Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Will Solve Captcha for Money? 490

alx_lo writes "Captchas are a nice idea to protect your blog or guestbook from being spammed by robots. But what good is this protection when you can hire "data entry specialists" to solve captchas for $0.60 per hour for 50 hours a week? Anyone here who can think up a solution that does not include drastically changing the global economy? How about captchas that require cultural background knowledge to solve?"
This discussion has been archived. No new comments can be posted.

Will Solve Captcha for Money?

Comments Filter:
  • by PrinceAshitaka ( 562972 ) * on Wednesday September 06, 2006 @09:38AM (#16051619) Homepage
    The cultural background idea sounds good, but that may just reduce the number of Captchas these laborers can solve in an hour. A simple internet search should be able to solve these questions. What would be a few examples of a good Captcha for Americans. You will always find a good portion of Americans that are unable to answer even the simplest.

    US customs has been known to ask cultural questions at border crossings. My sister was once asked what Dan Quayle's parents did for a living after she said she lived in Indiana. This question is a bit before her time. (His parents ran a newspaper in Indiana.) This also brings into question age. My parents kill me in the original version of trivial pursuit that they play, but I win when playing the newest version.

    A temporary stop gap measure might be to use the current Captchas in combination of looking at the users geolocation. I can see how this measure though would really anger free speech advocates for the third world.

    How about a mathematical Captcha that cannot be solved with a calculator. Well educated foreigners will not even work for $.60. Then again, how many Americans could solve these.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      The cultural background idea sounds good, but that may just reduce the number of Captchas these laborers can solve in an hour.

      Psst. That's the whole point. If Captchas are not cheap to solve, then it becomes economically unviable to use this method to solve. I can't see spammers spending hundreds of dollars (or even tens of cents) to get a spam message posted.

    • Re:PDP-11 captchas (Score:2, Insightful)

      by Anonymous Coward
      I agree with the parent post...put up a captcha picture of a PDP-11/40, PDP-11/45, PDP-11/70 and I can identify all of them within half a second. wife will correctly identify it as a "PDP" but probably won't identify the model
      My sister (who is smarter than me) will say "it looks like a computer of some sort"
      My niece will identify that it is something electrical

      I don't want to see captchas that start to depend on a specific culture to use.
      • Re: (Score:3, Funny)

        by Amouth ( 879122 )
        i could see it if it was something related to the message board,,,

        something that has the topic about electronics could have somethign like that.. it might also help keep idiots off..

        but on slashdot.. all you have to do is bang on a keyboard
    • by hc5duke ( 930493 ) on Wednesday September 06, 2006 @09:44AM (#16051667)
      How about a mathematical Captcha that cannot be solved with a calculator. Well educated foreigners will not even work for $.60. Then again, how many Americans could solve these.

      Thank you for signing up with Blogger! Before you continue, please prove P=NP.

      • I was thinking more along the lines of doing a square root and not accepting approximate answers. Though, even though I could do this, I wouldn't want to.
        • by Anonymous Coward on Wednesday September 06, 2006 @09:51AM (#16051715)
          Okay, if you really can. Give me the square root of two in decimal. No approximate answers.
        • by mgblst ( 80109 ) on Wednesday September 06, 2006 @10:00AM (#16051779) Homepage
          What is the square root of 2 then? And no approximate answers.
        • by CastrTroy ( 595695 ) on Wednesday September 06, 2006 @10:04AM (#16051805) Homepage
          I highly doubt that most American, or people even could compute a square root without a calculator. I don't even think they teach that stuff in school anymore.
          • Re: (Score:3, Funny)

            by bataras ( 169548 )
            What?? You were TAUGHT how to do it? You didn't figure it out yourself? Daaymmm....
      • Re: (Score:2, Funny)

        by Anonymous Coward
        Thank you for signing up with Blogger! Before you continue, please prove P=NP.

