Protected By Wpoison

Why CAPTCHAs are useless

“You are in a twisty maze of passages, all alike.” — Colossal Cave Adventure

CAPTCHAs. You see the poxy things everywhere; they seem to be the latest gimmick in the spam wars, and like mushrooms after the rain they are springing up all over the place.

Sigh…

Perhaps if those who use them knew how fundamentally useless they are (and how easily they are defeated) then perhaps we will see an end to this scourge.

Why they are fundamentally useless

For starters, they require that the user can actually see them against whatever crazy background that some idiot thought was cute. I must admit, though, that the versions that use under-exposed images of door numbers taken at an angle are amusing (if only I could see the sodding things).

It's also been a while since I've seen the "solve this arithmetic problem" version, as that is very much dependant upon culture etc. It would also be trivial to pre-compute the answers to common puzzles, just like “rainbow tables” are used in cryptanalysis (yes, I'll have a page on my crypto interests some time).

Also, human engineering does not appear to have entered into the authors' minds; for example, have you any idea how similar “O” and “Q” can look against a background of diagonal lines? Or how “l” and “1” resemble each other? How about “G” and “6”? “B” and “8”? “S” vs. “5”? Idiots.

And this, seen on AWADmail: “I worked for National Braille Press for awhile and have many friends who are blind or visually impaired. Captcha prevents them from interacting in many situations. They can't see the spot to get audio, and they can't read the screen (because it's a picture, their assistive technology doesn't read it). We need to find a better solution to the problem of spam comments, rather than a discriminatory system.”

How easily they are defeated

For starters, OCR (Optical Character Recognition) can only get better, not worse. It's a losing fight, guys, and the harder you make it for a computer to crack then the harder it is for a human as well.

Indeed, Google has demonstrated a neural network that can solve the things with an accuracy of 99.8% for the hardest category (better than we can), and “GaussianFace” can recognise human faces (and cats!) better than humans can. What hope is there? In fact, it's been suggested that the test ought to be reversed…

A popular technique is to farm them out to a boiler-room in India or some such place, whereby the slaves (there is no other word for them) get paid a pittance for each one they solve.

Another one is to use human nature against itself; you merely put them up on a soft-porn page somewhere, and let teenage hormones do the rest…

There are undoubtedly others; feel free to suggest them.

Click here if you're feeling lucky, or perhaps here if you are a filthy spammer and wish to be added to my oubliette.

Wander back here for my home page.

Dave Horsfall DTM (VK2KFU)
dave@horsfall.org
Powered by FreeBSD Powered by Apache Powered by VI Made with a Mac
@MEMBER OF PROJECT HONEY POT
Spam Harvester Protection Network
provided by Unspam