Picture This – A Better Kind of CAPTCHA

In the defense against bots and automated scripts, people often employ the CAPTCHA strategy. Typically, a CAPTCHA is a series of letters that are non OCR friendly, and are difficult for humans to read. The reason they stop computers is because they’re deformed using graphics transforms such as pinch, whirl and rotate, which are difficult for computers to understand, but people have an easier time understanding what’s there. Not that easy though. Often times captchas are complicated, and difficult to read. Captchas that use random strings of letters and numbers are a deterrent to signing up for a service – especially if you can’t get it right after a couple of tries. Some sites will generate sound files that will tell you what to type in, others will simply use words and ask you to put them into the text box, but both of them make it slightly easier for a bot to sign up for your service. Anyone who writes automated tasking can tell you that once you can automate interaction with any kind of service, it can be exploited for *some* purpose. Text-based Captchas such as questions about history or arithmetic are cool, but after you get to a certain market share and have enough exposure someone will automate answering those questions.

An alternative to text-based Captchas are Picture-based Captchas. Simply put, a Picture Captcha asks a user to identify objects in an image – which is MUCH harder for a computer. This isn’t a new technique, but it seems to be getting a little bit more market share. Microsoft Research (Don’t say it) has Asirra, which are similar to (or copied from?) the much-hyped KittenAuth. HumanAuth is another implementation, as well as ESP-PIX

My favourite by far is HotCaptcha. It uses hot or not and requires you to select 3 images of ‘hot people’. Because we all tend to percieve beauty the same way (Symmetry, propotions, etc) it’s pretty well understood what ‘hot’ is. The 3 images are required because otherwise it would just be a 50/50 guess. The same goes wiht KittenAuth. You need multiple identifications in order to prove that you are indeed a human.


All in all it’s cool stuff, and because user-registration pages suck, we should make them easier to use – maybe even fun.

-T

This entry was posted on Tuesday, March 11th, 2008 at 11:14 pm and is filed under General. You can follow any comments to this entry through the RSS 2.0 feed. You can leave a comment, or trackback from your own site.

  • http://bmannconsulting.com Boris Mann

    I’m excited about beta-service-I-am-testing-on-my-blog — try submitting a comment with lots of links as an anon user and it should trigger.

    It still does regular old text captcha, but also includes an audio link. Swapping in other kinds could be possible as well.