Image verification -- keeps bots out, and humans too!

You all know those image verification things. the image of a random strings of letters and numbers that you must type into a field to register or buy something or whatever. Their intention (I think ticketmaster invented them about 10 years ago) was to prevent a computer from running a script intended to abuse a website. At first, they were just images of clear letters and numbers, and then they start putting lines through them, and then adding colors. Well NOW they’re doing so much shit to the image verification that even I can’t read them. Putting yellow text on a green background is no more indistinguishable to a computer than white text on a blue background! Earlier tonight, I was having this problem on another message board, and after 4 incorrect verifications, I said fuck it and moved on. What’s the big idea, making image verification that’s so good, even us HUMANS can’t beat it? Did the old design really not work well enough?

The ones that drive me nuts are those where the letters are in some weird wavy font and there’s other random squiggles that SORT of look like letters but aren’t (or are they?). I saw one the other day that had a long line at the end of a random series of letters and I honestly could not discern if it was an I, an l, or irrelevant.

Actually, no. OCR technology continues to improve. Eventually, CAPTCHA will be entirely obsolete but until then, we have to put up with it. If you want to blame someone, blame the assholes who write the bots that caused all the trouble in the first place.

Try Carnegie Mellon University.

Well, they’re the ones who invented the really weird-lookin’ ones anyway.

Soon audio CAPTCHAs will come into serious usage, which means you will no longer be able to surf silently or while listening to your own music. Plus, you will have to have players and codecs for all of the myriad audio formats in the universe. Some of them are illegal to possess unless you have bought rather expensive software, so pick which side of the law you want to be on now. Of course, if you have any problem hearing the CAPTCHAs won’t be kind to you. (In fact, voice recognition might be farther along than OCR. I don’t know.)

After audio CAPTCHAs are reliably broken, video is next. I don’t know what comes after video.

And, they can do more than just keep 'bots out.

I thought they invented a really tough one. You get six random pictures, 5 of puppies and one of a kitten. You click on the kitten to proceed.

Assuming that’s true, I’d wager that one will be broken shortly by neural net technology. In point of fact, any of these human-verification technologies can individually be broken with sufficiently well-developed neural nets. I suspect the next level will be multiple, random verification strata. You think it’s a pain-in-the-ass now…

If you set the bot to hit each website 10 times and always pick the first image, How many bots are you going to keep out on average?

A forum I moderate in has a real simple system.

You have to answer a trivia question to prove you’re human. It’s always something simple to answer with a one word answer but it keeps the bots out.

Another option is why not use words instead of random letters?

Words are alot easier to deduce because if one letter is illegible you can fill in the blank.

I* hat * fac? :wink:

If yours is a vB forum then we are both using the same mod.
End users in a forum have no idea what is really going on in the back. It is crazy out there.

I run two forums, both are practically identical except that one runs in English the other in Spanish. The Spanish one had very little problem with spam, the English one was flooded with it. On top of that I got scrapers and bots seeking holes in the system all the time. It’s like a race where I am always trying to be a step ahead of them.

A few months after I installed this mod (simple question instead of CAPTCHA) they broke in. I was astounded, that was one heck of a smart bot! Checking what’s on going on I found out that the latest thing is to have a human walk a bot through the registration process, once they crack it they share this account details with other spammers, soon they are in.

I had to change the questions, add many more, create a few levels in the membership until a member is “confirmed” (meaning “not a spammer”) and many other things to try to keep them out… for a while.

CAPTCHA is a PITA. It is not the best solution but it seems to be the most popular now. That guy who created that mod for vB is my personal hero. Asking a question that is very simple for humans (“since what year have we been fighting ignorance?”) and impossible to solve for a bot sounds like the best solution to me.

You’d shat a face? :eek:

Not only did it take me 6 tries to get through one of those the other day, after it was all said and done, I never got the verification email.

I have a very hard time with those things and rarely ever get it right the first time. Perhaps it’s a side effect of being rather wishy-washy.

Damn the spammers. They annoy me on my blog. I’ve been too lazy to figure out how to stop it and it isn’t like anyone but me visits it. I kinda figure if they are screwing with me, they aren’t screwing with someone else.

Now there’s an Achilles’ heel.

I always thought this was a great idea.

That guy strikes me as a real looser.

The version of this that I read about was slightly different. The verifying website pulls pictures of dogs and cats from; the computer automatically “knows” whether it’s a dog or a cat. The end user is presented with ten pictures, and must correctly label each one as a dog or a cat. I believe the computer’s chance of doing so successfully is less than one in a thousand (2^10). But it should be pretty easy for end-users to do it successfully.


Here’s the most elegant solution.

Nah, this is elegant and proven 100% effective at stopping spammers with no annoying captchas or related tests for human users. :smiley: