Have you heard of these guys? End the CAPTCHA Agony | Are You a Human

I saw mailchimp using them recently, basically, captcha in the form of games.

Interesting blog read, have you set up a site and invited hackers to try and break it? I think challenge would be newsworthy and get some attention.

Please help craigslist, they are now deluged w/ spammers. I am selling a few items and get bombarded with BS spam trying to get me to reply to grab my email address. CL needs some captcha or double blind email system.

Hello Joe,

I agree with NewParadigm: It's interesting, and by inviting hackers to break it, not only would it become newsworthy (i.e. press releases), but you could also make sure that you and your team are not overlooking anything. (I'm not saying you are, but just to make sure there isn't any angle that was overlooked by accident).

Certainly, a very innovative idea, and a very NEEDED one as well!

Good luck!

Take care,

Joe Chengery

I'm far from technically savvy, but this sounds like a great idea. Overload the spammers' computers with processing requests...brilliant!

I just finished reading Daemon, by Daniel Suarez – great book if you like tech thrillers – and this sounds just like something that his evil (?) genius character would dream up. Best of luck!

I read your blog, its a interesting idea! I don't think it is a full proof solution but def another weapon in the fight against spammers.

The whole idea hitting the spammers where it hurts (in the pocket) is a very good one though. Up their costs of solving captchas will def help against spam, if we can make it that expensive that it just doesn't get them enough money anymore is a good approach. However there are many other factors like using bots (as mentioned earlier) and also the fact that computing power is getting cheaper by the years so you'll be needing to update the settings as well.. also you might also hit some legit users on legacy computer in company networks etc.. there are still plenty of companies running completely on Win XP..

If your idea works then that's great! At this moment our site is down thanks to spammers who got into our forum and flooded it with thousands of spam in one day. I am beyond irritated about this. My web design person said there is a captcha set up but how then did they get past it? Right now we cant get in to look at what went wrong, the domain host needs to give us some bandwidth (as we have none) so we can resolve this. Hopefully today all will be resolved. If only spammers used their smarts for good things.

I would think the bar to set is not being perfect, but rather, being tougher than the next captcha so the spammers move on to lower hanging fruit.

Like a burglar skipping your house w/ an alarm system sign and going next door to the house that left a window open.

What's goin on w/ the large botnet attacks on wordpress?

The basic concept is nothing new. Bill Gates floated the idea of a "processor tax" when sending an email to curb spam.

Here's a story from January 2004:
Gates reveals his 'magic solution' to spam - CNET News

It was somewhat interesting for email spam back then because those spammers were known to have 10, 20, 30 computers running at once sending the spam 24/7. If you could force a computation that takes even one second, the email spammers would have to spend a significant amount of money on more systems. This is of course speaking in 2004 terms when the Pentium 4 was king and ran $1,500 to $2,000. At just one email per second per computer it would have been impossible for them to recover their former mailing power without spending six or even seven figures on more computers.

There's a couple obstacles here in 2013 whether we are talking about a processor tax for email or captcha. First, there is a wide range of processing power in the hands of consumers today since computers don't go obsolete at the rate they once did. So that 1 second tax on the computer that was purchased yesterday is quite the annoyance for someone using an older system that takes longer to make the computation. Second, are captcha spammers running multiple boxes 24/7? If not, does it really matter if it takes their single computer 3 hours to do the dirty work versus the current 10 minutes? You really aren't curbing anything in that case.

Email spam filtering has come a long way since Bill Gates' idea to tax systems. Similar concepts will have to be applied to forum and comment spam.

These would be people hired through services yes? Human captcha breakers. Would they not have full browsers open to solve your extra calculation request?

So basically it might beat basic OCR based solvers on the market. But would still remain useless against actual human solvers.

Looks like a good time to invest in the human captcha solving sector.

Sounds like a great idea, and hopefully you can get the patent for it, but there is always a way around everything. There are armies of human captcha solvers in third world countries.

But you never know, you may be able to sell your captcha system to a big company for big bucks

"whats in it for me?"

Is what im thinking?

If im going to implement something like this on my website it had better not make it harder for my customers or for me.

If im going to be using a web service that uses this technology, it had better not make my life harder.

Thats my only thoughts besides me wondering how your going to monetize something that is currently FOC via open source.

Otherwise good idea.

Two things I'd like to ask, and forgive me I haven't read the blog (Yet!) 1. It's going to take a spammer a long time just to crack the captcha, it wouldn't be worth it surely? 2. Will you be beta testing the captcha here on the WF or in a closed environment?

Cheers! I'm off to bed. See you later today.

Brian

Now that I have had time to reflect on it. My view is this.

Your presenting the world with a solution to a current problem. But your solution is flawed in it's basis. Your method is as easy to bypass or manipulate as captchas are in the first place. It's like when they added CVV to the back of the credit card. It created a new security barrier, but was quickly circumvented.

I purchased one of the latest Captcha breaking softwares recently. The GSA Captcha breaker. Not cheap I have to say. But after seeing it in action. It is very impressive. Seems to work off some kind of huge shared database of images. And learns as it grows. With really impressive results. As of now it solves over 500 captcha types. This number seems to grow every day. And solves most of them at over 30% success.

But you see my point is. That no matter what type of Captcha or Human confirmation a site puts up to prevent spamming. The spammers will adjust accordingly. The number of spamming attempts will not decrease. If anything increase as placed links become more valuable.

So In short the only thing that making captcha unbreakable will achieve. Will be the increase in the value of a backlink. Its not tackling the problem of spam at all really. Just rolling the rock down the road a bit more.

It will all depend on implementation. You'll be competing with Google's ReCaptcha service which is free. You'll have to bring something VERY attractive to the table in order to get people to pay for the service.

Once that is accomplished, and assuming your service gets popular enough, the software companies will just implement the functionality necessary to hash the number. I'm not saying this isn't a great idea, I definitely think it is clever, but as always, people will adapt.

I think your biggest battle will be monetizing it when a popular service like Google's ReCaptcha exists for free. I'm not saying there's is better, but cost is always a factor.

All the best!