Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam The Internet Technology

3D-Based CAPTCHAs Become a Reality 192

mateuscb writes "A new way of creating a CAPTCHA using 3D objects has become a reality. The idea was thought up independently by blogger Taylor Hayward and by the folks at YUNiTi.com. 'Similar to Hayward's idea, this new technology relies on our ability to identify objects in 3D instead of using alphanumeric characters. YUNiti's 3D Captcha, however, has three objects in the challenge and extends the list of images to any object, not limiting it to animals as in Hayward's idea. This increases the challenge's level of complication to prevent computers from successfully making the correct guesses.' I, for one, welcome the thought of not having to read more and more complex CAPTCHA. Lately, I've been having a hard time getting CAPTCHA to work the first time."
This discussion has been archived. No new comments can be posted.

3D-Based CAPTCHAs Become a Reality

Comments Filter:
  • 3D? Pfft. (Score:2, Funny)

    by Anonymous Coward

    I want 4D CAPTCHAs, so even humans can't figure them out. Think... Hypercube... the CAPTCHA.

  • First time? (Score:5, Funny)

    by Tubal-Cain ( 1289912 ) on Friday March 27, 2009 @08:19PM (#27366523) Journal

    I've been having a hard time getting CAPTCHA to work the first time.

    And the secondtime . And the third time. And the fourth. And the....

  • Rationality check (Score:4, Insightful)

    by mongrol ( 200050 ) on Friday March 27, 2009 @08:21PM (#27366543)

    Let's see now. If the spammers and robot makers went outside, done something worthwhile and produced something the world badly needs (food) then this nonsense wouldn't exist, I could surf in peace and the starving millions would live a little longer. The very existence of CAPTCHA's proves the human race is badly in need of a reset.

    • Parent nailed it.

      It's all the spammer's fault that we waste time on captchas.

      • Or maybe it's our fault we make the spammers work harder to get around our filters! Bet you didn't think of that did you!

        They'll send it off to porn sites or whatever and have people analyse it from there - can always get around them, it is just a question of resources.
      • Actually, captchas will come in handy when the android apocalypse happens.
    • by MWoody ( 222806 ) on Friday March 27, 2009 @08:45PM (#27366775)

      Such is the way of all intelligent life, though. If you build a maze for a mouse, the rodent may run its course a thousand times to reach the end and its reward. But never be fooled for a second: the mouse likes the cheese, not the maze. If he finds a way to climb over the walls and skip the test entirely, you should be neither surprised nor angry, as the failure is yours.

    • by Idiomatick ( 976696 ) on Friday March 27, 2009 @08:53PM (#27366827)
      We should spend that effort spammers put out to get useful work done. Re-captcha is a perfect example. How about Google, want a new tagging system for images? It would make image search MUCH more usable. It could also be used to help AI/learning and object recognition. Just set up Captchas to do meaningful boring things that otherwise would not get done. I've no idea why this isn't more widespread.
    • Re: (Score:2, Funny)

      by Seto89 ( 986727 )
      Resetting the human race? That's ROBOT talk!!
  • Interesting, but in a previous /. discussion, I got convinced that there was no perfect captcha, since one can simply pay a group of underpaid workers (e.g. in poor country) to manually solve the captchas...

    • by bobetov ( 448774 ) on Friday March 27, 2009 @08:26PM (#27366575) Homepage

      It's much worse than that. Put up a porn site. Use free content. Have a "Solve captcha to get free pics!" blocker.

      Now, grab a captcha you want to break, show to pornaholics, get solution, pass it back to the original site.

      Perfectly unbeatable captcha solving, for virtually free, and totally automated.

      Feh.

      • by MeanMF ( 631837 ) on Friday March 27, 2009 @08:35PM (#27366677) Homepage
        Easy - just make the CAPTCHA so you have to simultaneously type something with both hands.
        • Re: (Score:2, Interesting)

          by CMKCot ( 1297039 )

          Easy - just make the CAPTCHA so you have to simultaneously type something with both hands.

          I think that could actually be good idea. having not just to type but also to follow certain rules typing, like following a simple rhythm. Maybe typing something under an abstract set of rules, like "make me a triangle" answer could be any combination of keys that results in a triangle, like "sef" "gbh" "vym". Oh well, I'm sure someone thought about it already and found a flaw on it. PS: thinking possible CAPCHA schemes is a fun pass-time.

