CAPTCHAs: these warped images you have to copy text out of in order to submit comments on an ever-growing number of websites.
The warped image approach has a number of serious flaws. Firstly, there is a strong correlation between the difficulty bots have with extracting the code from the image and the difficulty humans have with extracting the code from the image. In some cases, I hear it’s actually easier for machines than it is for humans.
Secondly, blind people and people without graphical output on their computers are automatically banned from your CAPTCHA-protected system. Bad.
A different approach is needed. Text-based CAPTCHAs, however, would likely require a knowledge base that challenges are generated from, and due to technical limitations, that knowledge base would probably be finite. A finite knowledge base means that it can probably be inferred from a decent number of challenges.
Some other approaches, such as Hashcash-style challenges, require that the user’s computer solves a difficult mathematical problem which ensures that it will be busy for quite a while until the correct solution is obtained (and the challenge can thus be passed). Again, this results in problems with accessibility.
Luckily, there is an alternative family of approaches that make spamming absolutely infeasible without causing any of the typical accessibility issues. As you know, spamming only pays off due to the ludicrously large number of places you can put your advertisements. Were said places to implement a disincentive to placing a large number of ads, spam would instantly leave them alone.
Enter the disincentive-based solution: ccCAPTCHA. Developed by myself, it works by charging commenters a certain monetary value. All the user has to do is supply their credit card number. You can now test ccCAPTCHA online at my ccCAPTCHA prototype site. On that page, I’m also making the technical parts of ccCAPTCHA available to other interested webmasters. And it’s all for free!
You’re welcome.
It is scary how many people will truly enter their information. :shudders:
Excellent strategy. Your terminology is misleading, though: it doesn’t do much to tell computers and humans apart.
Jeremy: yeah, but if people do that, at least they could do it on my website. ;) Seriously though, better here where the card number isn’t actually stored anywhere (all the page does is run it through Luhn’s formula) than at some scam site. ;)
Allen: yeah, that’s right. On the other hand, it’s a drop-in replacement for CAPTCHAs as they’re mostly used today. Well, sort of.
Your SSH client isn’t as fully featured as the iPhone ssh client
Hey, that looks really neat! Damn, I guess now I have to get one of those iPhones, too.