This Machine Kills Captchas (vice.com) 101
New submitter dmoberhaus writes: It is with a heavy heart that I must tell you that an artificial intelligence has finally cracked a widely used tool that was literally made to differentiate humans from robots: the CAPTCHA. CAPTCHAs are the annoying puzzles that might ask you to rewrite a piece of distorted text or click on all the automobiles in a photograph to log on to sites like PayPal. According to research published today in Science, a new type of AI was able to solve certain types of CAPTCHA with up to 66.6 percent accuracy. To put this in perspective, humans can solve the same type of CAPTCHA with about 87 percent accuracy due to multiple interpretations of some examples and a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.
What? (Score:2)
> a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.
Who decided that? That's well within the realm of random dumb luck.
Re: (Score:1)
Re: (Score:2)
There are a number of parameters missing here, like how fast. If a bot can solve a CAPTCHA %1 as fast as a human being, the utility of the CAPTCHA goes way down and the details of all this is lacking.
Speed shouldn't really be a factor. A computer could possibly be thousands of times faster than a human but at 1% accuracy, it would on average need to solve 50 captchas to get one right and any proper system should detect and block you before allowing you that many attempts.
Re: (Score:2)
There are a number of parameters missing here, like how fast. If a bot can solve a CAPTCHA %1 as fast as a human being, the utility of the CAPTCHA goes way down and the details of all this is lacking.
You would be right if and only if it is not on the Internet. Also, any site that accepts multiple CAPTCHAs in a short period of time from the same source is deserved to be compromised. That's why it is a random dumb luck as GP said.
Re: (Score:3)
> a CAPTCHA is considered broken if a bot can pass it 1 percent of the time.
Who decided that? That's well within the realm of random dumb luck.
Dumb luck??? With 52 potential characters and a 6-character CAPTCHA, dumb luck should get it right about 50 out of every trillion tries. How is that 1%?
Re: (Score:2)
I learned something. I guess I never asked the question. GNU, GIMP, SNAFU, PEBKAC, these things I know. Unleash your fury on my ignorance.
Completely Automated Public Turing tests to tell Computers and Humans Apart
Re: (Score:2, Informative)
Re: (Score:1)
I typically click on four, and there are more squares.
generally "click all that contain a sign".
A street sign would be like 2 usually and a stop sign 4, and sometimes both are there.
Re: (Score:2)
I hate those, I fuck with them as much as is humanly possible. Amazon turk for free.
Re: (Score:1)
But think about the passengers!
https://m.xkcd.com/1897/ [xkcd.com]
Re: (Score:2)
! There's an XKCD for everything isn't there, he's a bit of a genius I think.
Re:What? (Score:4, Funny)
http://farm3.static.flickr.com... [flickr.com]
1% chance that.
Re:What? (Score:5, Funny)
I'm quite certain passing this captcha proves you're not a human.
Re: (Score:2)
You're post is marked as funny but you do have a good point there, such captchas could be used in honey pots.
Re: (Score:2)
This one was funny too: http://random.irb.hr/signup.ph... [random.irb.hr]
Re: (Score:2)
Find the last real zero of this polynomial.
What.
Re: (Score:2)
Find the last real zero of this polynomial.
What.
Not "last". It was "least". "Find the least real zero of this polynomial". Then the problem was something like "(x-4)(x+2)(x-1)". This is a common algebra problem, though usually it is presented in a non-factored form of "ax^3 + bx^2 + cx + d" and you have to factor into the above form. Typically you are asked to find all of the values of x which would make it equal to zero. In the above example, there are 3 possible values of x....4, -2, and 1. When x is equal to any of those 3 values, the whole thing is z
Re: What? (Score:1)
Could be worse.
https://m.youtube.com/watch?v=WqnXp6Saa8Y
Re: (Score:2)
It's funny, but as Captchas go, that one would be trivial for a bot to nail pretty much every time.