          • I'll bet that robots could do that easier than most people. People don't multitask very well while robots seem to have no problems with it.

            Wait do you mean that the ability to multitask would mean it is a robot and not a human?

          • What if somebody is using a non US keyboard?

          • Re: (Score:3, Funny)

            by shoemilk ( 1008173 )

            like following a simple rhythm.

            Dear god! Like I don't fail captchas enough without adding in my rhythm-less whiteness to the equation!

      • by RyoShin ( 610051 ) <tukaro@[ ]il.com ['gma' in gap]> on Friday March 27, 2009 @09:33PM (#27367121) Homepage Journal

        That's very true. The problem now isn't rendering CAPTCHAs useless, it's doing so by automated means.

        As you said, anything that must be used by humans can be broken by humans. But you still wind up with logistics problems--having the money to pay these people (or, in the case of free porn, the bandwidth and content to keep them interested) and the fact that those people are still limited by their humanity. Even the fastest typist wouldn't be able to complete a form (CAPTCHA aside) as quick as a robot. And, if a robot can break a CAPTCHA, it can fill that out faster than a human, as well.

        So the issue is preventing, or at least slowing down, robots, which can work 24/7 without a break. A variety of things have been done with normal CAPTCHAs to do this: colors, lines, running letters into each other, adding cats and dogs to letters (seriously). This step, once "perfected" and widely adopted, will be a huge leap in stopping these robots. Even if they can be trained to have a copy of the exact 3D models given (which are sure to increase in variety if not types), they still have to take a picture of it from every single angle, which I believe is 359^3 images, and then compare every single one (which is O(x^n) time, where x is the time for one image comparison).

        It's an arm's race, though. Eventually some enterprising hacker will figure out a way for bots to "guesstimate" based on various aspects of an image, and once that solution is sold to the highest bidder we start the war all over again.

        • Well, we better hope the captcha crackers don't use this technology [slashdot.org] to identify objects based on their 3D shape.

          I suppose if only a flat 2D image is sent out, it'd be more difficult - but if a 3D model is sent out, which is rendered on the client side, then it's asking to get cracked.

          Although... a smart AI could learn over time if someone were dedicated enough to teach it what every image represents, from multiple angles - but that'd take a long time.

          They need to alternate the selected images a lot, so that

          • by RyoShin ( 610051 )

            I doubt the entire 3D image is sent client side. There's no way outside of flash to structure it, and even if there was it would take way too long to render it.

            As for AI learning, it doesn't need to; writing a proper AI and then teaching it would take far longer than just rending a 2D shot for every possible angle (hence my 365^3 figure) and then comparing, at least for this early sample of images. An AI would be the best way to go about the general and long-term case, but I doubt spammers have the resourc

        • Re: (Score:3, Interesting)

          by Zerth ( 26112 )

          One, 359^3 leaves out rotations on multiple axes.

          Two, even including that, though, you don't need every degree along each axis of rotation, you could probably get by with eighths or maybe even quarter rotations if current machine vision techniques are used. I've seen optical testers that could identify a particular object rotated along one axis with just one "quality ideal" reference photo and tests a few hundred objects/second. Not angles, objects. Spits them out like a machine gun.

          • by RyoShin ( 610051 )

            What am I forgetting? Shouldn't 359^3 cover a rotation to any point in three-dimensional space, with 359 degrees for each axis?

        • Re: (Score:3, Funny)

          by noidentity ( 188756 )

          It's an arm's race, though.

          Actually, I don't think there are any arms racing here, though I could be wrong. That kind of race sounds boring, anyway.

        • 359^3 is not right. Recall spherical coordinates theta, phi, and r. There are 360*180 possible 1-degree increments, for the coordinates theta and phi, since r is fixed. Another way of looking at it is think of the animal inside of a clear plastic ball; a reference point on the ball can only move in 2 dimensions i.e. the surface of a sphere. (Also, 0 through 359 degrees is 360 increments, not 359 increments.)

          And even that is not strictly correct, if you want a uniform distribution, since in spherical coor

      • Re: (Score:3, Interesting)

        From the rReCAPTCHA FAQ

        Are CAPTCHAs secure? I heard spammers are using porn sites to solve them: the CAPTCHAs are sent to a porn site, and the porn site users are asked to solve the CAPTCHA before being able to see a pornographic image.

