games like Endwar to see how good speech recognition has gotten, it requires no calibration (well, maybe a word or two at the start) and has yet to fail me once and it seems to work for people with many diff

      • by pbhj ( 607776 )

        I don't really understand how translating from speech into text is equal to translating from speech to text in a different language.

        It's not, but textual translation (at least on a slightly better than per word basis) is already possible. So if you can speech->text and then text->alt language you've got a [one-way] translator (of sorts).

    • If youre willing to live with a 5% to 10% success rate (spammers dont get anywhere near 100%) then I can sell you one today.

    • "Where's my universal translator then?"

      -I'm sure you can pick up a Universal Translator down at your local Galactic Marketplace, especially at this time of year. Go to the one by Alpha Centauri and look for something called a "Babel Fish". They're really handy.

  • by Ron Bennett ( 14590 ) on Monday December 08, 2008 @11:55AM (#26033607) Homepage

    Captchas are user unfriendly and relatively ineffective.

    A more effective route is to require a new user to submit their postal address and a phone number. Then the service mails a post card containing a verification code to the postal address and/or calls the phone number. Google does this for AdSense publishers.


    • The day a forum does this I stop posting on them. It's irritating enough having to register without having to wait 2 days for the post to arrive before I can reply.

    • Captchas are user unfriendly and relatively ineffective.
      For smaller operations they are very effective provided you have the sense to roll your own. For larger operations traditional captchas don't work so well but recaptcha which uses challanges sourced from real old books and seems to be on to a winner.

      A more effective route is to require a new user to submit their postal address and a phone number. Then the service mails a post card containing a verification code to the postal address and/or calls the ph

      • by fuzzyfuzzyfungus ( 1223518 ) on Monday December 08, 2008 @12:52PM (#26034643) Journal
        One thing we could do more of(though it is not without risks of its own) would be looking at getting the account as only the first step, rather than the last. For instance, some free webmail service could rate limit new accounts to only X emails/hour, or change an account's rate limit according to how spammy its outgoing messages look(or, within a given service, how often other members mark that account's mail as spam). On forums, you could do the same in response to other user's moderation of posts.

        This would work relatively poorly for high value things like bank accounts (though high value stuff can be handled by more expensive means, like phone confirmation) but it could be quite useful for low value things like webmail accounts. The task of sorting humans from bots on a single computer generated task is getting ever harder, particularly if you need to make a binary yes/no decision on the spot; but giving an account greater or lesser resources according to how human its activity looks is much more tractable. It won't be perfect; but it should reduce the value to spammers of the accounts they do get.
        • For instance, some free webmail service could rate limit new accounts to only X emails/hour
          The trouble is that kind of measure is largely useless if you don't limit the rate at which abusers can get new accounts. If a new account can only send 10 emails per hour and the abuser wants to send 10000 emails per hour they just need to get 1000 accounts.

          So to be effective such measures need to be used in addition to measures against bots creating accounts, not instead of them.

          • As you say, such measures only make sense if you can limit new account rates. I merely propose it because it is something that you can add on, which substantially reduces spamming efficiency, without making CAPTCHAs even more difficult. I suspect that, for most webmail type services, reducing the spam value of an account by half without undue impact on users would be trivial. Reductions of 90% might well be doable with a little pain for new users. In terms of spam per unit time, a 90% reduction in account v
    • My bank does this with a text message. "I don't recognize this computer. How would you like to authenticate yourself?

      Text To: XXX-XXX-0001
      Voice To: XXX-XXX-0001"

      It usually comes through in seconds.

  • Why don't they put some logic in CAPTCHAs which is easy for a human to understand, but impossible for a bot to get right?

    Instead of having to repeat what is on your screen or speakers, you could ask the user a simple question to verify if the user is indeed human. You could for example ask the color of something, or ask for the user to do a simple calculation and post the results. You could also give four objects and ask which one doesn't belong with the other three.

    This would mean that a bot would have

    • by fuzzyfuzzyfungus ( 1223518 ) on Monday December 08, 2008 @12:21PM (#26034053) Journal
      The tricky bit with CAPTCHA is not just asking questions that are easy for humans and hard for AI. There is a huge field of well known stuff, common sense, basic knowledge, etc, etc. that would work. The problem is asking questions that are easy for AI to ask, easy for humans to answer and hard for AI to answer.

      If you have to manually populate your CAPTCHA, you have a problem. It costs just about as much(in money and time) to manually document a set of CAPTCHA questions as it would to build the set. If you can't generate questions automatically, your CAPTCHA will be expensive, or useless, or both. RECAPTCHA is interesting in that is a something of a hybrid. It makes use of real world complexity, from scanned documents; but largely automates the conversion of real world complexity into CAPTCHAs, which makes it fairly practical to use at a large scale.
      • Re: (Score:3, Funny)

        by bendodge ( 998616 )

        Is this why handwriting won't work? Fancy elderly handwriting is especially hard to read. OCR software is rather helpless against it. (I propose hiring retired people to write words sloppily and scan them!)

