CAPTCHA Idea: Checkbox Grid

Hudders · Thu 16/08/2007 13:55:30

Oh, yes. Sorry.

Here's a belated smiley:

Akatosh · Thu 16/08/2007 14:29:57

It's done by clicking on the word "cat". Duh. :

And it would work because Hackers don't play adventure games and wouldn't know what to do. I like your idea

.

TerranRich · Thu 16/08/2007 16:12:46

Hmm, yeah, maybe my CAPTCHA idea isn't the best. Thing is, I always prefer to do things myself rather than use 3rd party software to do it. But if I need to for the site I'm working on, then I guess I might have to.

I was also thinking of that supposed university study, where words were scrambled except for the first and last letters, yet were still perfectly readable by most people. On second thought, that might not be the best method for a CAPTCHA.

There is also the method of asking a common sense/very easy question (such as "What is 1+1?" or "What color is the sky?") but there are only so many questions you could come up with. It would be pretty hard for a computer algorithm to crack...but the questions couldn't be too hard, or culture-specific, lest it venture too close to a trivia game.

I've taken a quick look at reCAPTCHA before, and I'm impressed. By running a simple curvy line though words, most OCR programs can't read it at all. I might see if I can implement that.

Ghost · Thu 16/08/2007 19:13:19

Have you considered NONOGRAMS? If not, let Wikipedia tell you everything about it.

Of course a full, classic NONOGRAM would be nonsense, since even a small one would take a good 10 to 20 minutes to solve, but a 3x3 or even 5x5 grid should be possible.

This is just entering into the spirit of the idea, though. Personally I would always prefer being asked a simple question.

Gabe: I forgot my password.
Tycho: But of course you left yourself a question with an answer that would remind you of your password.
Gabe: Oh, yes. It's "What is delicious?"
Tycho: Ah. Well, that's a valid path of inquiry. What *is* delicious? A sensational experience? Or is is even deeper? Maybe *what* is delicious!
A word, could that have a taste itself? Or...
Gabe: Oh, I remembered. Candy. Candy is delicious.

nick.keane · Thu 16/08/2007 21:26:48

Quote from: Ghost on Thu 16/08/2007 19:13:19

Gabe: Oh, I remembered. Candy. Candy is delicious.

No, THIS IS DELICIOUS!!
CAKE TOWN!!!
FROSTING!!!
BRUSH YOUR TEEEEEEETH!!!

http://www.youtube.com/watch?v=gNqiSkd1M6k

tube · Thu 16/08/2007 21:32:11

Quote from: Ghost on Thu 16/08/2007 19:13:19
Have you considered NONOGRAMS? If not, let Wikipedia tell you everything about it.

Of course a full, classic NONOGRAM would be nonsense, since even a small one would take a good 10 to 20 minutes to solve, but a 3x3 or even 5x5 grid should be possible.

That might be fun, but entirely straightforward to solve with a suitable algorithm*. Like just about anything based on pure logic. Shape recognition is a bit harder to do, which is why CAPTCHAs are as they are.

* Several can be found with google.

Esseb · Thu 16/08/2007 23:38:09

Quote from: Gilbot V7000a on Thu 16/08/2007 08:25:24But but but it's discrimination against colour blinded people!

Write down the number you see below to continue:

EagerMind · Fri 17/08/2007 00:53:46

Quote from: TerranRich on Thu 16/08/2007 16:12:46There is also the method of asking a common sense/very easy question (such as "What is 1+1?" or "What color is the sky?") but there are only so many questions you could come up with.

That's the problem with non-automated questions like this: somebody has to come up with all the questions. And if the total possible number of questions is relatively small, then it won't be very difficult to make a program that just keeps a list of every possible question and responds with the correct answer. The spammer wouldn't even need to make this list; he could redirect the captcha to a phoney page and have unwitting people that browse there solve it for him and populate his program with the answers.

QuoteI've taken a quick look at reCAPTCHA before, and I'm impressed. By running a simple curvy line though words, most OCR programs can't read it at all. I might see if I can implement that.

It's even better than that: these are words that OCR programs have already been unable to identify, so that already makes them resilient against spam bots. Also, I think they have ways of preventing spammers from redirecting the recaptcha to their own page. Plus, you'll be contributing to the online digitization of books! 8) Anyway, I think all you need to do is add a few lines of code to your web page.