        That's easy: P=NP if and only if P=0 or N=1

    • Re: (Score:2, Insightful)

      these things are really the worst idea ever, its already bad enough if you can barely even make out what letters they spell, but what if you're blind or just have bad eyesight? As far as using this new cultural background idea, it sounds more like a way to block people out based off of race (that's racism folks). What if I but don't much care about my cultural background or simply have not learned about it, what then?

    • by cp.tar ( 871488 )

      There's another thing... suppose culturally-dependent captchas are introduced. OK. So what.
      The sweatshop captcha solvers will get slowed down.

      They'll learn, though.

      In the long run, nothing will change substantially...

    • by Peter Trepan ( 572016 ) on Wednesday September 06, 2006 @10:02AM (#16051793)
      Match each band to the model of truck its music is eminating from:

      1. Metallica
      2. Billy Ray Cyrus
      3. Lynnrd Skynnrd

      a. GMC truck with double tires on the back
      b. Primer-color El Camino with beer cans in the back
      c. Shiny red F-150 with aerodynamic truckbed lid
    • In the immortal words of a good friend of mine, an otherwise well-situated and well-adjusted adult: "Who's George Burns?"

      It would be a fine idea if you were trying to keep access down to certain sub-cultures (ie, a captcha showing a picture of Linus Torvalds and one of Linus from Peanuts, asking what they have in common), but on a larger scale it just isn't going to work.

    • by jqh1 ( 212455 ) on Wednesday September 06, 2006 @10:15AM (#16051908) Homepage
      One thing I've tried recently is to require some information that is contextually relevant, but not obvious from the information surrounding the challenge (which is not captcha, just a form input). For instance, on my blog, I'm requiring that a comment poster supply the name of the blog (which is in bold letters at the top of the page). For real posters, this is no doubt annoying, but the name of the blog is somewhere near the top of the stack in their brains. For a spammer, who's racing through a bunch of blogs to post comment spam, this likely is completely out-of-band. So far (about 3 months) it has completely stopped comment spam. Of course, I don't have info on how many real posters have clicked away from the page in frustration, but I have continued to get real comments at about the same rate as before.

      If this sounds like a good idea, do something else, so that there's no pattern :)
      • by ArsenneLupin ( 766289 ) on Wednesday September 06, 2006 @10:48AM (#16052228)
        Another solution: move your guestbook around, i.e. change its URL from time to time.

        It looks as if most spammers operate in two phase: first they collect valid guestbook URLs, and then, several weeks after, they spam those. Probably it's not even the same people doing both phases, the first could be selling lists to the second.

        So, a couple of weeks ago, I moved my guestbook to another URL, and since then, I've got almost no spam (only 3 spams in 4 weeks, versus more than 10 per day before...). And apart from a simple keyword filter, the guestbook has no other protection (i.e. no captcha whatsoever).

    • How about a mathematical Captcha that cannot be solved with a calculator.

      Yes, while we're at it, let's add a captcha about quantum physics. The idea of a captcha is to keep bots out, and get people in with little hassle. The moment you're going to make captchas more difficult than typing a few letters and numberrs, you're locking out potential "visitors" to your site (using visitors here loosely, because most of the time it's people who leave comments, or some form of input on your site). You don't want t

    • Re: (Score:3, Interesting)

      what we need is clearly some sort of Replicant Test []

      You're in a desert, walking along in the sand when all of a sudden you look down and see a tortise, The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over. But it can't. Not without your help. But you're not helping. Why is that?

      Don't want no damn replicants posting in MY blog!
    • by gid13 ( 620803 )
      Yeah, like every other group in the world, most Americans are idiots. As such, there are going to be SOME poor smart people in third-world places that will be willing to solve these for money as long as they exist.

      Hell, anyone else think maybe it'd be a good idea to drastically change the global economy ANYWAY?
    • Re: (Score:3, Funny)

      What would be a few examples of a good Captcha for Americans. You will always find a good portion of Americans that are unable to answer even the simplest.

      I think you stumbled across the solution: If the candidate enters the correct answer, he's certainly not American, so he will be denied entry...