      • by Ihmhi ( 1206036 )

        I'm assuming that CAPTCHA stores the correct answer in such a way that it can't be directly read by a bot - the CAPTCHA has to be solved.

        Why don't they just use CAPTCHAs that ask questions that are artistic, subjective, etc.? Smoe examples, using pictures I searched for on flickr:

        1) What color is this fruit []?

        2) What kind of animal is this []?

        3) How many rungs are on this ladder []?

        All questions that would be easy for a human to ask but are subjective enough that it would be difficult for a computer to answer the

        • The problem with your proposed CAPTCHAs is generating them and scoring them. Writing a program that can look at pictures and ask meaningful questions, in natural language, about them would be crazy difficult. A matching program to take natural language answers and score them for correctness would be equally unpleasant.

          In essence, for a computer to ask a CAPTCHA question about a picture, it has to be able to analyze the picture and ask a decent question about it, and then interpret the result. For a compu
          • by Ihmhi ( 1206036 )

            It's true creating them automatically would be difficult. That's the point, a computer couldn't do it.

            I'd imagine something more like a volunteer system where you can submit, an open-source project, etc. The work would have to be done by people, but it would be difficult for most computers to crack.

        • Re: (Score:3, Insightful)

          Oh, the other thing, that I forgot: certain sorts of natural language questions would actually be trivially easy to answer, and thus would have to be avoided. Consider your "how many?" examples.

          Obviously there can't be fewer than 0 of something in a picture, and you can assume that(for the sake of not pissing people off) you won't make your customers count more than 20 of something. Thus, if I am trying to crack your CAPTCHA, If my script sees "how many...?" it will just pick a number between 0 and 20, in
        • The main issue with this is that you are limiting your audience to (native) English speakers only. That may be a huge issue to e.g. Gmail and other sites that can handle a larger area than the English speaking world only. The current CAPTCHA is language independent (except of course the audio version(s)).

          And then there is the issue of automatically creating them... a human created pool would quickly prove too small, and computers are not smart enough to create this kind of CAPTCHA. Otherwise they would be

  • Sometimes I am pretty sure I gave the right answer to a Captcha but it is wrong. I wonder if sometimes the Captcha sender deliberately does this to make it harder for a computer program learning how to crack them. Say two out three times it rejects the right answer.

  • The Computer Scientist within me loves the idea as it improvement in Artificial Intelligence and OCR.
    The Consumer Side of me hates the fact that spammers use this technology to make our lives hell.

    My solution would be an electrical implant for every 10 byes of data sent per second you get 1 volt electric shock. If the spammers write these scripts to send all this data immediate punishment for their action. Just a few details need to be worked out, like uploading pictures to your friends or worse a linux is

  • by MarkvW ( 1037596 ) on Monday December 08, 2008 @05:54PM (#26039721)

    What if the applicant for access submits a facial photograph along with his/her application information?

    (1) Use facial recognition software to decide whether a human picture has been submitted. Deny access to those not submitting a picture of a human. Store the picture. Keep refining the algorithm.

    (2) Determine whether the pictured person has been used in a previous attempt to obtain access. If access has been obtained, don't let them create another account unless their present account is terminated. If access has been rejected, then you have a presumptively bad applicant.

    (3) Websites could share database information about the rejected pictured-people. This would bring in more data (like time and volume of a single facial picture's use, for example). That additional information could be used to help refine the algorithm.


  • How about reputation? Akismet is pretty good, so how about extending that a little bit?

    If blogs or other sites want to cut down on automated submissions, they demand OpenID accounts. Then, hook those logins into an RBL like Akismet. If the account submits spam on one site, the account is marked as as spammer and all other sites get the opportunity to block it. Most would probably work on a threshold and points system a bit like SpamAssassin incorporating self-training Bayesian filters or heuristics: normal

  • So far CAPTCHAs are being defeated by bot's Artificial Intelligence. Why not change target to the other direction, and go in the search of human's Natural Stupidity? We humans have a talent in that area that still wasnt surpassed by dumb machines
  • Something is needed to make it more difficult for bots/scripts/etc to register/submit/etc at various sites online but CAPTCHAs have gotten to the point where they are more trouble than they're worth.

    It's gotten to the point where it usually takes multiple attempts to get it right and I'm personally sick of it. I'm tired of having to waste my time and it's now at the point where I would rather take my business elsewhere than deal with having to guess a random string of indecipherable letters and numbers.


Always leave room to add an explanation if it doesn't work out.