TerranRich · Fri 17/08/2007 05:33:55

How would a spammer redirect my CAPTCHA to his own page? I don't quite understand how that works. But yeah, I think reCAPTCHA is the way to go, so far.

Esseb · Fri 17/08/2007 06:56:29

Automatically browse your page, take a screenshot of the captcha in that browsing session, save it on their own server, and keep the browsing session alive for X minutes. When some unwitting person opens a link in one of their spam, take one of the most recently copied screenshots and show that to them and have them type it in. When they do, take the answer they gave and route it to your automatic screenshot program, which still has the session where they got the screenshot from open and still has time to use the answer from the dimwit. Wouldn't take very long to create.

Hudders · Fri 17/08/2007 13:25:56

Quote from: EagerMind on Fri 17/08/2007 00:53:46
Quote from: TerranRich on Thu 16/08/2007 16:12:46There is also the method of asking a common sense/very easy question (such as "What is 1+1?" or "What color is the sky?") but there are only so many questions you could come up with.

That's the problem with non-automated questions like this: somebody has to come up with all the questions. And if the total possible number of questions is relatively small, then it won't be very difficult to make a program that just keeps a list of every possible question and responds with the correct answer. The spammer wouldn't even need to make this list; he could redirect the captcha to a phoney page and have unwitting people that browse there solve it for him and populate his program with the answers.

The more specific you make the CAPTCHA, the less likely it will be foiled. Nobody is going to spend time cracking your CAPTCHA when it is a non-commerical device only used on the one site. If a generic bot is able to get through it then fair enough but as soon as they're having to develop specific bots for your specific CAPTCHA, they may as well just forget the bots and do whatever it is they're trying to do themselves; it would probably save them a lot of effort.

Of course, that's all speculation and completely falls down if someone has a vendetta against you personally.

Fyntax · Sat 18/08/2007 22:26:40

You can put a cat in a box and then the user needs to state wherther if it's dead or not...

TerranRich · Sun 19/08/2007 04:42:44

One of Lycos's services had a great CAPTCHA. It displayed 4 or 5 strings of numbers, and only one was larger than the rest. It told you to enter the largest numbers. I thought it was pretty brilliant, and it would definitely fool most bots.

I don't think there's any CAPTCHA that will fight spammers that have other unwitting people do the dirty work for them. Honestly, I don't think it would be worth the time for spammers to do it that way, anyway. The time spent having other people do it for them would be better spent just typing it in your damn self.

I think I'm going to take inspiration from Lycos on this one.

Khris · Mon 20/08/2007 23:57:53

I remember when somebody posted a rapidshare download link in a forum (could have been this one) back when they used CAPTCHAs like this:

The correct word is "K68G", of course, but there were people who tried to put all the letters in the text field

I still laugh hard at this one whenever it pops into my head.

Imagine one of those sitting in front of a grid of colors and having to check boxes...

scotch · Tue 21/08/2007 00:41:19

The spammer would have to have a lot of people working in real time (especially if you put a low timeout on the captcha, say, 2 minutes), but some do that... there are plenty of people who will spend time gold farming in MMOs, posting as friends on forums and social networks, or identifying photos on Mechanical Turk for a pittance, especially in developing countries. Filling in CAPTCHAS is no worse.
Of course only a few sites are worth targetting in this manner.

Radiant · Tue 21/08/2007 07:53:06

Quote from: Stupot on Thu 16/08/2007 05:42:26
I don't know if that really means yours would be any easier to crack,

Yes, it really means that, by several orders of magnitude.

zabnat · Tue 21/08/2007 09:32:08

Everyone has probably seen this already, but what if captchas were like this.

lo_res_man · Tue 21/08/2007 09:56:41

Then we would be robots because a robot would probably solve that faster then a human.

Stupot · Wed 22/08/2007 17:38:27

I just had to fill in a captcha just to send an email on Yahoo! mail.

That's taking it a bit too far, surely... luckily I don't send an awful lot of emails... if I did, though, this could become a nuisance.

Sure I know they're trying to cut down on spam, but I'd rather get a bit of junk mail in my inbox than have to keep doing that just to send an email to a friend.

TerranRich · Wed 22/08/2007 20:38:10

Spammers don't even use actual email programs/sites anymore anyway, so it's pretty useless. I had a virus on my laptop a few weeks ago, where AVG would constantly give me pop-ups saying that too many emails were being sent from my computer. Just using simple PHP code you can send an email and pretend it's from wherever you want.