Next-Generation CAPTCHA Exploits the Semantic Gap 327
captcha_fun writes "Researchers at Penn State have developed a patent-pending image-based CAPTCHA technology for next-generation computer authentication. A user is asked to pass two tests: (1) click the geometric center of an image within a composite image, and (2) annotate an image using a word selected from a list. These images shown to the users have fake colors, textures, and edges, based on a sequence of randomly-generated parameters. Computer vision and recognition algorithms, such as alipr, rely on original colors, textures, and shapes in order to interpret the semantic content of an image. Because of the endowed power of imagination, even without the correct color, texture, and shape information, humans can still pass the tests with ease. Until computers can 'imagine' what is missing from an image, robotic programs will be unable to pass these tests. The system is called IMAGINATION and you can try it out." This sounds promising given how broken current CAPTCHA technology is.
Too hard. (Score:5, Insightful)
This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.
*or annotate... or centre
worthless (Score:5, Insightful)
Blind people? (Score:5, Insightful)
Re:Too hard. (Score:3, Insightful)
The general public will not know what "geometric" means*.
This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.
*or annotate... or centre
It's still trivially crackable. (Score:5, Insightful)
Then there's also the option of paying Warcraft gold farmers to solve captchas and take a break from the game.
Stupid Captcha (Score:5, Insightful)
Re:Too hard. (Score:5, Insightful)
To be optimistic, I actually like to think of it the other way around:
CAPTCHAs are providing a valuable evolutionary pressure on machine vision/artificial intelligence development!
=Smidge=
Re:Too hard. (Score:2, Insightful)
Here's my plan: cleanse the gene pool. We'll just eliminate warning labels from everything and when the stupid freaking idiots fry themselves blow-drying their hair in the bathtub because there was no warning label on the hair dryer saying "WARNING: RISK OF DEATH!!! DO NOT USE IN OR NEAR WATER!!!", Darwin's theory of survival of the fittest will kick in and we'll be rid of the bloody morons.
Re:Blind people? (Score:5, Insightful)
Re:Blind people? (Score:5, Insightful)
The Internet is becoming much too important to leave a significant amount of the population (pardon the pun) in the dark. We have the technology to help the blind navigate web sites independently. Unfortunately, CAPTCHAs are hindering much of that progress.
CAPTCHA = The terrorists have won. (Score:3, Insightful)
How is CAPTCHA broken and how is it "technology"?
It is not broken because it works as it is suppose to. I would think the correct term would be "solved" or "been overcome".
Technology-wise, CAPTCHA is a workaround, not a solution. The real problem is automated bots manipulating forms where the webmaster only wants humans. Detecting whether or not the visitor is an automaton would be the solution, but because people have apparently given up on this, they have resorted to trying to detect whether or not the visitor is human.
Re:Illogical (Score:4, Insightful)
It is imaginable to create a model that describes speech characteristics in general and computer speech characteristics in particular. Any sound sample could compared with the two models. If it fits the wider speech model but not the computer speech model, then you would call it human speech. QED.
The ability to distinquish between two things does not imply that you'll be able to generate them effectively (unless the search space is very narrow). Imagine it this way: you can probably distinguish Chinese from Spanish. That does not imply you speak either language.
Re:Blind people? (Score:5, Insightful)
No, spammers are. The root problem of this "solution" is the spammers, who do not care our personal feelings of privacy. They don't care that their messages cause everyone else's costs to rise.
Without CAPTHA technology, none of the web mailers would be usable, as they would all be blocked by every known blacklist.
For this reason, I think the penalties for convicted spammers should be far higher than what they are now. Their actions are subverting the ease of use for a very large group of people.
Re:Too hard. (Score:3, Insightful)
That a Captcha is the only thing standing between a gmail account and the ability to send large numbers of spam messages is more of the problem. Run the spam filters on outgoing messages and delay some of them to give time for the new address to be blacklisted if it's sending spam and especially if there were large numbers of Captcha failures.
Re:Blind people? (Score:4, Insightful)
Think about it. What is the cost of making a car that a blind person could drive? Prohibitive, I suspect. Given the current state of technology it may not be quite possible even (though we could pay for human chauffeurs if we were really determined).
What's the cost of making a printed newspaper accessible to a blind person? Quite high I suspect. The technology to read shapes on a page and convert them to something the blind person can read or listen to is not straighforward.
What's the cost of a system that allows a blind person to access text stored electronically on a computer? Pretty-much negligible.
