tag:blogger.com,1999:blog-19727420.post7654262103994104382..comments2024-03-23T12:05:13.464-07:00Comments on Ideas: The Capcha QuestionDavid Friedmanhttp://www.blogger.com/profile/06543763515095867595noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-19727420.post-67107572801938735552012-10-25T00:31:24.987-07:002012-10-25T00:31:24.987-07:00@Mark Bahner One of the simplest ways to bypass ca...@Mark Bahner One of the simplest ways to bypass captcha systems is to build a database of questions and answers. Such a database is cheap to build and could easily have millions of entries. For this reason, Blogger's captchas are generated by an automated process capable of creating a very large number of unique images. Your suggestion works so long as you only need a small number of different questions. For a high profile target like Blogger it is not an appropriate defense.Kidnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-31268320989583873272012-10-18T05:44:11.090-07:002012-10-18T05:44:11.090-07:00I agree that Captchas are problematic. I am dyslex...I agree that Captchas are problematic. I am dyslexic and letters dance and wriggle around as it is let alone when they are twisted into a captcha! As for the audio, that beached whale/dalek symphony is almost worse!<br /><br />Has anyone here tried captcha bypass browser extensions? I have started using one called rumola and it seems really reliable and effective and is certainly solving my captcha woes!Izzynoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-53263869182094286262012-10-11T21:41:00.390-07:002012-10-11T21:41:00.390-07:00Read your comments in blogger, as opposed to email...Read your comments in blogger, as opposed to emails, that way you can scroll down them quickly and even delete spam.Robert Wenzelhttps://www.blogger.com/profile/14296920597416905488noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-24987030143136443802012-10-10T22:00:21.131-07:002012-10-10T22:00:21.131-07:00I posted something about using honey pot traps to ...I posted something about using honey pot traps to catch spam bots in the comments under your Economists and Virtual Worlds post.<br /><br />I'll post it again here:<br /><br />http://graphiclineweb.wordpress.com/2012/02/26/honeypot-your-blog/<br /><br />Now I'm not exactly sure how to use it specifically in the comments section, but I'm sure Project Honeypot has information on it.<br /><br />Obviously, it won't stop human spammers, but neither will CAPTCHA.<br /><br />I hope this helps.DarQ DawGhttps://www.blogger.com/profile/09993539031526900329noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-70184442117395521862012-10-08T20:27:13.071-07:002012-10-08T20:27:13.071-07:00I'd be interested to know whether computers co...I'd be interested to know whether computers could answer questions about pictures. Like if there was a smiley face and asked, "What is this person doing?" <br /><br />Or if one showed a cartoon of cactus and a daisy, without saying what they were, and asked, "Which has sharp needles?"<br /><br />Or a cartoon of the moon (craters) and sun (rays) and the moon was pink, and asked, "What color is the moon?" <br /><br />Or showed a triangle, a square, and a circle, and asked, "Which has the fewest sides?"<br /><br />I don't think computers would be good at that. Mark Bahnerhttp://markbahner.typepad.comnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-28439946101292726312012-10-08T19:49:02.947-07:002012-10-08T19:49:02.947-07:00Hi,
There are different levels of capchas. Roger ...Hi,<br /><br />There are different levels of capchas. Roger Pielke Jr's blog's capchas are virtually impossible.<br /><br />The Frontier webmail's capchas are fairly easy.<br /><br />My recommendation would be to try to find capchas that are fairly easy (for a human).Mark Bahnerhttp://markbahner.typepad.comnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-18016331660374582412012-10-08T13:15:44.799-07:002012-10-08T13:15:44.799-07:00I want to illustrate that people's understandi...I want to illustrate that people's understanding of the state of the art of computing is behind the curve.<br /><br />Regarding the earlier suggestion "`which direction is opposite of north" or a simple math problem,'" I introduce Wolfram Alpha which can already solve it. If you query 'opposite of north' into it, you get unambiguously the following:<br /><br />Input interpretation:<br />north (English word) antonym. Result: south.<br /><br />And it does hard math problems as well. Entering "int sinx/x dx" gives all kinds of solutions like definite integrals, indefinite integral, graphs, power series etc.<br /><br />Another example:<br />"population of algeria at jfk assassination." Answer in 3 seconds: 11.2million<br /><br />OR "high tide in los angeles at full moon next month." Ans: +3.6feetAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-59752581905316159542012-10-07T23:26:43.863-07:002012-10-07T23:26:43.863-07:00I understand that some capchas also allow for scan...I understand that some capchas also allow for scanned documents to be turned into text - so at times, you are not only solving a capcha, but also transcribing part of a scanned document. Talk about crowdsourcing!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-34308605262816136362012-10-07T13:43:44.729-07:002012-10-07T13:43:44.729-07:00As it was said in one of the previous comments, a ...As it was said in one of the previous comments, a semi-solution is to only show captchas to those who are not in the white list (first-time commenters).