TinyPic, the free image hosting server, changed their captcha strategy a few weeks ago. While I appreciate the fact that they are much easier now, this can’t be very effective against the bots, can it?
The part after “Enter the following” is an image, so a bot can’t automatically read it. It would have to first parse “Enter the following” to know that the next image contains the text to be entered, then it would have to invoke OCR software to read the text from the image. I’m not saying that that’s impossible, but it would take some significant work on the part of the bot writer. As I understand it, in the old days you’d have a page with just a form on it, the HTML of which is trivial to have automatically parsed and filled in. So any sort of gate in front of that, even an image that looks to us humans as trivially easy to read, puts a very significantly higher burden on the bot writer.
I went to the site and got an image that was much more difficult to scan (some of these captchas kind of outsmart themselves because if a really, really good bot can’t decipher it, some people can’t either). I think the one you linked was kind of random. And if it’s random, the bots won’t know what to look for. True, if every image they had was just text in a straightforward font then a bot could defeat it, but that’s not the case.
The captcha is from Solve Media which has the evil and retarded idea of replacing captchas with ads.
Yeah, but (I’m no expert) isn’t that exactly what captcha defeating bots do, hence the progression of captchas becoming more and more distorted and infuriating and nearly impossible for a human to decipher as well?
No, a human could do that part just fine, as long as the captcha on that particular site (or served up by that particular company) always follows that format.
A lot of the really hard ones are reCAPTCHAs. It harnesses human interpretation skills to solve difficult word or partial word transcription tasks. You may be helping to interpret a scan of a 17th century book when you do one while providing proof that you are a real person. The problem is that many of them can’t be interpreted at least not easily because they have weird fonts, characters you can’t easily reproduce, or are too blurred. In those cases, you just have to select the option to skip it until you get one that you can solve. The dual purpose of reCAPTCHAs means that you will sometimes get one that you can’t do because nobody can.
Interesting. For me, it was a representative sample. I didn’t have to pick and choose to find a really obvious one. For example, I just reloaded it a couple of times and I got: ‘caught red handed,’ ‘april showers’ and ‘back seat driver.’ I wonder if they have white/black lists for different IPs.
Watch the video explaining how it works on their website:
I bet those easy ones that the OP currently gets are just easy placeholders as they try to solicit more actual advertisers.
Rather than evil, I think it’s ingenious, actually… this way end-users get far more interesting CAPTCHAds to solve, and the puzzles are advertiser-curated to ensure a minimum level of readability, unlike the god-awful, reload-me-fifty-times-to-login RECAPTCHAs. Damn them and their stupid book scanning, I just want my usable internet services back!
The downside? Easier puzzles mean a greater portion of them are going to get solved, which means advertisers will be paying a percentage of their click-thrus to bots. You’d hope that’s taken into account in solve media’s pricing… we’ll see.
Hey, if it means more usable CAPTCHAs/CAPTCHAds in the end, I’m all for it.
The world needs to go over to kitten captcha.
You haven’t given any indication whatsoever of their difficulty, by just saying what the words were. In order to judge how difficult they are, we’d need to see the pictures.
More usable by definition means less effective, since the point of CAPTCHAs is to be difficult. And if you’ve seen any of these, you know that the companies usually only have one or two different words. Since their focus is on the advertising, they only give out words that are highly marketable.
And even using easy capchas at all, even as placeholders, is horrible because no one will sign up for their service. The fact that TinyPic has done so is a testament to how little they care about actually stopping bots, and thus is a reason I won’t be using them.
And, to the OP: yes, any bot could trivially read that CAPTCHA. The letters are both distinguishable by color and by brightness, and are in a really common font. There’s nothing about that’s at all hard to read.
The real solution, BTW, is not CAPTCHAs. The behavior you are trying to prevent is not the bots themselves, but how much bandwidth they take up on the server or the fact that they send spam. The former can be handled by putting in delays for access that would seem reasonable for a human, and the latter can be fixed by using the same algorithms SPAM detection uses. When’s the last time SPAM actually made it into your email inbox?
I’m not saying you can’t use a CAPTCHA for extra security, but they’re never going to be enough.
Not really. The point of CAPTCHAs is to be difficult for machines, but not so difficult for humans. Any CAPTCHA technique which makes it it more usable for humans while continuing to stymie the machines to the same or a greater extent is therefore more effective, not less. (Whether or not the Solve Media CAPTCHAs actually fit this criterion I do not know.)
Some of them are videos. You have to watch the whole ad before you get the text to enter. That’s too interesting for me.
They don’t, at least not as they stand. They’re ridiculously easy to OCR. Maybe Solve Media will pay hosts from the advertisers, and the increased revenue will offset bot attacks? Who knows…
Yeah, I noticed that only after I played with a few of them. THAT’s too annoying, though honestly, still better than trying to decipher 2-3 reCAPTCHAs.