Next-Generation CAPTCHA Exploits the Semantic Gap 327
captcha_fun writes "Researchers at Penn State have developed a patent-pending image-based CAPTCHA technology for next-generation computer authentication. A user is asked to pass two tests: (1) click the geometric center of an image within a composite image, and (2) annotate an image using a word selected from a list. These images shown to the users have fake colors, textures, and edges, based on a sequence of randomly-generated parameters. Computer vision and recognition algorithms, such as alipr, rely on original colors, textures, and shapes in order to interpret the semantic content of an image. Because of the endowed power of imagination, even without the correct color, texture, and shape information, humans can still pass the tests with ease. Until computers can 'imagine' what is missing from an image, robotic programs will be unable to pass these tests. The system is called IMAGINATION and you can try it out." This sounds promising given how broken current CAPTCHA technology is.
Re:Blind people? (Score:2, Interesting)
The cost of being all-inclusive can be too high for some budgets.
Re:Too hard. (Score:5, Interesting)
This Captcha suffers from the same old problem. As Captchas get harder more humans will fail them.
*or annotate... or centre
Don't forget users of lynx (Score:5, Interesting)
Lynx is the geek slacker's greatest tool, when run in an ssh session from your home server, not only is the traffic unloggable (except for "he's calling home a bit") but it even looks like work to the uninitiated.
mechanical turk (Score:3, Interesting)
Re:It's still trivially crackable. (Score:3, Interesting)
(Also, said trivia questions will be applicable only to one specific site, so it would never pay for the spammers to build a database of them.)
Re:Blind people? (Score:5, Interesting)
{SNIPPED}
What's the cost of a system that allows a blind person to access text stored electronically on a computer? Pretty-much negligible.
First, creating content is not negligible in cost.
Second, creating an interface to deliver the content is not Negligable in cost.
Third, Actually delivering the content to the masses isn't negligible in cost either.
Fourth, as has been pointed out in other comments and in the article, the problem involves the creation of a technology that will allow your audience to access the content/service you are providing, while simultaneously preventing the use of automated systems to exploit your services by appearing to be your audience (i.e. a Human), because the failure to do so means that you may lose the entire technology, or at the very least render it substantially less useful and more expensive. Email, for example, is only being used 5% of the time as intended, the other 95% being spam (As seen on
If you use HTML as it was designed to be used, there is no additional cost in making it accessible.
if you are using HTML only, the whole captcha debate is meaningless for you. HTML is designed for PUBLISHING information, captcha applies to web based applications that HTML is only a SMALL part of. After all, the only interactive part of HTML are the form elements. Since YOU aren't actually doing anything with the posted form information, YOU have no need for security and little to no need to verify that the entity on the other end of that pipe is a human, spyder, or spambot.
However, some of us do create applications that need to know this, because we want to provide services for actual humans, but do not want to provide another place for spambots to send out their crap.
Re:Blind people? (Score:3, Interesting)
Re:I think RapidShare has a good one (Score:2, Interesting)
It says select 4 letters (when there are numbers and letters)..
Then took me a while to realise there were cats and dogs.. i thought it was just random.
Other bad part about it was that there was a 30 second delay inbetween each attempt!
Can we create even bigger annoyances for users? (Score:2, Interesting)
Re:It's still trivially crackable. (Score:5, Interesting)
But really, as long as you have an authentication method which is significantly hard/unique, you'll be safe. Spamming is a "low hanging fruit" operation. Quantity over qualify, 90% of the time. In fact, the answer to killing off spambots might very well be everyone designing their own authentication. Right now, there are a half-dozen major ones. Crack one, and you have access to millions of places. If instead there were thousands, the time required to break one would not necessarily be worth the money you could get from doing it.
Our forums are not worth programming the automated bots to crack, so we're 100% spam free now, for the first time in a few years. It's not a hard authentication - just different from 99.9% of the rest of them. Hell, most people could answer "what color is this page", even if they had to look at the raw html and google the color hex. But for one page, it's not worth programming a bot to do. Unique authentication methods will kill spambots.
hotcaptcha (Score:5, Interesting)
http://www.hotcaptcha.com/ [hotcaptcha.com]