<br /><br />Expanding this idea, there should exist independent commenting systems who'd build a database of spammers across various websites and provide blog authors with the automated protection. In fact, there is one, it's called Disqus and you can probably install it on Blogger too. My experience using it is that there's virtually no spam on it.Romanhttps://www.blogger.com/profile/01081697658639832465noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-73798001419723979752012-10-07T06:22:17.589-07:002012-10-07T06:22:17.589-07:00Could be worse. There is apparently a crew of spa...Could be worse. There is apparently a crew of spammers targeting The Atlantic, among others. They are real people, posting real, on-topic comments in native English. But mooshed up into the comment is a lik to their online store of counterfeit luxury goods. The Sanity Inspectorhttps://www.blogger.com/profile/04808433661634318393noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-32127353085627142162012-10-06T19:23:42.464-07:002012-10-06T19:23:42.464-07:00You could reverse the form element names in the su...You could reverse the form element names in the submit and target templates, and respond with a custom ignore page -- "Thank You!" -- when you receive name/mail submissions that are backwards. SheetWisehttps://www.blogger.com/profile/13762534904369877435noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-22071214211575392362012-10-06T11:52:29.526-07:002012-10-06T11:52:29.526-07:00On the blogs I read, most informative and useful c...On the blogs I read, most informative and useful comments come from a relatively small number of repeat visitors.<br /><br />Maintain a white list. To comment, someone first emails you for permission and once approved you add them to the list. If the privilege is abused you remove them from the list and further comments go to the bit bucket.Tom Crispinnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-44789960053589924482012-10-06T11:34:36.666-07:002012-10-06T11:34:36.666-07:00I think there are better types of "captchas&q...<i>I think there are better types of "captchas" than decifering hard to read letters and numbers. Some of them ask you a question like "which direction is opposite of north" or a simple math problem. These seem to be a better way to go.</i><br /><br />Your naivety is cute. You need a defense system matched to the level of motivation of the spammer. Your family forum needs only to defend against automated spammers that target thousands of forums at a time, so a simple unique question is an effective defense.<br /><br />Blogger is a very popular blogging platform and attracts highly motivated attackers. It would be trivial to build a database of questions and answers to bypass the simpler system.<br /><br />Recently, google's audio captcha system was cracked [1][2], prompting google to make it significantly harder.<br /><br />The captchas have become harder for humans only because automated solves have improved. Perhaps it is still possible to find a captcha that is easy for humans and intractable for computers, but this is an open research problem, not a simple task.<br /><br />[1] http://www.youtube.com/watch?v=rfgGNsPPAfU [Original presentation, 1 hour video]<br /><br />[2] http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/ [short article about the presentation]Kidnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-14646612381072745852012-10-05T18:31:05.083-07:002012-10-05T18:31:05.083-07:00I think there are better types of "captchas&q...I think there are better types of "captchas" than decifering hard to read letters and numbers. Some of them ask you a question like "which direction is opposite of north" or a simple math problem. These seem to be a better way to go.Nickhttps://www.blogger.com/profile/06786984875020782964noreply@blogger.comtag:blogger.com,1999:blog-19727420.post-72828962376135840562012-10-05T14:47:42.808-07:002012-10-05T14:47:42.808-07:00Automated captcha solvers have indeed been improvi...Automated captcha solvers have indeed been improving, from what I've heard.<br /><br />Also, some captcha systems (particularly ReCaptcha) may unintentionally generate hard-to-impossible captchas occasionally. Fortunately they usually let you try again if you fail.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-89696574557307902622012-10-05T14:34:03.119-07:002012-10-05T14:34:03.119-07:00I believe it was my comment which triggered this e...I believe it was my comment which triggered this experiment, and I appreciate the consideration. I don't object to some form of Capcha; I recognize its necessity. It's just that I think there are better systems out there, which don't have so many letters and symbols which are essentially illegible even to humans (especially those of us with older eyes!).Lairdnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-50230825208677791362012-10-05T13:22:23.488-07:002012-10-05T13:22:23.488-07:00A couple months ago, google switched to a new capt...A couple months ago, google switched to a new captha algorithm and it was suddenly much, much easier. That lasted for about two weeks, then it got harder again.<br /><br />I guess they aim for a certain (human) error rate. If it's hard for people, then it's probably not crackable.<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-34307004707241844692012-10-05T13:06:28.960-07:002012-10-05T13:06:28.960-07:00I'm not sure what the right answer is, but I&#...I'm not sure what the right answer is, but I've noticed CAPTCHAs getting harder and harder over the last couple of years. Either my eyesight is going, or the bots are getting closer and closer to human ability to decipher the challenges.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-19727420.post-37103447925221051012012-10-05T12:27:05.745-07:002012-10-05T12:27:05.745-07:00On my blog I have set it to moderate comments on p...On my blog I have set it to moderate comments on posts older than two weeks, with no captchas. So I get email for new comments, including new spam, but must go to the blogger interface to moderate old comments. If I approve an old comment, I get an email of it.<br /><br />I think this is pretty decent compromise. Comments are totally open on new posts. You can still comment on older posts, but as spam is more likely on old posts, it cuts down on emailed spam.Rohanhttps://www.blogger.com/profile/09090769681887119989noreply@blogger.com