One good thing about the text based captchas is that they are fairly immune to language issues. Show a picture of a tire and you will get a different answer from a German, and even a Brit will call it a tyre. Yes you could do translations, but the text gets around all that nicely.
Not so much a “farm”, but I use a captcha managing site to leech files from captcha-protected file storage. I solve captchas for other people when I’m at the computer, they solve them for me when I’m sleepy bo-bos
One of the perhaps amusing things about solving Captchas is that there are black and white hat reasons for doing it. Black hat is feeding spammers pre-generated answers. White hat is that you’re contributing to computer vision and reading research.
Either way, I suspect using pictures would fall into exactly the same “guess the noun” predicaments some old adventure games had. "There is something plugging up the bath drain.
> Take plug
I don’t know what a plug is.
> Take drain plug
Don’t know how to “take drain” a plug
> Take drainplug
I don’t know what a drainplug is.
> Take cork
There is no cork here
> Take stopper
You attempt to pull the stopper out of the bath tub and put it in your inventory."
I believe the type of CAPTCHA method the OP is referring to has already been in operation for a while via SafeLinking.net.
Here is an image CAPTCHA page securing a file downloading site:
I found the ideas in this thread fascinating, since I asked myself a lot of the same questions during the course of my research into a replacement for CAPTCHAs.
The problem with simply identifying an image, (confident technologies does this on their image CAPTCHA), is that while it works on low value targets, if it’s applied to a high value target, (think Facebook.com), Spammers can use crowdsource workers to harvest a database of up to 30K images in less tan 48 hours, and tag them for later CAPTCHA bypass.
I spent weeks struggling with this problem before coming up with the idea of creating an AI that simulates the way people classify images.
Humans intuit semantic associations between objects, within a cultural context, so, for example, if you show an American a cup of coffee, they’ll immediately think of donuts.
My company has created a new technology to exploit this behaviour as a replacement to CAPTCHAs. We call it VouchSafe (http://www.vouchsafe.com).
We’re still developing the AI that drives the system, but we’re pretty happy with the progress so far.
I’d love to have feedback from people on this forum. It was user suggestions and feedback to our closed beta that has brought the product to its current state of evolution.
Thanks very much.
If an AI can simulate people well enough to set up the system, then another similar AI can simulate people well enough to solve it.
Another consideration with asking users to identify an image is that people speak different languages. If you want to serve website visitors in more than one language, then your image caption database is going to have to contain entries in all those languages. If the cost to produce the photos is n and the cost to provide captions in a certain language is m, then for i languages it will cost you n + im. Contrast this with word-based CAPTCHAs, where language is not an issue: it can reasonably be assumed that all visitors are able to type in characters from the Latin alphabet, and whether or not they actually understand what they’re typing is of no consequence.
Can I just add that Luis von Ahn gave a seriously amazing talk on captchas (and recaptcha, the new version). He tells the whole story of them - it’s really funny and enlightening and extremely worth your time.
I wouldn’t say no consequence. It’s easier to puzzle out what a string of letters represents if it’s a word you recognize. Still, I’ve had (and successfully done) my fair share of captchas that didn’t form any recognizable word, so I’d agree to “sufficiently small consequence”.
Y’all remember the alleged CAPTCHA scam right? A web site was posting pictures of an attractive young woman and a CAPTCHA image. The visitor was told to enter the proper text for the CAPTCHA to see the woman remove her top. She didn’t. But this was assumed to be a means of bypassing CAPTCHA. When an CAPTCHA appears on a site, get a human to provide the input so the robo-software can continue it’s nefarious activity. There’s a way around everything. New security methods have the advantage that it takes time to implement the work-around, but every system has its weakness.
I saw an interesting substitute for a captcha the other day. The prompt was “Enter the name of a color that is yellow.” Obviously, a person can come up with the answer to this pretty quickly. I don’t know how easy or hard it would be for AI or other means to come up with the correct answer.
Anyone with experience know if something like this would work?
You don’t need AI for this; you just need a list of all the questions the programmer entered into the system. And that’s easy to get by repeatedly hitting the CAPTCHA.
CAPTCHA’s have a dual purpose. One is security obviously but the other is to help computers translate old scanned documents to electronic form. People especially as a group are better at translating hard to decipher text that is obscured or uses an odd font than computers are. Most CAPTCHA’s contain real problems that electronic scanning projects had in translating printed media to electronic data. They throw these out as part of CAPTCHA’s and let the masses determine what they really say through consensus. Some of them are too difficult for anyone to read confidently and that is why you always have the option to skip to another one to try.
Other similar security schemes may be more pleasant for users but they are also defeatable and most of the alternatives don’t have a greater noble goal behind them.
Those are reCaptchas. They’re far from universal, but Google owns the company that does them, so they’re getting to be pretty common.