    • Re: (Score:3, Insightful)

      by Aladrin ( 926209 )
      I'm curious... 'cannot be solved with a calculator' ?? The closest I can come is algebra, but then... I could write a script in several languages that would do the algebra, once it was pulled from the image. And quite a bit quicker than a person could.
  • "Who's Hot" (Score:4, Interesting)

    by neoform ( 551705 ) <> on Wednesday September 06, 2006 @09:39AM (#16051622) Homepage
    I remember seeing an example of a captcha type game a while back where you would have to pick the hottest girl out of 3 pictures in order to continue..

    problem of course is when people disagree on what's "hot"..
    • by osgeek ( 239988 ) on Wednesday September 06, 2006 @09:47AM (#16051683) Homepage Journal
      Yeah, but when the choices are Bea Arthur, Rosie O'Donnell, and Natalie Portman; selecting either of the first two should give you an electric shock on top of not allowing you to post.
    • problem of course is when people disagree on what's "hot"..

      You could make them simple, like 1.) Janet Reno 2.) Madeline Albright 3.) Jessica Alba
    • Re:"Who's Hot" (Score:4, Insightful)

      by squiggleslash ( 241428 ) on Wednesday September 06, 2006 @11:45AM (#16052765) Homepage Journal

      Ignoring any issues about offensiveness or whatever, that's not the problem with it. The problem is that it's easily broken.

      How do you break it? Easy. Just pick a random number between one and the number of options you have. For a three option CAPTCHA, you have a one-in-three chance of getting through. You're a spammer remember, so these odds do not deter you, all you have to do is run your automated script three times and you'll be close to sending out the same number of spamvertisements as you would have sent without the CAPTCHA.

      Realistically no multiple choice system, as advocated by a number of posters here, will succeed unless it has so many choices that it's improbable a real user will be able to use the system without issues.

      CAPTCHAs are a bad idea in general. Yet again they're a poor, unwieldy, temporary "solution" to a problem the inventors barely understand that causes more problems than it fixes. Like 99% of anti-spam solutions. The only thing worse than a CAPTCHA is what'll replace them.

  • Just get rid of them. Who needs 'em? You don't solve capchas when sending e-mail either, or do you? What bloggers need is a good spam filter, like SpamAssassin is for e-mail.
    • Re: (Score:3, Insightful)

      by stoolpigeon ( 454276 ) *
      I wish they would go away. It usually takes me 2 or 3 tries to get them right. I guess I over analyze it. I see stuff and think "wow - is that a one or an L" and so on. Normally after I've gone through a few, I get to see some of the characters I'm confused about in different images and finally figure it out.
  • Unique Reg Form (Score:5, Informative)

    by multiOSfreak ( 551711 ) <culturejam@g m a i l . com> on Wednesday September 06, 2006 @09:44AM (#16051662) Homepage Journal
    I admin a PHPBB-based forum and the spam (from bots) was getting out of hand. They were going through the built-in CAPTCHA with no problem. The solution ended up being that I had to modify the registration form so that it wasn't just the default form. Throw a couple of oddball questions on the form, make them required, and bots can't deal with it since the bot script can't account for deviations from the norm.
    • Re: (Score:3, Interesting)

      by Yvanhoe ( 564877 )
      Well I find, for one, that Slashdot is doing a good job in spammer-filtering technics.
    • Re:Unique Reg Form (Score:5, Interesting)

      by soliptic ( 665417 ) on Wednesday September 06, 2006 @10:30AM (#16052076) Journal
      I actually did something fairly similar with my phpbb installation.

