tags:

views:

513

answers:

11
+6  Q: 

End of the road for Captchas?

If you've made quick edits to answers recently here on SO, you've probably noticed that the captchas have gotten to the point where even a human needs to hit reload several times to find a readable one.

It occurs to me that if this level of smudging is required to get past OCR software today, then the day isn't long off where computers will be better at reading captchas than humans are. Basically, they will probably be useless in a matter of weeks from now. What are those of us who use them to filter automated spam going to do then?

+17  A: 

I doubt it.

Will  2009-06-16 18:47:23
Very interesting....
BFree  2009-06-16 18:50:00
+1 Thanks for the link ;-)
Shoban  2009-06-16 18:53:03
Great answer. This is exactly the kind of thing I was asking about.
T.E.D.  2009-06-16 18:56:30
Man, that was a fascinating article.
Robert S.  2009-06-16 20:44:45
I'm accepting this, as months later it appears you were textually right, and I really like the link. All the answers here were good though, so I really hate to pick just one.
T.E.D.  2009-09-22 21:57:17
Appreciate it. You might think about wikifying questions like this in the future. I do think captchas will continue to evolve to test those things that make us fundamentally different than machines. Think of an internet Voight-Kampff test... You see a turtle on its back, baking in the sun. What do you do?
Will  2009-09-23 11:44:36
+13  A: 

When computers can read obscured text better than humans, you move on to different captchas. I once saw a captcha in which you had to count the number of cats in the picture.

Eventually someone will produce strong AI that is at least as intelligent as a human, but at that point I think we'll need to be more concerned with a robot uprising than spam.

Niki Yoshiuchi  2009-06-16 18:49:04
+1 Robot uprising. IT'S TRUE! No one believes me. :P
Suvesh Pratapa  2009-06-16 19:02:30
Except that captchas with canned answers are useless. If a robot has a 1 in 10 chance of getting a captcha right, it'll just hammer your server ten times as hard before it gets in. That sort of thing is good for filtering out humans, who will get frustrated and go away after one or two tries.
David Thornley  2009-06-16 19:07:15
+1  A: 

End of the road for visual captchas? maybe.

Logical ones can take their place. Gotta love the "answer me these questions three" approach that is needed. Asking people to answer riddles might work. Mixed in the pot with other things.

tkotitan  2009-06-16 18:49:48
+10  A: 
Kai  2009-06-16 19:00:16
I'm afraid this test would weed out replicants as well as bots.
Will  2009-06-18 12:08:42
+2  A: 

Short answer: yes, captchas are doomed, and I have no idea how to replace them.

Robots are tenacious little beasts, and are perfectly happy trying something over and over. This means that any little Turing test cannot be multiple choice, and must be available in large quantities.

Suppose you have a multiple-choice Turing test with ten possible answers. This means that, at worse, a bot has a 10% chance of solving it. This means the bot only has to hammer your servers ten times as much to get in. For your typical bot, this isn't a problem.

Suppose you have a limited number of captcha-replacements. These can be fairly easily programmed in, so that the bot knows that a JPEG with this checksum requires that answer.

Now, another requirement is that a captcha-replacement has to allow real humans to solve it. This means that it can't be too demanding. If you display a picture of, say, a Boeing 747 and ask what it is, you have to be prepared for answers like "airplane", "aircraft", "aeroplane", "airliner", "Boeing 747", "747", "passenger plane", "Airbus", and so forth, since different people will answer in different ways, and people aren't always perfect in their understanding.

It also means that any of these devices can be solved by other humans, either working for pennies in poor countries, or by solving echoed versions to get into porn sites (both techniques have been used).

David Thornley  2009-06-16 19:18:57
+2  A: 

Captchas were doomed from day 1, since it's always possible (given a good reason & resources) to hire cheap labor to solve it for you. I won't enlist the solution here, but the trick has been invented and implemented years ago.

The crux of all doors and barriers isn't about blocking, but about the cost to either side to overcome the barrier.

if a safe is too expensive to crack, but cheap enough for you, the thief won't take it.

Berry Tsakala  2009-06-16 19:46:39
A: 

Yea, captchas are to the point now where they are much more an annoyance than any kind of real deterrent. In an ideal world, the future that would replace it would be some kind of biometric validation against a secure central source. Sort of like trusted certificates. The technology is available and has been for a while to do this effectively, but wide-spread acceptance is a whole different issue. With concerns over privacy and identity security concern it is likely a long ways off still. But a device attached to your computer or even on your smartphone which does a retina scan or facial recognition and validates it against a secure authority to verify your identity would seem to me to be the ideal. Who knows... some day.

Of course, I think of how cool that would be, then I'm reminded of things like the "Minority Report" that take that kind of thing to potentially scary levels.

BBlake  2009-06-16 20:07:05
Don't trust biometrics. What is tested is some sort of reading from a device against a centrally maintained database. The reading could be intercepted or the database compromised, just like any other sort of thing. Remember you've got a very limited ability to replace biometric passwords.
David Thornley  2009-06-16 20:24:13
+4  A: 

A bit off topic - but we had a phone call from a customer recently, who said that they couldn't get the letters at an angle, as they were in the captcha image. They had tried tilting the keyboard to no avail.

Personally, I find them to be awkward at times and just a temporary fix to the long-term problem of spam.

Lazlow  2009-06-16 20:09:23
A: 

So maybe we'll live to see the day when genuine authentication is both

(a) required by websites (b) not considered a problem by users

 2009-06-16 20:31:07
A: 

The logical captchas seem to work imo. A phpBB3 MOD is out that I use on another forum and it adds a logical question that is left up to the board administrator to fill in the question AND answers (of course, lol).

I've got it setup to ask the user "2 + 2 = ?". Bots really don't know how to answer that and it really works in my experience. :P

Zack  2009-06-16 20:53:51
+1  A: 
scunliffe  2009-06-17 01:30:59

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?