Unfortunately, there is a war going on between humans and 'bots. Software
'bots are attempting to generate massive numbers of computer accounts
which are then sold in bulk to spammers. Spammers use these accounts to
inundate emails and discussion boards. Meanwhile humans are trying to
simply create an account and don't want to spend a lot of time proving
that they are not a program.
Typically we use CAPTCHAs -- we present an image of some distorted text
and then ask the applicant to type in the letters. As image processing gets
more sophisticated, these letter sequences tend to get longer and more
distorted, sometimes to the point where humans fail too.
So we switched the game. We show an image, say an airplane, but it
is randomly rotated and we ask the applicant to rotate it to "up." This
is generally hard for computers but easy for people. Well, for the most
part.
Since computers are good at faces, skies, text, etc. we sift
through our database of images running state-of-the-art up detectors to
remove those images. But of the images that remain, some are too hard
for people to figure out. What is up for a plate or a piece of
abstract art?
So here is where it gets interesting. We show people several images, one
of which is a "candidate" and we see how people do. If everyone rotates
it the same way, it is a keeper. If there is a lot of variation, we
discard it. As extra credit it turns out that even if the original image were
taken at an angle, it does not matter, since people, in large numbers,
socially adjust the CAPTCHA.
Read the full paper here (posted with the permission of WWW'09).
skip to main |
skip to sidebar
Archives
9 comments:
Hi. An issue I see in the R&D reasoning is that a computer does not have to rotate the images to a naturally upright position to break this What’s Up CAPTCHA.
If a computer can detect the overwhelming vertical or horizontal lines or edges in an image the computer can rotate the image on the X or Y axis to an upright, upside-down, left-facing, or right-facing orientation.
This would mean three images could be guessed correctly 1 in 64 (not 10,000) tries.
http://googcomments.blogspot.com
surely there is an easier way to show that yout not a bot? maybe a way of moving your mouse or something? CAPTCHA really has started to get out of control and is really annoying when posting
Why instead of rotation not give user a task:
"click on the tail of animal" or even more difficult:
"click on the forward right leg of the happy animal" ?
@myronw: "If a computer can detect the overwhelming vertical or horizontal lines or edges in an image the computer can rotate the image"
That's probably why they're rejecting open spaces, faces and so on :P
@Alex Zolot: While that would be a good task for distinguishing between computers and humans, CAPTCHAs must be able to be generated by a computer without any human interaction. Tests such as "click on the dogs left foot" would have to be created one at a time, which means there would be a finite database of questions/answers (which would be subject to harvesting by an attacker).
@Kurt Alfred:
It looks as two equivalent tasks: let we start from a picture of a dog, then rotated it. Task1: click at bottom of original picture (or under the dog) - the same as rotate. Task2: click at the left forward foot of the dog.
For task2 we have to supply our prog with additional info for every picture: 1) question for user 2) polygon of answer(the left foot). Random angle of rotation the prog generates itself.
Also we can complicate task adding shift(x,y) to rotation - so total movement will have three random vars: x,y,angle.
To validate user's answer (X,Y) prog calc X1,Y1=inverse movement(X,Y) and check is it inside polygon of true answer.
Anyway, for user this one click is faster than input of 6-7 letters.
A CAPTCHA system which does not provide an audio option is not viable for any serious website as it would be inacessible to a significant number of people. Assuming that the details of the visual interaction can be worked out - what would the audio option be for the sight impaired?
Multi choice in CAPTCHAs == FAIL. So it fails 4 out of five times. It doesn't care. Thats probably better odds than with OCR.
Or am I missing something?
There are a myriad of methods to try, I like this attempted approach. Some other ideas
- use a brain trick:
cilck on teh fornt rhgit leg of teh hpapy aimanl
- use a randomized timer that displays a four digit number that is split in four quadrants of the screen, and the order is given as either clockwise or counter clockwise, with each number displayed one at a time through sequence
- cut an image into 8 pieces, with the image scrambled with white space; the image can be as simple or complex such as shapes, or inanimate objects
btw, the captcha for this comment post is kind of simple but at least moderation is in effect :)
Post a Comment