        CAPTCHAs offer great protection against abuse from automated programs. While it might be the case that some spammers have started using porn sites to attack CAPTCHAs (although there is no recorded evidence of this), the amount of damage this can inflict is tiny (so tiny that

    • by forkazoo ( 138186 ) <wrosecrans AT gmail DOT com> on Friday March 27, 2009 @08:37PM (#27366701) Homepage

      Interesting, but in a previous /. discussion, I got convinced that there was no perfect captcha, since one can simply pay a group of underpaid workers (e.g. in poor country) to manually solve the captchas...

      If it requires actual workers, then it is a perfectly working CAPTCHA. "Completely Automated Public Turing test to tell Computers and Humans Apart." Don't think of it as a way to keep bad posts from your forum, because it isn't. It just tries to increase the likelihood that a human was involved in the process. If you want to limit abuse, getting a guarantee that a human was involved is only one small step in the process.

    • by Goaway ( 82658 ) on Friday March 27, 2009 @10:19PM (#27367375) Homepage

      If the spammers have to pay to spam, we've already won.

  • You can easily generate new images by rotating the 3D model a bit, changing the lighting, colors, etc.

    The Question and Answer images could be generated the same way. You have to constrain the camera a bit so it isn't "What kind of animal has this butt?", but other than that you have a very large space to grab from.

    Still doesn't solve the "porn for captcha" hack, but this would tell humans and computers apart for a while.

    • Yet, at the same time there is just as much, and probably more effort going into image analysis. How many universities are currently working on automated vehicles that have some sort of system for analyzing and identifying objects in it's path, or even simple worker-bots that can tell between a coffee cup and a stapler.

      Once that's established, all it would take is a couple manual hours to put the images into a 'like' groups, that could be done with the porn-hack.

      I still think a story-based system would work

  • object recognition (Score:3, Interesting)

    by saiha ( 665337 ) on Friday March 27, 2009 @08:26PM (#27366587)

    I dunno, there has been quite a bit of research done with image/object recognition. You could break this by not matching pictures directly but by seeing that the first one is a bunny (so look for a bunny in the list), the second one is a hammer, etc...

    • by 5pp000 ( 873881 ) *

      I think it's easier than that. I think you could just do a Fourier transform or the like to look at spatial frequencies. I'm not a computer vision expert, but this looks really easy.

  • We need something different. Personally, I can't comprehend 2D captchas. I think I might be an android, pre-programmed with false memories of childhood.

    This 3D technology will finally help me solve this existential issue.

    (BRB, gotta go recharge)

  • Seems obvious to me. I can't believe people are making a big deal out of this, especially those who have ever worked with CAPTCHAs before.

    What's next, an "innovation" because it plays a (readily recognizable to the target audience) music sample? Same idea you know.

    And I bet blind people are driven baty with CAPTCHAS anyway, this just makes web pages even less accessible to them.
    • Re: (Score:2, Interesting)

      by jebrew ( 1101907 )
      How about animated text in a flash box that you have to read...surely it would be pretty hard for a bot to read 3-d rotating animated text right?

      Would that be innovative?

  • by Louis Savain ( 65843 ) on Friday March 27, 2009 @08:34PM (#27366669) Homepage
    CAPTCHAs are among the best motivators for progress in AI research since DARPA began throwing gobs of money around. The question is, what will happen to online forums and social/financial networks when machines become indistinguishable from humans?
    • Re: (Score:3, Funny)

      by Anonymous Coward
      They will be smart enough to wonder why they have to post ads for cheap mortgages.
  • Easy to defeat (Score:4, Insightful)

    by grumbel ( 592662 ) <grumbel+slashdot@gmail.com> on Friday March 27, 2009 @08:44PM (#27366767) Homepage

    As is, this seems relatively easy to defeat and well within reach of available technology. The number of 3D models is rather low and they have a very clear silhouette and also a very distinct one for each models. So all one has to do is to search for the best matching silhouette.

    The good thing however is that 3d models have enough flexibility so that one could conquer many attacks, adding background images and texture would make it much more difficult to get a clear silhouette and one could of course easily introduce many more models into the mix.

    • Re:Easy to defeat (Score:4, Interesting)

      by Hognoxious ( 631665 ) on Friday March 27, 2009 @08:56PM (#27366851) Homepage Journal

      The number of 3D models is rather low and they have a very clear silhouette and also a very distinct one for each models.

