We’ve all seen that annoying feature on websites where they have twisted and mangled letters and ask you to enter them in a box in order to prove you are a human and not a computer. This system is called CAPTCHA and even google is providing a CAPTCHA service called reCAPTCHA™ (which I use on my website). CAPTCHA is often combined with authentication to ensure a computer is not trying to log into a site. If you want to learn more about authentication, check out our introduction to security course.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart” and was developed by researchers at Carnegie-Mellon University. Here is an example of a traditional CAPTCHA image:
Some CAPTCHA images are far more confusing, though and many “real humans” seem to have a difficulty entering them. I find some so difficult that I have to try two or three times. Realizing that, a company called Minteye created a different scheme. Theirs is based on pictures.
The Minteye scheme presents the user with an image that is swirled into a spiral. At the bottom of the image is a slider. Sliding the image to the right untwists the image until it looks normal. In order to avoid software that runs the slider defeating the algorithm, the slider needs to be slid only part way to make the image look correct. Minteye’s product is free to use and ad supported. The idea is clever: the swirled images are actually ads. Much like google, advertisers bid on ads in categories including cars, hobbies and news. The idea is that as a user unswirls the image, she’ll be exposed to the ad.
I first heard about Minteye when I read on hackaday about how to break it. The idea is simple: there are 30 images in the Minteye system. Some are blurred and one is not. Because the one that is not blurred is more complex, it requires more pixels and is thus a larger image. The others are padded with zeroes. All one has to do is find the larger image and the CAPTCHA is broken. I suspect they’ll fix this (if they haven’t already), but the idea is interesting to say the least.
Here’s another link on breaking Minteye, using image processing. I suspect this is more fundamental to their method and may be harder to thwart. Hackaday also had a post about breaking their scheme by defeating the audio version of the CAPTCHA which is provided for the visually impaired.
My wife uses a different CAPTCHA on her site which I think has definite possibilities. That method is called Sweet Captcha. The idea is simple: they present four images on the left and one on the right. The user then drags one of the images on the left to the one on the right based on a provided question. The one I just got said “Drag the biggest seed to the flowerpot”. The flowerpot is the image on the right. On the left are an oven mitt, a blue dress, a seed and a rolling pin. This requires understanding the meaning of the question as well as understanding what each image is. This seems pretty clever and I suspect the idea will become popular.
What CAPTCHA do you use, if any? Will you try any of these? Let us know in the comments below.