      I noticed that bots were signing up but not actually posting, (I donno, maybe they were meant to post but that part of the script broke -- either way, they never posted, but it annoyed me having them there.) They were just there, with links to sites selling vicodin/viagra/etc. Which annoyed me somewhat, but one time a child porn link showed up which was really the straw that broke the camels back, and I decided to stop it. I noticed that 99% of the sites were *.ru so I altered the reg form to throw an error if it detected a *.ru domain in the website field. Then I just started getting non *.ru domains instead, so I just thought, fine, fuck it.... Now if anybody signs up with ANY website in the website field, it throws an error, and has a message along these lines:
      I notice you have a website listed. To prevent spam bots signing up to link their websites, this has been disabled on registration. If you are not a spam bot, just complete your sign up with no website, you will be able to add it back in by editing your details once you have registered
      Since then, no spam bots. w00t. Of course, that forum only gets a handful of signups per year, so I don't really care if it inconveniences people slightly, it's primarily intended as a "private"ish (real life friends) forum anyway.
      • Re:Unique Reg Form (Score:5, Interesting)

        by ahsile ( 187881 ) on Wednesday September 06, 2006 @10:34AM (#16052114) Homepage Journal
        I had the same issue. I searched all over for some sort of blacklist plugin for phpbb to fix the issue, because i was just sick and tired of banning all sorts of domains every day. In the end, I ended up changing the website field to "hidden" on new user registration, and if the bots enter text into it... then I throw an error message.
  • by osgeek ( 239988 ) on Wednesday September 06, 2006 @09:44AM (#16051664) Homepage Journal
    My team of fine Southeast Asian workers will remove spam from your web site/bulletin board/blog for a low low price of $.60 US/hour.

    Incidentally, for those of you in the market to advertise your wares: My team of fine Southeast Asian workers will circumvent those inconvenient captchas on web sites/bulletin boards/blogs for a low low price of $.60 US/hour.

    Here at, we have a solution to every problem.
  • from wiki []
    CAPTCHA is sometimes described as a reverse Turing test. This term, however, is ambiguous because it could also mean a Turing test in which the participants are both attempting to prove they are the computer.

    For some odd reason, this /. story took me back to my days in the college Theory courses. Oh Happy Days.
  • by ZachPruckowski ( 918562 ) <> on Wednesday September 06, 2006 @09:46AM (#16051679)
    This still hurts spammers, because spamming is otherwise pretty cheap. Once you've grabbed bots, all you have to do is upload a few hundred KB of scripts to an IRC channel. It's practically zero overhead. This adds some to the equation. Adding overhead puts smaller spammers out of business, and it's the way to win. We can't stop spam, just make it harder.
  • That's Ironic.... (Score:3, Informative)

    by Gemini_25_RB ( 997440 ) on Wednesday September 06, 2006 @09:48AM (#16051700)
    Yesterday, I saw a presentation by Dr. Luis Von Ahn (developer of the ESP Game, and other CAPTCHA type games). He claimed that spammers and porn companies are willing to pay about $2.50 an hour for 720 CAPTCHAs an hour, or about 1/3 cent per CAPTHCA. (The CAPTCHA solcing is needed to create more free email spamcounts.) I don't know why people would solve them for so much less...
  • Timing (Score:4, Insightful)

    by kevin_conaway ( 585204 ) on Wednesday September 06, 2006 @09:49AM (#16051702) Homepage

    Perhaps a solution is making the captcha time-intensive? If it takes an additional 30 seconds of 45 seconds, it might cut down on the number of captchas a person could solve in an hour.

    This would probably work better for sites where you only enter the CAPTCHA once, say for creating an account.

    • Re: (Score:3, Interesting)

      Perhaps a solution is making the captcha time-intensive? If it takes an additional 30 seconds of 45 seconds, it might cut down on the number of captchas a person could solve in an hour.
      Perhaps a long audio captcha with some intelligence required to prevent simple voice recognition "The first letter is Q. The second letter is V. Letter three is the letter after N. The fourth letter is the same as the second. The letter Z is not present".
  • by yourestupidjerks ( 948216 ) on Wednesday September 06, 2006 @09:49AM (#16051709)
    Refundable micropayments. Seriously. Require people pay $1 to post a comment, payable via paypal or whatever. Once you have checked their comment, you can add them to a whitelist that will never be charged again and refund them their $1. Spammers don't get their dollar back, don't get added to the whitelist, and have their comment removed. The result over the course of a large number of blog entries would be to significantly increase the cost of doing business for spammers, while providing only a very minor inconvenience for legitimate users.
    • That's going to be real expensive real fast. Every online payment option I've seen charges a significant transaction fee.
    • by Scurra UK ( 143378 ) on Wednesday September 06, 2006 @10:06AM (#16051824)
      So posting my 2 cents now costs $1? Guess that's inflation for you...
    • Why not just moderate the board to start with?