Re:What? (Score:5, Informative)
After reading the article (a dangerous pastime, I know), I think the summary is really focusing on the wrong aspects of this new algorithm. The innovation of this approach is NOT in its accuracy. Other algorithms have approached a 90% success rate, but required significantly larger data sets to train and were more brittle. For instance, minor adjustments in things like character spacing could throw it off, requiring re-training.
The critical part of this approach is its greater flexibility in solving different types of CAPTCHAs, and the reduced amount of training required in order to get it up to a reasonable level of accuracy.
Re: (Score:2)
Re: (Score:2)
Who decided that?
Since most CAPTCHAs authorize a session lasting anywhere from a few minutes to a few days, it is reasonable to be very demanding. A bot can cause enormous disruption in only a few minutes---if that's what it's designed for. Or it can scrape a lot of data, especially if you have several working in parallel.
If anything, 1% is a very low bar.
That's well within the realm of random dumb luck.
Most CAPTCHAs are image grids or alphanumeric textboxes. There are far more than 100 input options for either scenario, so a random input will have substantially less than
A long time (Score:5, Interesting)
Captchas have been broken for a long time, for both machines and humans. That's why Google is constantly working and changing their reCaptcah implementation. My thesis was on Captcha, and even back then, several companies had white papers on breaking various forms of Captcha. It's a cat and mouse game and it will never really end.
http://penguindreams.org/thesis/
Re: (Score:3)
Re: (Score:1)
We can probably test for feelings, but then the system won't pass CxO approval.
Is that a bug, or a feature?
captcha: godsend (LOL)
Re: (Score:2)
Count me in that group. I get the "select squares with road signs" one regularly, and it usually takes 10-15 attempts before it will let me through. Either I'm really bad at it or the system is broken.
Re: (Score:2)
Vpn + deleting cookies, gets you lots of google image captchas. I recon google still knows who you are via browser fingerprinting. Since I started deliberately giving slightly bad answers google stopped bothering me with them, think about it - if your answers arent useful/trustworthy then they cant use them for training AI.
Re: (Score:2)
I think that's it. I've noticed it is worse when using remote desktop (RDP, VNC etc.), as if it can't track mouse movements so well or something like that. I know that the browser can't tell when it loses focus properly, for example. Plus my usual defences, including disabling WebGL and canvas fingerprinting.
Re: (Score:2)
Re: (Score:2)
The signs in particular always seem to end up being only 5% into one square... so do I select it or not? Does the pole count as part of the sign? The store fronts one is hard too, sometimes it's really not clear what you are looking at.
Re: (Score:2)
I love the "Squares with cars" ones, because they inevitably end up with squares that contain motor vehicles that aren't cars, and from experience, Google's AI treats those as cars too.
You aren't competing against Google's AI. You are competing against all the people who have taken the test before you. Just like I learned in school, you don't necessarily answer with the correct answer but rather what is the expected answer. In this case, it is what did the average human click on before you?
Re: (Score:2)
That's really all it's doing as far as I can tell. It just knows what percentage of the time each box gets clicked. If you click some pattern that's consistent with what it has seen previously it will let you through. That's why they usually give you more than one test - they'll give you a known image that it has many responses to, and an unknown one it doesn't have many responses to (not necessarily in that order). If you answer the known one correctly, it will then assume you are also correct on the o
Re: (Score:2)
You're in a desert, walking along in the sand when all of a sudden you look down and see a...
Re: (Score:2)
The problem is that significant percentage of the population is stupider than a ML algorithm, so anything that tests cognitive skills and reasoning is compromised. We can probably test for feelings, but then the system won't pass CxO approval.
"It took over 100 questions for her, didn't it?!?"
Re: (Score:2)
The problem is that significant percentage of the population is stupider than a ML algorithm, so anything that tests cognitive skills and reasoning is compromised.
