Captcha identify

Wed Aug 13 19:13:32 EDT 2014

On Thu, Aug 14, 2014 at 6:16 AM, Ian Kelly <ian.g.kelly at gmail.com> wrote:
> On Wed, Aug 13, 2014 at 1:43 PM, Chris Angelico <rosuav at gmail.com> wrote:
>> There are alternatives that are both easier for legit people and
>> harder for spambots. Some rely on the fact that humans read things two
>> dimensionally, and scripts look at the underlying structure; so, for
>> instance, random field names and cunning CSS to match them up with
>> their labels can result in a form that's completely messed up in the
>> source, but looks perfect to a user. Or you can put extra fields down
>> that you can't see if the form's laid out properly.
>
> Chances are that if these tricks mess up a spambot, they will also
> mess up a screen reader.

They may, yes. I haven't seen a report on that. However, they're
hardly going to be worse at messing up screen readers than classic
captchas.

>> Or you can combine
>> those sorts of tricks with a very simple challenge-response, like
>> "What is one plus one?" that requires some specific value to be in a
>> specific field - and if that value occurs in the wrong field, you
>> throw the form back to the user.
>
> If I ask my phone "What is one plus one", a very nice sounding voice
> will tell me that one plus one is two. It takes some cleverness to
> come up with a question that is likely to stump a machine but not
> deter a human...

The point isn't the question itself, the point is that you have to put
the answer in exactly this field. The field is visually near the
challenge, but only because of CSS, and its name is randomized in some
way as to be unpredictable. If, as some spambots do, you blat the
response into lots of fields in the expectation of catching the right
one, then the form gets rejected (I don't know of anyone whose name or
email address is "two", all lowercase, and if you have even a small
pool of questions, you'll get past those weird cases by having the
next question be "What colour is the sky?").

> I've seen some captcha systems that I couldn't solve after a dozen
> attempts, and I have no serious vision problems. It's a problem with
> no easy solution, and as computers get more powerful the intersection
> of {problems machines can't solve} and {problems humans can reliably
> solve} grows ever smaller.

The issue isn't finding an intersection there. The issue is finding a
form of test that a computer can administer. There's a really great
test for humanness: be creative. You know that I'm a human, because
I've made posts here on python-list that are just way too complex for
a computer to synthesize. This sums up my feelings on the matter:

http://xkcd.com/810/
(Warning, language.)

ChrisA