I comment on a blog that uses ReCAPTCHA, and when I learned about how it works I thought it was the coolest one yet, and I feel somewhat buoyed by providing a tiny amount of help to their project.
It’s much easier to use than most other CAPTCHAs, which can sometimes be impossible to read, or really easy to confuse an O with a 0, or an I with an l.
Is there a program that could be added to say, your ‘gmail’ account or ‘other’ email account that would take the IP addresses from all email you mark as ‘spam’ and and compare all incoming email to that growing list and delete it? Could it also send an automatic return with a “ReCAPTCHA” so that if someones computer was being used, unknown to them, as a spam sender they could still get email to you and you would be able to warn them why they had to do it that way?
I saw a captcha once that overlaid graphics on the characters. They laid out seven or eight letters and numbers, and then randomly added animals; the captcha was validated by asking the user to enter only the characters that featured the cat, by ignoring the characters with the dog. The font varied from character to character. Seemed like a decent step in the evolution of the technology, though probably beatable in the long term.
What about an animated captcha? Say, dynamically generate a GIF with four characters spinning around each other. Every few seconds, the characters are aligned in the proper order for entry into the field. When so aligned, they change to a randomly determined color, which is identified in the captcha instructions (“enter characters in sequence when they show as <pink>”). That would be pretty hard for a bot to figure out.
Football! No, soccer! No, football! Uh! Pass.
This seems more like an IMHO question, but I’d say they are definitely worth it. Otherwise almost every site would be innundated with bot-spam submissions. Captchas aren’t perfect but they at least keep out the less capable spammers.
No harder than the equivalent stationary captcha. For any sort of security measure, you always have to start from the assumption that your opponent (the person trying to break the security) knows what your algorithm is. It’d be easy to pick out the frame of the image which is highlighted in a different color, and once you’ve got that frame, you solve it like any other captcha.
With any captcha, you have to ask yourself, what’s the step here that’s hard for computers to do? Capturing a single frame of an image isn’t hard for a computer, nor is solving a simple math problem, so both of those make lousy captchas. The only way either of them can have any success is if they’re used seldom enough, or on unimportant enough webpages, that nobody cares to try to break them,
Cracking CAPTCHA as a business
An informative article about some of the CAPTCHA measures and countermeasures.
I remembered an old article I once read where botnet compromised machines were used to pop up pics of women and have the user solve CAPTCHAs to undress her. Trying to find it again led me to the above article.
Admitted, most of us would be concerned about this sort of popup on our computer, but hey, there are more than a few horny clueless people out there.