      If your idea of running a solid board is just hosting the server and letting anything fly you're really no better than a pin board hanging at a bus stop or something. Expect to get spammed.

      It takes a split second to tell if a post is spam or not. Unless your forum is getting 1000s of posts a day [in which case you could also delegate the work out], you can easily sift through a pile of posts in a few minutes. ... of course that requires thought, and as we all
    • by BrynM ( 217883 ) * on Wednesday September 06, 2006 @10:09AM (#16051859) Homepage Journal
      Spammers don't get their dollar back, don't get added to the whitelist, and have their comment removed.
      With the rates of credit card abuse and identity theft from where lots of spam originates (former soviet states, pacific rim), you can bet they wouldn't be spending their own dollar to post with such a solution.
      • Re: (Score:3, Insightful)

        by swillden ( 191260 ) *

        you can bet they wouldn't be spending their own dollar to post with such a solution

        Even if the dollar they spend is stolen, it's still theirs in the sense that they can spend it. They have to choose whether they want to spend it on advertising or on real-world goods that they get to keep, so they still have to decide whether they're likely to get more than a dollar back from their posts.

  • by MasterC ( 70492 ) <cmlburnett@gm[ ].com ['ail' in gap]> on Wednesday September 06, 2006 @09:50AM (#16051711) Homepage
    Maybe I missed the memo/boat on this, but aren't CAPTCHAs here specifically to stop automated spamming, automated account creation, etc.? After all CAPTCHA == Completely Automated Public Turing test to tell Computers and Humans Apart [].

    So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.

    Then the "other side" will volly back with an image algorithm to thwart CAPTCHA, then we'll get CAPTCHA 2.0 with synergistic AJAX-enabled authentication, and then we'll have Terminators ruling the world.
    • by LordEd ( 840443 )
      Forget CAPTCHAs. Lets try finding out if you're human in a dune style:

      Put your hand into this vista box...
    • by pla ( 258480 ) on Wednesday September 06, 2006 @10:58AM (#16052338) Journal
      So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.

      Yes and no - That solves the problem of precreated CAPTCHAs, by throwing CPU time at it, but the FP's complaint doesn't actually involve what CAPTCHAs solve.

      CAPTCHAs, if effective (which a market for human solvers suggests), only prove that a human has responded. If a human solves it for pay on behalf of a spammer - The CAPTCHA worked perfectly. Virtually every suggestion on this topic has missed that key point. Using culturally-dependant information, or judgements of aesthetics, or awkwardly-phrased audio clips, or even time-wasting math problems, all still just prove that a human answered the question.

      The real problem here involves the misuse of CAPTCHAs by those who assume they do something which they don't. They don't weed out "undesireables". They weed out non-humans. It really doesn't matter how complex you make them; if a human can solve it, you still have the same underlying flaw - Namely, that we have a HUMAN enemy in this battle.

      Instead, we need to exploit a human vulnerability - Mortality. We need to hunt down spammers and kill them, slowly and painfully. We need to torture their wives and kids in front of them, then string the lot of 'em up in town squares as an example to others. We then need to hunt down all the companies funding these spammers as a form of advertising and castrate their boards of directors.