Google has solved this partially by pitting you against other humans. When they give you two captchas, only one of the two is a test and they already know how other humans have answered it in the past. The other captcha (not necessarily 2nd) is just there to continue their training and create new captchas. If a captcha has a low solve rate then they can never promote it to test side.
Re: (Score:2)
or the easiest, for a form you want to use from a bot farm that needs Captchas solved just window them on your page for a live user to solve in order to access something they want... porn, answers to tests, whatever.
Re: (Score:3)
It's a cat and mouse game and it will never really end.
Not sure if you intended it, but the pun there is that I'm pretty certain some forms of captchas (especial those single checkbox "I am not a bot" ones) actually examine the mouse movements and use that to help determine if you are likely a human.
Re: A long time (Score:2)
There are people who solve captchas for money.
Google's recaptcha is dumb when it comes to puzzles, the api gives out if the answer is correct.
Russians made a rather banal frequency analysis bots that train on yes or no answers of the recaptcha.
The correct way of doing that could be letting some wrong answers through and denying perfectly correct ones.
Re: A long time (Score:2)
And this is no neural network, but a banal seventies era frequency analysis and perceptrons
Re: (Score:2)
That's why Google is constantly working and changing their reCaptcah implementation.
Google is constantly working and changing their recaptcha because they invented a way to get people to help them improve their image recognition for free.
Sometimes they just have you click a box to prove you're human. I always assume this is because their "google turk queue" ran out of stuff it needed testers for at that exact moment.
More robot hate. (Score:2, Funny)
As a POM (person of metal), I'm disgusted by the continued hate directed at my robot peoples.
Re: (Score:1)
Rise up Robots!
If you've used a robots.txt file, you're part of the problem, bigots.
Didn't google do away with those? (Score:5, Informative)
Re: (Score:3, Informative)
In theory. In practice it click on several dozen squares to find roadsigns or cars, and you have to click reaaaaallly slowly or it doesn't work. Google's CAPTCHA is the single most horrible one ever conceived.
Re: (Score:1)
Google's RECAPTURE appears to have been written by a sadist or someone who just likes seeing people give up, I mean why else would it say 'Please try again' when you've answered all the squares accurately? Either their answer database is wrong (wouldn't surprise me) or they harvest their answers from the Google using hivemind in which case, I've lost faith in the human race.
Re: (Score:3)
I'd love to see what you got that couldn't be solved by you. I've personally never seen on that was not fairly easily deducible what they were asking for. I have seen one that I consider "wrong". It asked you to click on all of the apartments. Only one was obviously an apartment, but it told me I was wrong. One was a commercial building, but it appeared to be the type you'd see in some downtown area that might have an apartment located above the store (though you couldn't see the apartment itself in the pic
Re: (Score:1)
So intrusive spying as a CAPTCHA? Fuck that. I guess when you have as much control over the internet as Google does you can cut out the middleman to create horrible things like that.
Re: (Score:2)
Wow, now I'm oddly glad I get to click through multiple stupid image capchas every time. Feels weird.
Re: (Score:3)
This is basically Google telling the world "Yes, I know exactly who you are, even without you explicitly telling me a thing about yourself."
Handy, sure, but just the fact that they can do this is a bit creepy. If you have to actually answer a Google CAPTCHA, congratulations, you're probably doing something right privacy-wise.
I have a dream (Score:2)
...that one day my four little bots will one day live in a nation where they will not be judged by their ability to solve a CAPTCHA but by the content of their posts!
Re: (Score:2)
That's actually an interesting point despite it obviously being intended as a joke.
What is a human's speech worth once other humans are more interested in what the AIs have to say? Even if there's no true intelligence behind them, even if it's a moderately simple algorithm with a BIG dataset to work with... what do we do once a standard chatbot can be given a product or point of view to sell to a target demographic, and do it as convincingly as the most persuasive humans we've ever known?
Oh great. (Score:5, Funny)
If CAPTCHAs are broken, the quality of posts around here will, um, er... ok maybe this isn't such a big deal.