      They were all pretty easy except for the toilet. I assume it's the lower left one in the grid, but I had to work it out by elimination.

    • by Zadaz ( 950521 )

      Why would I go through that much effort? Why not just choose one of the nine possibilities randomly? Sure I'd only get it right 11% of the time, but it wouldn't take any skill or computational power.

      Any CAPTCHA that lets you pick one of a selection is useless.

      Perhaps if they had a little applet that asked you to rotate a 3d model to a matching orientation they'd be on to something, but I don't know how strong most people's 3d reasoning skills are.

    • Re: (Score:2, Insightful)

      Actually no. The objects are rotated and at different perspectives, so it's not the same silhouette at all. Also, they throw in a tricky one every so often, like they show you a helicopter but there is only a plane to chose from, i.e. it's a flying object. It might catch some dumb people, but most humans will have a go at a logically similar picture.
      Also, to those posters who say CAPTCHA's can be overcome by porn site watching humans, well yeah, but a CAPTCHA is by definition a test to tell humans and compu

    • by waveclaw ( 43274 )

      Then change the questions and the image.

      As is, this seems relatively easy to defeat and well within reach of available technology.

      Google's image search could even provide a loophole. Just get the images onto Google images and let users tag them for free.

      The good thing however is that 3d models have enough flexibility so that one could conquer many attacks

      Instead of asking 'what is in this picture' all the time, how about asking hard semantic questions about this picture?

      The article showed a CAPTCHA with a

    • ... text has a clear silhouette as well, altering backgrounds and warping the text hasn't seen a great deal of effect there.

      There's a limit to how you can rotate the shapes in 3D too, at a certain point they just won't look right. When it's sitting flat and rotated 90 degrees, does the fork really look like a fork or just some weird curved line?

  • I wish CAPTCHAs came with more detailed directions. Specifically, is the system case sensitive? Are the tall ovals without a line running through them (or a dot) a zero or an O? Are capital I s visually distinct from lowercase L s?
  • How long before someone creates an autostereogram captcha?
    • Oh please no. Not everyone can see those things.
    • Easily broken by computer and people can't all do them. If you wan't a robot only site though.... That'd be a cool concept have a captcha SO hard that only bots and hackers will get in. Exclusive nerd website!
      • Can you point to an example of a computer 'undoing' an autostereogram image? That's something I'd like to see, how well it reconstructs the original base image.

        Back when they were all the rage I wrote a program on my Amiga to create them, took bloody ages to work out how to do it, finally figured out that the pattern is contracted/expanded depending on the brightness of the base image and that the contraction/expansion of the pattern is accumulative.
    • They can create one if they want, but I can't see those. I'm sure I'm not the only one.

      On the other hand, any site that's so poorly thought-out that it wants to use one of those, I'd probably never want to visit anyway.

  • An Alternative (Score:4, Insightful)

    by Nom du Keyboard ( 633989 ) on Friday March 27, 2009 @09:01PM (#27366889)
    Or as an alternative, we could actually track down the people who continue to make the Internet a swamp, beat them within an inch of their lives, let them spend a hot humid summer in full body traction, and maybe not only wouldn't they do it again but others might not either.

    And put it on YouTube afterwards.
  • For a moment I thought that credit was being given to Howard Tayler [schlockmercenary.com], not Taylor Heyward.

    He'll just have to settle for being known as the inventor of the Ominous Hum.

  • The problem with 3d images, and complex non text CAPTCHAs in general is image size. You need to have enough different images so that the computer can't just brute force it, and those images need to be big enough so the user can actually see it. by the time you fulfil these obligations the CAPTCHA is taking up a good 3/4 of a page.
    • by guruevi ( 827432 )

      That's why you let the computer generate it. If you manually generate a captcha then your input is very finite only to the extent you have patience/money. The crackers most likely have more patience than you and it's quicker to solve than generate. They only have to have their machines memorize a few to be successful.

      If you let a machine generate it, it's theoretically infinite so they can't let a machine memorize, now they have to let the machine recognize it. Not impossible but more difficult and harder t

  • This seems to fall into the same pit that normal CAPTCHAs have: the Blind. But, it will likely be dealt with in the same way.

    The big problem with the current implementation is that it relies on Javascript, which has a whole host of problems from cross-browser compatibility to having Javascript enabled at all.

    I imagine this won't be a problem for long, though. At worst, you basically put up all the arrays at once and stick them with radioboxes. The problem is that this becomes extremely cluttered and likel

  • Lately, I've been having a hard time getting CAPTCHA to work the first time.

