Comments on: Goodbye CAPTCHAs, hello Distributed Porn-Powered Processing

By: Yoz

Yoz — Sun, 07 Aug 2005 20:54:45 +0000

Firstly, Tom, it traces back several months earlier than Cory’s post – back to a newspaper article from 2003, which I’ve linked to in my post and you seem to have entirely missed. But more importantly, you dismiss it as “pathetic and laughable” without giving any argument about *why* it won’t work. As an experienced web techie I can see exactly how it’d work. Now, please stick to actual scientific method and disprove it with something more than bluster about the echo chamber.
Combining visual and audio CAPTCHAs may solve the problem of dealing with partially-sighted users but it still doesn’t cope with the overall usability problem. And “near-religious hatred”? What the hell are you talking about?

By: tom sherman

tom sherman — Sun, 07 Aug 2005 13:57:00 +0000

CAPTCHAs are not useless. In fact, the "automated system" of which you speak seems to trace to a rather famous blog entry by Cory Doctorow of Boing Boing. In the lovely echochamber of the blogosphere, Cory's "[s]omeone told me" about the porn-defeats-CAPTCHAs idea has become gospel. That the techies have accepted this as fact is pathetic and laughable. (I thought some of you were trained in the scientific method?!) http://www.boingboing.net/2004/01/27/solving_and_creating.html CAPTCHAs can be done better, e.g. by combining visual CAPTCHAs with an audio alternative. Bottom line: it's about making it harder to abuse a system, and CAPTCHAs do that. There's no reason they can't be used in combination with other techniques as well. The near-religious hatred I see of this technology is a joke.

By: Yoz

Yoz — Sun, 05 Jun 2005 10:11:31 +0000

L: Firstly, yes, people *are* going to build automated circumvention systems. If attackers weren’t automating already, CAPTCHAs wouldn’t have been invented. It’s an arms race – the attackers will just automate further.
Secondly, I think you’ve misunderstood how CAPTCHA farms work – “they still have to do the extreme work of emailing all these people who are going to do this work for them.” No, they don’t. I’m not sure why you think CAPTCHA farming involves email. It involves websites. Email has very little to do with it.

By: L

Sat, 04 Jun 2005 04:57:56 +0000

Captcha’s aren’t “useless”. Do you think someone is going to go to the extreme efforts to build an automated circumvention system, which may take them several days/months/years, let alone it might not even work?
Plus, even with this automated system you speak of, they still have to do the extreme work of emailing all these people who are going to do this work for them.. and they may get caught spamming while doing so. And why would they even bother emailing people to verify captcha’s if they could just email the people about their offer they are trying to sell, instead? It’s double the work for nothing.
The point is: it detours people from spamming a significant amount. It’s not like your door locks on the house are useless now that you’ve heard on the news that one person’s house got broken into even though it was locked.
You can say it’s possible for someone to break into your home if you have door locks and a security system. But isn’t it harder for them to break in than if you left the door wide open?

By: thefoo

thefoo — Fri, 10 Dec 2004 00:20:38 +0000

A scientific application — I’ll try to explain this one quickly. We have tens of thousands of fragments of DNA that we’ve run on gels, and we want to know what size they are. The size of the DNA can be determined by comparing the position of the DNA band to markers of known sizes. I want to get all of this information into a database, so we don’t have to manually look up the size of the fragment in question.
I could imagine scanning in all the images and then making them into captchas, with lots of redundancy for improved accuracy. But first you’d have to get your porn-surfing/game-playing audience to learn how to read gels. Hmm…

By: thechak

thechak — Thu, 09 Dec 2004 05:51:16 +0000

The technology for this already exists, though their web site is pretty broke right now. http://www.openmind.org There are lots of silly online games that have been written to assign keywords to all the images on google, improve handwriting recognition, etc. They are based on multiple disconnected users viewing the same image and entering the same answer (for verification that their answer is correct) and recording the data.

By: Stuart Robinson

Stuart Robinson — Tue, 07 Dec 2004 22:48:18 +0000

GMail only uses CAPTCHAs to prevent brute-force password guessing attacks. This seems to be a valid use.

By: Yoz

Yoz — Tue, 07 Dec 2004 06:42:47 +0000

>> So when the user types ‘John smith’ how do you know they are right?
As well as the criteria method than Nick suggests, there’s the old-fashioned way used by many big data entry departments: have the data entered twice and compare. If they differ, have it entered a third time.

By: vague

vague — Mon, 06 Dec 2004 04:01:54 +0000

heh, how about drug prescription verification? that could be a possibly life-saving use for this specific example….

By: nick

nick — Sun, 05 Dec 2004 10:43:56 +0000

>> So when the user types ‘John smith’ how do you know they are right?
You can’t. But you can have a preliminary set of criteria that have to be satisfied which leaves enough wiggle-room.
If you used it with Project Gutenberg’s Distributed Proofreading, you have an ‘initial scan’ string for these sort of things. I presume that you have an initial scan with the ‘John Smith’ handwriting recognition stuff as well. So you use that as your base captcha entry, and allow a certain amount of leeway on what’s entered.