equally effective for bots and stupid humans. Very good.
That dog & cat solution is great. I don’t think the trivia question one would be very effective, because there are only so many trivia questions that can be written, and it wouldn’t take very long for the EVIL SPAMMERS to figure out every single question that can be asked, and have their spamming bots recognize the questions, and then program them to answer them.
The original reason I made this pit is to point out that some websites are making image verifications that not only are so hard for humans to read (by using crazy color combinations) but have effects that wouldn’t hurt a computer - I’m sure an OCR has WAY WAY less trouble distinguishing between similar colors than a human eye, so I think they’re keeping less legit humans out than EVIL SPAMMERS! It also came to my realization that blind users are completely left in the dark (pun intended) when it comes to getting registered!
I think we should dust off and nuke 'em from orbit. It’s the only way to be sure.
I stumbled across a collection of unreadable or otherwise inappropriate CAPTCHAs a day or two ago - but I can’s seem to find it again - most of them were just completely illegible blobs, but there were a few that contained dozens and dozens of readable characters, plus one or two where the random string had happened to spell out a valid, but offensive word or phrase (like this one.
Each webmaster can create his/her own questions. Each would be unique to a site and they can be changed as often as one wishes. I think it would be pretty hard for a bot to crack that.
Furthermore, if you run a niche site you can ask a question that only other enthusiasts would know, if you wish to keep non-enthusiasts out of your site.
If the puppies and kittens aren’t in the same order every time, that won’t work. Set it to randomize the order of the images with a large pool of potential images to use. Each of the five images is randomly of a different common animal or object. The script asks to select the image of the kitten/cup/puppy/duckling/shoe/etc, followed by another level of the same brief, simple security so that the bot would have to be randomly correct twice in a row to get through. Anyone capable of reading this would also be capable of identifying the images, but it would be far more difficult to get a bot that could identify each one of those images.
Actually, stupid questions are all that is needed. “What colour is a red car” is just as good to weed people from bots as any other.
But I’m still not convinced that fusoya is human! 
I’m not understanding your explanation. If the puppies and kittens aren’t in the same order every time, and your pool is five images, guessing the first image every single time should get you a success rate of about 20% (1 in 5). If you have two levels of this, the success rate is about 4% (1 in 25). For a bot, not a problem.
If the puppies and kittens stay in the same order, then the bot just needs to randomize its selection every time, and the hit rate still should average out to 20% over time for the first level and 4% through both levels.
What am I missing here?
:smack: You’re not missing anything. That’s just what I get for trying to fix the flaws in a fundamentally flawed concept. The proper identification of all of the images, as Left Hand of Dorkness mentioned, is a far better idea.
The big point that most people miss when trying to come up with some clever new CAPTCHA system like the kittens and puppies, is that there has to be a finite number of possible pictures. Even if there are a thousand pictures of cats and dogs a human could easily go through and associate each one with the proper definition. Then all the bot has to do is recognize (most likely a hashed down version of the jpeg) and consult the list.
YES, the squiggly letters are uniquely generated and obfuscated ON THE FLY.
The ideas of trivia or cuteness and everything else is clever, but ultimately won’t work because you can’t have a computer program easily WRITE a unique question every time (or go out and snap a unique picture of a cat or dog).
It would be pretty easy to add some random changes to the images on the fly such that they would not give the same checksum every time.
Yes, but they’d have to be pretty substantial changes to confuse a clever computer (checksum is, of course, only one way to do it). Pretty soon you have a jpeg that’s been so warped (on the fly) that you have the same problem you were trying to avoid in the first place: “What the hell is that?”
yep:p
took a whole 5 seconds to fill in the blanks vs a minute or two of “is that a zero or the letter o? and is that a t or perhaps an l or I with one of those random lines through it?”
If you run a large site that thousands of spammers want to crack you might need to go for multiple levels of security, for the smaller sites, like mine, the questiosn work fantastically. You can add as many questions as you want, each would be unique to your site and you can change them as often as you want. A bot will still have to be walked through by a human. There is no bot capable of answering certain questions, however simple.
If bots are walked through by humans, like they are doing now, no amount of “on the fly” levels of security will work.
yep it is!
Yep it is!
We had some sneak through even with image verification. The best anyone can figure is its all automated except the verification. So that the bot does all the signing up then shows the image to a human who types in the letters. A spammer could still quiet efficiently spam heaps of sites that way. The question seems to throw em off us enough that they don’t bother.
Only if the computer is selecting the classification randomly. As has already been mentioned, image analysis is a massive research area in AI and results are significantly better than random (~99% accuracy in some domains).
From what I can see that seems to be the case. All bots seem to follow the same pattern. Which makes it even easier to prune accounts that fit that pattern. It is still a massive PITA.
One mechanism spammers use for this is to set up their own site with a captcha in the registration, but the captcha is actually pulled from the site they’re trying to spam. The user of their site fills out the captcha, and behind the scenes their site has a bot that passes this through the spammed site.
You could present a 3D-rendered picture of a cat/kitten or dog/puppy, in a randomised pose each time, with a randomised coat pattern, eye colour, background, etc. (like Nintendogs)