    The time is fast approaching when CAPTCHAs will be too difficult for entry by humans. The only logical solution is to start an open source project to create a program that will enter the required data for you. Without this, we are looking at a time when humans will be unable to access their email or post on a message board, and only spam bots will be left. (Come to think of it, given what I see in most of my email and most pos

  • by im_thatoneguy ( 819432 ) on Friday March 27, 2009 @09:44PM (#27367163)

    It's becoming more evident every day that the first cylon will be a Captcha solver.

    It won't be too long before Captchas will be little reading comprehension tests like on a 3rd grade social studies test.

    After that we'll just have to revert to empathic testing. Sadly those with Autistic Spectrum Disorders will no longer be able to use webmail.

    • After that we'll just have to revert to empathic testing.

      The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over but it can't. Not without your help. But you're not helping.

      • The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over but it can't. Not without your help. But you're not helping.

        We're sorry, that username is already in use. Please choose another.

        Describe in single words only the good things that come into your mind about... your mother and press ok.

  • Sadly - or perhaps fortunately, depending on how you plan to apply the technology - classification of 3d objects against a known library of objects is a mostly solved problem. There are a few ways to go about doing it, such as neural networks, boosting classifiers, or support vector machines, but you essentially train a set of classifiers against a bunch of known images of the 3d objects from different perspectives, and thereafter, it tells you what class of images best represents the image that you query

    • Re: (Score:3, Informative)

      by QuoteMstr ( 55051 )

      every time somebody adds a 3d object into their captcha, you would have to get enough sample images to train your classifier.

      It's worse than that, actually. Remember, a machine doesn't need to pass the captcha every time. You only need to worry about re-training your image recognizer when the success rate falls below a useful level, and even very low levels of CAPTCHA success are useful for spammers.

      Personally, I think the regular photographic captchas (i.e., "click on the Siamese cat") are a better idea.

      Wo

      • Sorry, I guess my example was poorly expressed. I didn't mean that every single time, the captcha asks you to click on the Siamese cat. Rather, it asks you to click on {insert randomly chosen class here} and displays a bunch of photos, one of which corresponds to that class.

        The only way you can really overcome a classifier like that is to overwhelm the person using it by providing them with too many classes, or overwhelm the classifier by providing too much variety within each class. It's a lot easier to

    • by Goaway ( 82658 )

      Personally, I think the regular photographic captchas (i.e., "click on the Siamese cat") are a better idea.

      If your first language is not English, you might not know what a "Siamese cat" is. And a computer can just take a guess at random and keep guessing until it gets it right.

      Most of these idea fail for those two reasons: cultural dependencies, or far too small answer space.

  • Isn't this (i.e. classifying 3d objects under rotation, distortion etc) already basically solved? It's the sort of thing you assign people MSc projects to do...
  • No really, make sure a real human is voting, and all that.
  • by Animats ( 122034 ) on Friday March 27, 2009 @10:56PM (#27367579) Homepage

    3D recognition is a solveable problem. As someone else mentioned, there are machine learning techniques that work. Recognizing a 3D object from multiple angles is a very old AI problem, one that DoD-funded work was addressing as early as the 1960s. It's easier than 3D reconstruction from multiple 2D images, which is a commercially available technology.

    I think we're reaching the end of the line on CAPCHAs. There's now overlap between the smarter vision programs and the dumber users.

  • by peterofoz ( 1038508 ) on Friday March 27, 2009 @11:15PM (#27367699) Homepage Journal

    So Jagex's Runescape MMORPG has had this for a couple of years in random events to defeat macros.

    http://www.runescape.com/ [runescape.com]

  • Spammers now hire the desperately poor and pay them to solve CAPTCHAs. Defeating that will involve either improving economic conditions in poor areas so that people won't be willing to do so any more, or writing a system more intelligent than humans.

    One of these is difficult, the other will result in the Singularity. I'm hip with either.
  • These are easy to crack, because the same captcha recognition software can be used with just a few patches. This is because there is very little if any difference between recognizing a twisted and rotated letter and recognizing another "symbol" like an airplane or fork. From a technical point of view, they are all symbols, and only the domain increases, but not by many objects, I think. And these are easy to solve because it isn't about pixel matching, which the rotations presumably sabotage. It works the s

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...