The thing is, the web should be a superb medium for making its content accessible to practically everyone. The information is already in a form that computers can manipulate easily.
If you use HTML as it was designed to be used, there is no additional cost in making it accessible.
Come on people, this is not rocket science! Here we have a golden opportunity to make, for practically no additional cost, something that can be accessed by everyone. It's not like designing a driverless car, or backfitting access ramps and lifts to historic buildings. Why on earth wouldn't we do this?
</rant>
Re:Blind people? (Score:5, Insightful)
Others are using letters / numbers that after distortion could be a,d,9,g for example.
Personal, I give a site two tries before I give up and dump them.
i think its too big (Score:3, Insightful)
Sweatshops (Score:2, Insightful)
This is where it falls apart... (Score:3, Insightful)
It's been threatened and talked about before, all it needs is something "unbreakable" like this to actually make it happen.
At least a part is Ineffective (Score:5, Insightful)
This is no better, and may be worse, than what we have now, for two reasons.
1) If you fill in the gaps programmatically, and then make the image grayscale, you probably have something you can use for image matching.
2) Much more severely: The interface reduces the number of possible answers by multiple orders of magnitude. For the one I saw I think there were 10 or 15 answers. Even if you kick image recognition to the curb and randomly choose an answer, you'll be right 1/15 times. It'd be trivial to write a program to harvest hundreds of accounts in a day by just picking random answers. Hand that off to a botnet or similar, and this becomes a minor speedbump.
~D
Re:Blind people? (Score:3, Insightful)
Some sites (www.google.com, slashdot.org) can be adapted for use by the blind, so the admins need to consider them when incorporating a captcha. Others (images.google.com, www.hotmonkeylove.com) are inherently based for people with normal vision, so these image based captchas should be just fine.
Re:The real solution to captcha is OpenID. (Score:4, Insightful)
I for one (Score:3, Insightful)
Solution: unproven users = limited access (Score:5, Insightful)
If free mail servers put restrictions on what new accounts could do, with an override to anyone who is willing to go to a lot of trouble to prove they are human, it would short-circuit the spammer problem.
If Yahoo, Gmail, etc. all limited you to 10 outgoing mail recipients a day until you had both 1) had the service for 1 day and replied to 10 messages, AND limited you to 100 outgoing mail recipients a day until you signed up to be a "high volume sender," it would cut most spammers off at the knees. Depending on the service, being a "high volume sender" may involve turning over a credit card number and may not be free. Some services may give "loyalty awards" to long-term customers by removing this restriction for people who have had their accounts for 6 months and show a heavy non-spammy ad-revenue-generating usage pattern.
Re:Blind people? (Score:2, Insightful)
In case you haven't picked up the theme yet, my original point was about the incremental cost of making content accessible - that it is very small compared to for example, driverless cars or retrofitting lifts and ramps to historic buildings. That's a false distinction. HTML is an example of an inherently accessible medium (when used properly) but anything stored on a computer as text is inherently accessible. It is only the short-sightedness of some developers that makes it inaccessible.
Re:Lyrical Response Mechanism (Score:2, Insightful)
The more we "exploit the semantic gap" the more problems like this are likely to arise.
Re:Blind people? (Score:4, Insightful)
No, the point of a CAPTCHA is to have a test which a human can pass easily, but a computer can't. Most current CAPTCHAs are image-based, since that is simple to implement, but this is by no means a requirement.
Couldn't figure it out (Score:3, Insightful)
The answer is "Slashdotting", but where do I type it? I can't figure this CAPTCHA out...
Re:Don't forget users of lynx (Score:4, Insightful)
I'd be PISSED if a page asked me to do this (Score:2, Insightful)
Re:Blind people? (Score:3, Insightful)
This is exceedingly wishful thinking on your part. We already see sites that strictly add the nofollow to all links in comments so that any URLs in said comments are completely useless for building page rank and yet the spambots still deluge the sites with spam on a constant basis. (Or at least attempt to.) I've seen the same thing happen on sites that do exactly what you suggest. You see spambots trying to use BBCode to link URLs in places that obviously don't use it, and so on. Spambots are automated, their owners don't give a damn if they spew lots of worthless stuff. All that matters is that some exceedingly small fraction of them DO work. And the way they achieve that is by spamming their crap everywhere and anywhere they can find a submit button.
See above, they don't care and the vast majority of it's all automated. You may stop the bots that aren't prepared for your special CAPTCHA, but you'll still have to waste resources fighting them off.
Spammers are ruining the Internet I'm afraid.