| 11:28 am on Sep 4, 2008 (gmt 0)|
But if they actually had the technology, they'd be shouting about that.
This sounds like a more efficient use of two-cent per hour click labour, rather than an advance in fraud techniques.
The fact that they need to consolidate is probably good news, and suggests that maybe the CAPTCHA advances are getting a little ahead of the cheats :)
It would be nice to see a little cooperation between the captcha creators ;)
Interesting to think that what will save captcha in the long term is not technology - but the labour market being unable to supply clickers cheaply enough!
[edited by: Quadrille at 11:30 am (utc) on Sep. 4, 2008]
| 1:46 pm on Sep 4, 2008 (gmt 0)|
I agree Q, but articles such as this are valuable in keeping us awake to the mindset of some very selfish, unkind people who are doing real harm to the good potential the Internet holds.
Like WW, the only system that I found that works is having wise people in place to view what's going on.
| 2:19 pm on Sep 4, 2008 (gmt 0)|
Yup; making those clicks a waste - and therefore more expensive - is the right way to go.
Having layers of defense - not just the captcha - will help, but nothing beats human moderation, care and common sense.
I often wonder how these low-level spammers make a profit; 99% of the captcha-beaters I've seen or heard of seem to gain no cash reward whatsoever. And even the 1% are marginal at best, relying on total newbies or plain old fashioned idiots (who probably have little cash and no credit card).
Who pays for this stuff, and wouldn't they do better with Adwords?
| 2:58 pm on Sep 4, 2008 (gmt 0)|
Clicking through to a couple of the older, referenced ZDNet articles I wound up at a Microsoft research paper, Using Machine Learning to Break Visual Human Interaction Proofs [research.microsoft.com] (pdf). As I had no real idea how this stuff actually worked it turned out to be fascinating, very understandable read.
| 5:59 pm on Sep 8, 2008 (gmt 0)|
Sounds like a waste of an industry to me. As soon as CAPTCHAs are cracked and widely abused sites will just implement other ways of weeding out the bots.
I don't even use CAPTCHA on any sites. The methods I use work and work well for trapping bots, and are easy to implement.
Hope they burn through a ton of money only to find what I am saying to be true.
People buying into this are wasting their money.
[edited by: Demaestro at 6:02 pm (utc) on Sep. 8, 2008]
| 6:18 pm on Sep 8, 2008 (gmt 0)|
If you find something you can exploit, like the previously exploitable Twitter Bio Link - [mattcutts.com...] then you can easily write a "bot" that will create 10,000 twitter accounts in no time.
The only problem is that the captcha needs to be solved on each account creation. So you pay $20 to have the 10,000 captchas solved by one of the above services.
Your bot would try to register an account, take a screenshot of the captcha, pass it to the captcha breaking team via their API, wait for and get the result, and then pass it in with the other form values. Now you have 10,000 twitter accounts ready to give backlinks to whatever sites you want.
And obviously there are hundreds or thousands of sites out there where a system like this can be used.
| 7:38 pm on Sep 8, 2008 (gmt 0)|
Labor is so cheap in India that one of their main CAPTCHA solving solutions has already proven to be simply putting humans at the keyboard. I already have a simple solution to India, anything from India instantly goes into moderation awaiting my approval and 99.9999% of it simply gets deleted.
| 8:00 pm on Sep 8, 2008 (gmt 0)|
As much as I hate the result, I rather admired the ingenuity of the captcha crackers who crowdsourced the cracking by grabbing the image that needed to be cracked, and then showing erotic pictures to random users who typed in the translation. The user saw the pic, never realizing that he just provided a login code for some other site. And if he wanted to see another pic, he just had to type in a new code...
Diabolical. Why pay low wages when you can get free labor from desperate geeks?
| 8:01 pm on Sep 8, 2008 (gmt 0)|
The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself.
| 8:28 pm on Sep 8, 2008 (gmt 0)|
|Diabolical. Why pay low wages when you can get free labor from desperate geeks? |
Anyone decrypting codes to view one lousy erotic picture is not a geek. Geeks know where to find the good stuff for free.
| 11:01 pm on Sep 8, 2008 (gmt 0)|
rogerd - you gotta hand it to them for ingenuity :)
Agreed koan - but make it look like a computer game and the geeks are hooked.
| 11:42 pm on Sep 8, 2008 (gmt 0)|
Theoretically, you are all right.
But here in the real world, sites using CAPTCHA intelligently with other defences, still blocks 99% of spam attacks.
Live with it.
Theoretical support of spammers is all good fun, but any site determined to block the b***stards can do it.
Sorry, guys, but that's the truth.
| 12:27 am on Sep 9, 2008 (gmt 0)|
|The captcha project itself is along the same lines, they are using the images to improve the software that can read the images.. kinda a good idea that is scheduled to ruin itself. |
Are you referring to the REcaptcha project?
I always thought it was weird that they were setting up captcha images to improve computer reading.
When I first found the site way back when, I thought it was some type of scam until I saw it was by Carnegie Mellon.
Seems counter productive?
| 5:08 am on Sep 9, 2008 (gmt 0)|
It is just like any other security related product. If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another route becomes easier.
| 9:46 am on Sep 12, 2008 (gmt 0)|
"If you have a lock on your house a thief will become a lock pick, the better the lock, the better a lock pick the thief becomes - until such time as another house becomes easier."
It's exactly like putting on running shoes when two of you are pursued by a bear - you don't need to outrun the bear.
Security needn't be about the 'safest', for most purposes, just 'safer than most'.
CAPTCHA can never defeat human slaves alone (it was designed specifically to let humans pass!); but as one line of defense, it can delay the break; language based tests can defeat the cheapest clickers - they don't speak English.
And as the lock pickers advance, so must the locksmiths. And they do. ;)