      Or better yet, we need to trick them into running P2P nodes and let them and the RIAA weaken each other to the point that we can easily eliminate the winner.
    • Re: (Score:3, Funny)

      If the CAPTCHA asks you "are you Sarah Connor?" you should answer "No." and quickly press the back button.
    • Re: (Score:3, Informative)

      by dk.r*nger ( 460754 )
      So the real problem is coming up with CAPTCHAs in real-time with no permanent (this session ID) correlation made between the image link and the answer. Then hiring "slave labor" to make this mapping for you will be completely useless.

      No, that won't work. The spam-computer is in the US, probably a bot-net drone. It automatically visits the blog to be spammed, and captures the CAPTCHA. It now sends this to the Indian, whom within 30 seconds types the correct answer, and this is now inserted on the page, and t
  • by cowscows ( 103644 ) on Wednesday September 06, 2006 @09:50AM (#16051712) Journal
    This issue quickly runs into the same sorts of problems that copy protection on software does. People who are dedicated to breaking the system will still be able to, but normal people trying to work with the system are just getting annoyed.

    It's a mild pain in the ass to match a swirled up picture of letters (I've known the alphabet for about 25 years, and I still get them wrong sometimes), but I'll usually go through it. Make it much more difficult than that, however, and I'm pretty likely to decide it's not worth it, and go waste my time on another website.

    The solution to this problem is not to make the visitor do more work, because you can easily drive your visitors away by making your website a hassle. The spam needs to be filtered on the server side, or just deleted as it appears.

    I've encountered this problem on my own neglected website, and I haven't found a good solution that I have the skills to implement. I generally just delete the spam as it appears, and I turn off commenting on older posts. This works for my personal site, because it's low traffic, but I'd imagine someone who gets more readers and spam could find the motivation to set up some sort of filtering, similar to email spam filters.
  • by jconley ( 28741 ) on Wednesday September 06, 2006 @09:50AM (#16051714) Homepage
    I wish I had someone that could have answered the questions at the beginning of Leisure Suit Larry for me when I was 11...I would have broken open the piggy bank to play!
    • Re: (Score:3, Interesting)

      by BHearsum ( 325814 )
      You win the thread.

      I learned more about America in the 1960s/1970s from those questions than I did from anything else, ever.
      RIP Sierra
  • Reputation ID (Score:5, Interesting)

    by robotsrule ( 805458 ) * on Wednesday September 06, 2006 @09:51AM (#16051717) Homepage
    This is why I believe in the future there will be two Internets. The one we have now which is wild and wooly where you can remain anonymous, and one where you can't do anything without a Reputation ID that is tied to a biometric identification method (fingerprint, voiceprint, etc.). There will be third party companies like Google that have Reputation ID accounts and will handle the authentication. The Reputation ID based Interent is where eCommerce, government and medical records, etc. based web sites will live.

    I hope to heaven that instead of a biometric authentication, someone can come up with a card reader for driver's licenses or some other ID method, but current events seem to indicate biometric authentication will prevail. Even in that case, I hope it is a "authenticated-user" token passing scheme so that the web site that you want to visit never knows who you are, just that you are a valid user that owns the account ID you claim to own (the Reputation ID web site acts as middleman and privacy shield, pray they are never hacked).

    By the way, I don't like the thought of privacy problems and Reputation ID spoofing scenarios this implies. I just don't see any other way way to build an Internet with a high degree of trust. As I type this I am looking at the SlashDot captcha box for comments.
  • by grasshoppa ( 657393 ) <skennedy@AAAtpno ... inus threevowels> on Wednesday September 06, 2006 @09:55AM (#16051744) Homepage
    ...but haven't they been doing this for a few years now? I seem to remember a story, at least a year back, where spammers were giving porn away for free, as long as you solved a captcha every couple views.
    • by Goaway ( 82658 )
      That was a completely made-up theoretical scenario, which has been repeated over and over again as if it was actually happening.
    • Re: (Score:3, Funny)

      by Intron ( 870560 )
      Dear Sir:

      I am Dr Joseph Mugambe. I have come into the possession
      of US $20 Million dollars but need to solve the captcha
      below. If you help me, I will forward to you ONE HALF of
      the moneys.

