Wednesday, August 31, 2005

CAPTCHA - Pro's and Con's

When I made my first post to the blog, I had stated that it would be used to talk about issues important to me, including city politics, state & national politics, science & technology, and various going-ons in my life. I've focused primarily on City of Starkville related posts but today i'm going to expand on an entirely different topic: CAPTCHA's.

What's a CAPTCHA? It's an acroymn that stands for Completely Automated Public Turing-Test to Tell Computers and Humans Apart.

What? You may be more familar with it in the form of images such as this:

where you are required to type the word on screen into a box to register for various sites or to post on various blogs. The purpose is to filter out automated computer programs (also known as bots or spambots) from being able to sign up for accounts to use in their spam. With the popularity of blogs, they're rapidly become a target of what is called comment spam, which is spam delivered in the form of comments from random "users" in various blogs. An example, taken from some comment spam left on Edward Sanders blog, is a comment post like this:

Anonymous said...
Hi, Blogs are very popular these days. I think you can potentially make the top 10. Go for it!

I have a Employment Screening site. I think it will eventually cover all things about Employment Screening .

Stop by if you get the change. : - )

In that example, the post was anonymous so a user account wasn't required. Many spam programs will automatically register accounts to use to make spam comments since it makes them look more "realistic" and also because some bloggers disable anonymous comments.

Blogspot, and other blog sites, are now allowing users to set a higher security setting which requires a CAPTCHA test before a comment can be posted. The idea is that this will deter spambots from posting comment spam.

There are some pro's and con's to using CAPTCHA's.

Pros:
Can deter spambots from registering/posting.

Cons:
Since CAPTCHA's are randomly created, they can occasionally be too difficult for even humans to read.
Annoyance of having an additional step to go through in doing something online.
Increased server load in image generation and storage.
Blind computer users are unable to use this and must seek assistance.

Weaknesses
CAPTCHA's are starting to lose some effectiveness now that spammers are developing software specifically for the purpose of cracking them. They will have the program scan the image and apply various transformations on it to allow various font scanning programs to read it. Good CAPTCHA's will use a variety of fonts, twists, rotations, transformations, random background noise, different colors, variable font sizes, and various other techniques to make them difficult for a computer to decipher. Again though one runs into the problem of making them too difficult for humans.

Alternatives
Various alternatives to word based visual CAPTCHA's. They include:
  • logic problems ex. Which of these is not a bird? a. canary b. pigs c. woodpecker
  • image based CAPTCHA's, where a user has to guess what an image is. Image recognition is much harder for computer programs to decipher.
  • sound
  • credit card verification
  • live operators
  • limited use accounts ex. Web-based email that only allows 10 emails a day. Prevents spam abuse from that account.
  • biometrics ex. finger-print scanner
Personally I plan to turn on CAPTCHA on blogspot. It may not be able to deter all spam; however, if it can stop a few of them it would be worth it to me.

Links
Wikipedia Definition of CAPTCHA
W3C Accessiblity Problems with Visual Verification Systems
Spam: The Phenomenon (not about CAPTCHA's, but excellent overview on spam)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)