Jan Krüger's blog

Creative Engineering and randomness

Finally: the perfect CAPTCHA

· Read in about 2 min · (347 words)
Waste of time

CAPTCHAs: these warped images you have to copy text out of in order to submit comments on an ever-growing number of websites.

The warped image approach has a number of serious flaws. Firstly, there is a strong correlation between the difficulty bots have with extracting the code from the image and the difficulty humans have with extracting the code from the image. In some cases, I hear it’s actually easier for machines than it is for humans.

Secondly, blind people and people without graphical output on their computers are automatically banned from your CAPTCHA-protected system. Bad.

A different approach is needed. Text-based CAPTCHAs, however, would likely require a knowledge base that challenges are generated from, and due to technical limitations, that knowledge base would probably be finite. A finite knowledge base means that it can probably be inferred from a decent number of challenges.

Some other approaches, such as Hashcash-style challenges, require that the user’s computer solves a difficult mathematical problem which ensures that it will be busy for quite a while until the correct solution is obtained (and the challenge can thus be passed). Again, this results in problems with accessibility.

Luckily, there is an alternative family of approaches that make spamming absolutely infeasible without causing any of the typical accessibility issues. As you know, spamming only pays off due to the ludicrously large number of places you can put your advertisements. Were said places to implement a disincentive to placing a large number of ads, spam would instantly leave them alone.

Enter the disincentive-based solution: ccCAPTCHA. Developed by myself, it works by charging commenters a certain monetary value. All the user has to do is supply their credit card number. You can now test ccCAPTCHA online at my ccCAPTCHA prototype site. On that page, I’m also making the technical parts of ccCAPTCHA available to other interested webmasters. And it’s all for free!

You’re welcome.

Comments

The following is a selection of user-submitted comments from the previous iteration of this website.

Your SSH client isn’t as fully featured as the iPhone ssh client

iPhone SSH Client