      Yours very sincerely,
  • Moderation (Score:5, Interesting)

    by truthsearch ( 249536 ) on Wednesday September 06, 2006 @09:55AM (#16051750) Homepage Journal
    I helped develop one of the largest websites in Europe (in terms of traffic and volume of content). Human spammers have been bypassing our CAPTCHA for a while now. We still keep the CAPTCHA to block most bots. The data input goes through a custom spam filter. These human spammers are trying to spread their URLs, email addresses, and phone numbers just like most spam, so this helps to a large extent. Anything that gets through that can be flagged as spam by users. On top of all that there's some human moderation by the business which owns the site.

    So in the end spam filters can help but human moderation is still the only real working solution today.
  • Someone forgot this is the World Wide Web, and that not everyone logging onto a given website will necessarily be from any given "culture"!

  • by Facouille ( 1000787 ) on Wednesday September 06, 2006 @10:08AM (#16051845)
    To register, you have to be a "confident" user of a parternship website, like say ebay, paypal, amazon, yahoo, hotmail, google, etc, etc. They can proof that you are a real user, and an open api allows 1-1 relations between your accounts. If you are not registered to any of those website, you have to get X points using Folding@Home to be trusted.
  • Animated captchas that change continuously, morphing into a recognizable 133t-speak version of the word to be entered for a short time during the animation. Require entry of this within 10 seconds, from the same IP where the pieces of the animation were sent (to prevent downloading and analyzing it).
  • Context (Score:2, Interesting)

    by smithwis ( 577119 )
    Running with your cultural background idea:
    Why not take this to the local level, ie, make your captcha refer to website content.

    The spammers can circumvent captchas effectively because they make sense out of context. But if your captcha asks for the Author's surname, the name of the website, or the news item's title; suddenly you need to actually know about the blog before posting.

    Take this to far though, and it starts to look like those discriminatory voter tests of yesteryear.
  • Many sites could survive by blocking out regions of the internet. (Many cannot...) So that solution should be implemented more often. When it gets to the point that certain countries are effectively isolated off of the internet, the government will be forced to crack down on the offending activities.

    So yeah, let's talk about blocking out China and various asian and African countries until they get their collective acts together.

    For local offenders, let's talk about violence as the solution. At best, the
  • by SmallFurryCreature ( 593017 ) on Wednesday September 06, 2006 @10:17AM (#16051933) Journal
    spam on forums generally includes a link that people should then follow to the site where whatever is being sold is sold. It is trivial to include a javascript on such a forum being spammed that logs each click. You could therefore record who of your users actually responds to spam.

    The real problem with spam after all is not the spammers but the people who respond to it, if nobody bought from spam then there would be no spam. Well at least much less of it. After all it is advertising and spammers are not selling say viagra but selling spam itself.

    In any case with this log of users who actually click on spam links you could then A compile an overview of what kind of user actually is stupid enough to respond, B educate them or C ban them for being to stupid to live.

    Considerring the offered budget in this ad for (30-100 dollars) I don't think the guy is operating with that big a margin already. If you can reduce the number of people who respond to these spams then perhaps simple economics makes the problem go away.

    • Re: (Score:3, Funny)

      by MrNaz ( 730548 ) *
      It's "too stupid to live". If you're going to take a holier than thou attitude, at least make sure that you are literate.
  • Use a human then. (Score:5, Interesting)

    by Xzzy ( 111297 ) <> on Wednesday September 06, 2006 @10:18AM (#16051940) Homepage
    Just have a human authorize every account creation. For smaller sites (the vast majority of the web) this might introduce a load of one authorization a month. As site size scales upwards, you have more people available to help with authorization. Could use the principles of the turing test to work through a 2 or 3 email exchange.

    Could make the supporting cgi scripts as simple or as complicated as one's willing to author. One forum I maintained for a while had a low level "all access" section where new users posted an application. Forum regulars would respond, and eventually grade the new user. If they passed, they were given full access to the board. Granted, this system was employed more to limit the quantity of asshats than spammers, but the same principles apply.

