*An uneducated statement made from row 41 seat D destined to Michigan*
CAPTCHAs that are based on obfuscation are a losing battle (imho) due to what I like to call 'the sophistication arms race'. Good guys write increasingly sophisticated CAPTCHAs (I hate typing that, btw, let's use HIP (Human Interactive Proof)). The 'bad guys' write software to break them. The 'bad guys' also have access to other really smart people trying to solve other computer vision problems. Check out the work conducted by the UC Berkeley Computer Vision Group. Anyhow, the efficacy of the HIP system decreases proportionally with the number of carbon based life forms that can actually decode the mess. Which means the good guys are limited in their sophistication because everyday grey matter can't figure it out well enough. On a long enough timeline, or so I suppose, the number of humans capable of passing the test drops below 'most' acceptable false negative rates. The result is the 'bad guy' wins the race and spams the universe.
I've implemented an SMS based ;HIP system at areyouahuman.org. Yes, you can slang some code onto your mobile device to get the challenge. But, I'm currently writing the per-site threshold mechanism that should resolve this.
This system presumably helps prevent site automation via thresholds, driving the cost of breaking it up, and by using an identifier that is in lesser quantities - IPs are 'easier' to commandeer than phone numbers.
What are some thoughts on this approach?
Blake
>
>I would like to RTFM on alternatives to CAPTCHAs, but I don't know what FM to R.
>
>If someone here wants to say "forget it" or "this is the current best technique" or what-have-you, I'd be thankful to hear. Not trying to start a large thread; >you can, if you like.
>
>--dan
_______________________________________________
Dailydave mailing list
Dailydave lists.immunitysec.com" target="_blank">Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
|