Comments on: How NOT to invent the next-gen CAPTCHA

By: key

key — Thu, 17 May 2012 07:55:19 +0000

Efficiency and elegance, these are things that a system of зареждане на автоклиматици semi-structural curtain walls will дограма complement the building.

By: key

key — Wed, 18 Apr 2012 08:59:37 +0000

This method consists in comparing each employee with the achievements of others. κλιματιστικά

By: Alpheus

Alpheus — Tue, 03 Jan 2012 17:13:45 +0000

One idea that hasn’t yet seen much use, is the use of “Bayesian” techniques, to determine if the message itself is spam. Paul Graham talked about his experiments in using such techniques to filter out e-mail spam. Apparently, those techniques are highly accurate, and have become a bit of a standard in e-mail filters.

For the life of me, I have no clue why that technique hasn’t been applied to comments. An issue with training the filter, perhaps?

By: Jacob

Jacob — Wed, 03 Nov 2010 09:58:56 +0000

The way the spammers are breaking unbreakable CAPTCHAs are by mirroring them to high traffic websites (torrent sites, download sites and so on). Users there must enter a captcha to download stuff. So users are solving the CAPTCHAs from a site they want to spam. Once you submit it they submit it and it works. So the inet users are the best OCRs the spammers can use.

What do you think about using other type of biometrics on these registration forms? For example measuring the typing speed in the form fields. A automatic submission won’t have any. And make one of the fields unelectable with the TAB key and see if the mouse was moved and used to reach there. Or some other type of biometrics that can be implemented.

I’m sure there will be solutions to break all of these but used in random combination plus the fact that you can apply all these events and rules at runtime it will really complicate things. The scripts must be evaluated in order to figure out what is measured and how.

And yes…throw there a CAPTCHA into the mix to make it really tasty.

By: としあき

としあき — Tue, 20 Oct 2009 19:37:41 +0000

I think you did not cover one important factor when trying to design a CAPTCHA and that is the characteristics of those humans that are supposed to be able to pass it. Not every CAPTCHA needs to be designed so that /any/ human can solve it. A good example of this is the one used by http://random.irb.hr/signup.php which generally requires higher level mathematical knowledge. This is not unreasonable as if their resource is to be of any use to you you would likely already possess the required skills to solve them. One might even want to require cultural knowledge for a CAPTCHA as this will hinder human CAPTCHA farms being paid per CAPTCHA (however, they can still just send them to people looking for porn to solve).

By: Jach

Jach — Tue, 20 Oct 2009 19:18:13 +0000

Non-image based captchas work just as well in my opinion, if not better. If you’re using a third party captcha system lots of other places use, it’s bound to be under several attacks. Asking the user a logic question (or “what image is this? (cat/dog/elephant)” works, as does forcing JavaScript on to set a hidden field at the form submit. The future of captchas isn’t in fancier images, but in just using a variety of techniques.

By: Michael Buckbee

Michael Buckbee — Tue, 20 Oct 2009 14:27:19 +0000

I really just wish that there were more CAPTCHA implementations running around (and constantly evolving) so that the price and hassle to the spammers would go up.