DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Web Site Building & Maintenance

Reply
 
Thread Tools Display Modes
Old 06-13-2007, 11:35 AM   #1
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default Can CAPTCHA be saved?

The New York Times had an article on CAPTCHA (the odd bits of scanned text people must decipher to register here and elsewhere, or to post comments on a blog, etc.)

A Dog or a Cat — New Tests to Fool Automated Spammers” (June 11; available free for one week) pointed out that robots can read CAPTCHA images. (No fooling — they get past ours regularly.) In response, developers have been making the images more complex — using color, layering, distorting angles or widths, adding background noise, and other tricks — until now some of these images cannot be read by human beings, yet still fail to foil the spammers.

One solution is to use abstract images (dogs, cats, etc.) that people can decipher though, presumably (or so far) the ’bots cannot. Another approach is to apply 3D effects, change the plane, and otherwise distort the characters mechanically without making them indecipherable to humans.

Poking around, I found one company that is working on the CAPTCHA problem (and selling the results): OCR Research. Programmers and others can license their technology (or it can be free in exchange for a link next to the CAPTCHA image). Not sure individuals can make direct use of their technology, but there some interesting things to see at their web site:

In order to prove the point, they “break” existing CAPTCHAs and show them on their “List of Weakness” (pages and pages of images that can be read by spiders and robots, complete with attribution). Interesting to see what doesn’t work, and why.

They also show examples of one of their improved CAPTCHAs (click on “tEAPAD_3D” in the menu bar at their site).

And they have an article, “Thinking of CAPTCHAs,” which is worth reading.

Interesting topic.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 06-13-2007, 11:25 PM   #2
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default Keeping out humans

Quote:
Originally Posted by ktinkel View Post
The New York Times had an article on CAPTCHA (the odd bits of scanned text people must decipher to register here and elsewhere, or to post comments on a blog, etc.)
The "scanned text" bit only comes at the end of the article as one new technique being used as a source of CAPTCHA images - but the huge majority of CAPTCHA images are computer-generated - which makes it easier for the computer to verify the result since it knows already what text it turned into an image.

Also, the article naively states "there is only one problem" which unfortunately not true. A major problem with all graphical CAPTCHAS (including cat-or-vegetable or scanned text images) is that they not only (more and more unsuccessfully) are keeping robots out, but are also quite successful at keeping humans out: those that can't see images in the first place. Only very, very few offer an alternative option for the blind, which often comes in the form of spoken (preferably also distorted) spoken text - which of course is quite successful in keeping those humans out that are not only blind but also deaf. The companies that offer them an option are extremely rare.

The major problem with these captchas is that they are not testing human capabilities, but are testing human senses. The article fails to mention that there are many alternatives that do not use how-good-are-your-senses techniques but instead are more like little intelligence tests, and they can be completely textual. It's as if they don't even know what the fundamental problem with visual tests are. Of course the W3C has something to say about that: Inaccessibility of CAPTCHA. It's a classic article and it amazes me that the NYT's BRAD STONE has apparently not surfaced this article in his research.

Alternatives do exist, and are being used, too. For instance, the test mentioned of showing an image of a tree, a head of lettuce and a whale and asking "which of these is a vegetable" has no need for images: just show the the words (text), and ask the same question. Another quite simple one I recently came across shows three words and asks: which of these is spelled correctly? The challenge in devising these textual tests is in coming up with questions that do not rely on local or cultural knowledge ("who won the last open?" would have me go "huh?").

Of course robots can learn to solve these riddles as well; on the other hand, they are relatively easy to create, and thus easier to replace if you find that the bots are getting through. But at least they won't keep deaf or blind people out by design.

Quote:
And they have an article, “Thinking of CAPTCHAs,” which is worth reading.
Interesting read, but hard going as a result of the Ukrainian accent... They say: "How can you be sure that your CAPTCHA is clear and kind to really ALL humans?" - and then equally fail to recognize that any form of image is not kind at all to "really ALL" humans... Besides, with most of their images I had a lot of problem deciphering the text - and while there are things not right with my eyes, I can still see.

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 06-14-2007, 12:02 AM   #3
Richard Waller
Member
 
Richard Waller's Avatar
 
Join Date: Aug 2005
Location: Goring-by-Sea, West Sussex UK
Posts: 732
Default

Not having such a device is worse. I am getting a growing amount of stuff from the forms on my websites and what is more agravating is that when I occasionally do look at these entries it is always garbage - or at least in a format I cannot read.

   
__________________
Richard Waller
www.waller.co.uk
www.goring-by-sea.uk.com
Richard Waller is offline   Reply With Quote
Old 06-14-2007, 12:17 AM   #4
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by Richard Waller View Post
Not having such a device is worse. I am getting a growing amount of stuff from the forms on my websites and what is more agravating is that when I occasionally do look at these entries it is always garbage - or at least in a format I cannot read.
No, you can "not have such a device" and still keep spammers away - there are other methods that are completely transparent to the users but quite successful. But one must keep in mind that no antispam measure is ever going to be 100% successful.

Two things to look at for alternatives:Both are PHP-based, and free.

(I've personally implemented Akismet on my (still to be made public) Travel Forum, while for the Wikka project a team member is busy implementing Bad Behavior. Wikis have recently become more and more targets of spammers, and we're feeling the crush on our own project website, too (where I implemented a few simple but reasonably effective anti-spam measures as well).