    It might even benefit society in the long run as a spammer's urge to do his work forces him to develop a "true" AI. ;)
  • Use a browser speech plugin to play a string of words randomly selected from a large dictionary, ask the user to repeat them.

    Good for blind people, too.
  • by kahei ( 466208 ) on Wednesday September 06, 2006 @10:22AM (#16051989) Homepage

    I've visited a Japanese art site (ie pictures of characters from fighting games drawn in alarmingly extreme detail) which had roughly this on the front page:

    "Because there have been some people coming in here and stealing pictures or linking without permission, I have had to put this small test up. Please enter the Emperor's birth date in Japanese calendar in the box below. I'm sorry for this inconvenience and I will remove it when they forget about this site."

    I've also seen a site (again in the 'students with too much time on their hands' sector) that asked for some other date in Japanese calendar. There are also a fair few personal sites that have a front page with just one link that takes you in, and several spurious links, with the page being 100% japanese text -- which I think serves about the same purpose.

    On a related note, there also used to be WinMX groups which required that you say something in Japanese on entering or be booted. The point there was that otherwise you'd get masses of Korean 12-year-olds coming in and going 'Fuk Japanese bitch! dokdo nun uri tang!!lolz0rz!' and generally spamming the place. At least, I hope they were 12.

    So, cultural captchas certainly exist... but it's easy to see why they work better on 'my pictures of Vampire Hunter D' sites than in the commercial world.

  • by PMuse ( 320639 ) on Wednesday September 06, 2006 @10:27AM (#16052041)
    How about captchas that require cultural background knowledge to solve?

    If the captcha does not itself contain all the information required to solve it, some legitimate users will be unable to solve it.

    Now, simple riddles would at least require mastery of the language instead of mere character recognition skills. However, requiring language only raises the $/hour cost of solving them a little. More importantly, even easy riddles are much harder to generate for captchas than random strings. E.g., "What word is fourth in this sentence?"
  • Comments by email? (Score:3, Insightful)

    by 955301 ( 209856 ) on Wednesday September 06, 2006 @10:43AM (#16052189) Journal

    What about reducing it to a single problem again by accepting comments only via email? Then you can bring the usual tools to bear - forcing server retries, greylists, whitelists, blacklists, analysis, etc.

    Just provide the comment email address at the bottom of the article and a uid in the address would make it post to the proper article/story/whatever. Reply to email addresses would have a different uid as well.

    Make the mail server moderate for you.

  • by nblender ( 741424 ) on Wednesday September 06, 2006 @11:33AM (#16052648)
    For each client, send a series of captchas: "solving" "captchas" "formoney?" "one" "thousand" "usdollar" "reward" "for-arrest" "of-your" "employer".
  • The Anti-CAPTCHA (Score:3, Interesting)

    by TimTucker ( 982832 ) on Wednesday September 06, 2006 @12:29PM (#16053189) Homepage
    I've managed to cut down blog spam significantly lately after installing an Anti-CAPTCHA: []

    The basic idea is to present a CAPTCHA image that's as easy for a machine to understand as possible and then ask the user to type in something else. (in the system that I'm using, users are presented with an unobscured image of a 6-digit number and asked to type in a different 6-digit number).

    One of the great things about asking a user to type in something other than what's shown is that it's much more accessible than a regular CAPTCHA, since there's only a 1/1,000,000 chance that someone who can't see will accidentally type in the "right" six digit number.
  • by LauraW ( 662560 ) on Wednesday September 06, 2006 @01:25PM (#16053629)
    This talk [] on Google Video has a bit of info about CAPTCHAs. Apparently some porn sites are displaying occasional CAPTCHAs that their users have to solve before seeing the next page of porn, and then using these solved CAPTCHAs to spam blogs and other sites. The developers get bonus points for creativity, anyway.

Evolution is a million line computer program falling into place by accident.