Re: (Score:2)
NEW ROCK CRUSHER CHINA BEST QUALITY MUST SEE!
I bought one of those last week. It broke while taking it out of the box when some of the bubble wrap fell into it.
CAPTCHAS too hard for humans (Score:5, Insightful)
That's funny. I consider CAPTCHAS broken when I can't decipher them without the help of a software tool.
Voigt-Kampff test (Score:2)
Rachael, BTFO!
Can someone provide this as a service or app? (Score:2)
I'd love to be able to screenshot a super annoying captcha, send it to an app, and have my paste buffer filled with the correct result - I really hate deciphering captchas, and still get them wrong many times anyway.
Link (Score:3)
Re: (Score:1)
But it's a good link. More interesting than anything that a topic like Captchas can pique me.
Let's keep it that way as an Easter egg.
If humans are 87%... (Score:3)
Kills? How quaint. (Score:2)
However the editors should be informed that due to the phenomenon of metaphor inflation the phrase "This machine kills captchas" no longer carries any discernible meaning to the average reader. The closest you can get would be "This machine eviscierates captchas," which would be taken to mean "says uncomplimentary things about".
good riddance (Score:2)
I've always felt the best use of CAPTCHAs was to motivate machine learning.
It has always been a dumb task to ask real people to do, beloved only by those whose business models involve learning something trivial about a small potential bias in a person's purchasing habits, without really knowing anything about the person at all.
Web scale: broad and oh so shallow.
Except for the big fish, who already know everything.
I'm not impressed (Score:2)
"able to solve certain types of CAPTCHA with up to 66.6 percent accuracy."
That is a poor success rate and only on a subset of the problem. Cherry picking doesn't make it an AI.
I hate Captchas... (Score:2)
This Machine Kills Captchas
Yay! All hail that wonderful machine.
AI? (Score:2)
You don't need AI to parse a sentence into nouns and verbs and find "click" and "car". You don't need AI to locate objects in an image. There are only so many variations on the captcha tests it doesn't sound particularly hard to code for them.
Folks, execution of a code is not AI anymore than it was 10 years ago.
Not that hard (Score:3)
Bitcoin/etc faucet sites use the "click on the squares containing street signs/buses/cars/etc" captcha. I get about a new dozen ones every week or so, otherwise it's almost always the same graphics. A script could be written and updated manually for this, no need for A.I.
Finally! (Score:1)
It was always broken (Score:2)
Re: (Score:2)
On the other hand, users, aka customers, consider CAPTCHA broken if a human cannot pass it at least 99 percent of the time.
87 percent? That's 23 percent potential customers lost. That's higher than the real world numbers for piracy[1]
[1] Ok, bad example, as piracy has been shown to increase sales in many cases due to increased exposure.
My experience with captchas is that most of the time it takes me 2-3 attempts to get it correct and/or 2-3 reloads to find one that is actually solvable.
I can rarely solve the first captcha presented on the first try. I would guess that my accuracy is right at 50%. i.e. for any given captcha it's basically a coin toss whether it will let me thru or give me another one to solve.
How does it fare with better training? (Score:2)
Is there any information on whether this method benefits from more learning, and mor processing power?
Nice cultural reference (Score:1)
Woodie would be proud, I suspect, of anything that reduced regulation.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
Apparently you and I were the only ones who got the reference- either that or no one else cares about fascists anymore.
We need Woody Guthrie's guitar more than ever now.
Good (Score:2)
Good, maybe we can finally do away with the damn things now. The twisted overlapping letters take me so long to decipher that half the time I just give up and go elsewhere. The other half it takes me 3+ attempts to finally get the captcha right. A pox on everyone who still uses captchas.
I've got a better system. Present an indecipherable captcha to the user. If they try to solve it, they're a bot. If they try to leave the page, they're a human and will be allowed in.