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 06-14-2007, 05:28 AM   #5
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Quote:
Originally Posted by iamback View Post
Two things to look at for alternatives:Both are PHP-based, and free.
WordPress arrives with an Akismet plugin. In my case it has been sitting there, disabled. I do not allow comments; will it be of any use?

Meanwhile, I will go see if it has been implemented for vB. Thanks.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 06-14-2007, 05:51 AM   #6
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by ktinkel View Post
WordPress arrives with an Akismet plugin. In my case it has been sitting there, disabled. I do not allow comments; will it be of any use?
If you don't allow comments on your site then how can you get spam? So no, it's not of any use to you - or not until you enable comments.

BTW, Akismet is actually a WordPress service, but while you need a key, you are not required to have a WordPress blog; on the contrary, they encourage others to use it. The service is theirs alone, but the API is open and they provide sample code. My implementation for my forum is based on a plugin by a Phorum user which was based on their sample code. But any programming language that is able to make HTTP requests and receive responses can be used to implement an Akismet client. (I wrote "PHP based" but that is basically because of the sample code they provide!)

Quote:
Meanwhile, I will go see if it has been implemented for vB.
Good idea! Do they have a concept of / mechanism for plugins? If not, it might require some hacking - I don't know if that is allowed. I'm interested in hearing what you find out.

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 06-14-2007, 11:38 AM   #7
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Quote:
Originally Posted by iamback View Post
Do they [vBulletin] have a concept of / mechanism for plugins?
Yep. And we have a plug-in that helps stop spam (combination of key words and posting threshold). That is, it doesn’t prevent a spammer from posting but throws suspect messages into moderation, so they never appear in public view. If the plugin makes an error (which it does on occasion), a staff member can simply approve it.

I just looked, and Akismet is available for vB. However, I think it may do more work (running off to compare each message against a remote database) without necessarily working any better. It would help if it too had a number-of-posts threshhold. (That assumes I really understand it from the descriptions!)

What I really think we could use is Bad Behavio[u]r, but there is no sign that it works on any forums, and a search on vB or vBulletin at the Bad Behavior site got no returns. Too bad — that plus one of these other things would probably do a good job.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Old 06-14-2007, 05:09 PM   #8
iamback
Member
 
iamback's Avatar
 
Join Date: Oct 2005
Location: Amsterdam, NL
Posts: 4,894
Default

Quote:
Originally Posted by ktinkel View Post
Yep. And we have a plug-in that helps stop spam (combination of key words and posting threshold). That is, it doesn’t prevent a spammer from posting but throws suspect messages into moderation, so they never appear in public view. If the plugin makes an error (which it does on occasion), a staff member can simply approve it.

I just looked, and Akismet is available for vB. However, I think it may do more work (running off to compare each message against a remote database) without necessarily working any better. It would help if it too had a number-of-posts threshhold. (That assumes I really understand it from the descriptions!)
In the plugin as I have it in Phorum, there is a threshold of sorts: anonymous posts (if allowed of course) are always checked; for newly-signed up users the first so many posts are checked - default 5 I think. Is that what you mean? Probably a function of the plugin itself, not of Akismet per se.

Quote:
What I really think we could use is Bad Behavio[u]r, but there is no sign that it works on any forums, and a search on vB or vBulletin at the Bad Behavior site got no returns. Too bad — that plus one of these other things would probably do a good job.
I haven't tried this myself but I think it's not as easy to implement as Akismet (who say by the way that their service works best if you don't combine it with other filters although combination is possible). There's a BB plugin for Phorum, too, I think, so it might be worth having a look at that.

   
__________________
Marjolein Katsma
Look through my eyes on Cultural Surfaces (soon!), My ArtFlakes shop and Flickr.
Occasionally I am also connecting online dots... and sometimes you can follow me on Marjolein's Travel Blog
iamback is offline   Reply With Quote
Old 06-14-2007, 06:06 PM   #9
ktinkel
Founding Sysop
 
ktinkel's Avatar
 
Join Date: Oct 2004
Location: In Connecticut, on the Housatonic River near its mouth at Long Island Sound.
Posts: 11,189
Default

Quote:
Originally Posted by iamback View Post
In the plugin as I have it in Phorum, there is a threshold of sorts: anonymous posts (if allowed of course) are always checked; for newly-signed up users the first so many posts are checked - default 5 I think. Is that what you mean? Probably a function of the plugin itself, not of Akismet per se.
Yes, that is what I mean. I will download the vB version of Akismet and check it out. I do think it would be Prevent Spam plug OR Akismet — not both.

Quote:
Originally Posted by iamback
Ihaven't tried this myself but I think it's not as easy to implement as Akismet (who say by the way that their service works best if you don't combine it with other filters although combination is possible). There's a BB plugin for Phorum, too, I think, so it might be worth having a look at that.
Thanks. We once looked at Phorum, in fact, before finding vBulletin. But maybe there is a possibility there (though probably not by the likes of me!) I will check it out.

All this spam is tedious, I must say.

   
__________________
[SIZE=2][COLOR=LemonChiffon]::[/COLOR][/SIZE]
[SIGPIC][/SIGPIC]
ktinkel is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 08:50 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.