i want to implement a reverse turing test for registration.
as we all probably know, it's commonplace to put some text in an image and ask the agent to transcribe the contents into a text field. however, character recognition programs are getting very good, and i don't want to try to constantly keep ahead of the curve.
i could just find the best open-source (bsd or mit licensed) php captcha and import the code into the ttf tree.
i could also devise a different way of administering a reverse turing test. here are some ideas:
(1) ask the user to solve a word problem. examples: "you have two apples and three oranges. how many pieces of fruit do you have?" "what is the area of a square with sides that are one unit long?" "what color is the sky?" "for which sense are eyes used?" "what is frozen water called?"
(2) ask the user to perform some quick internet research--these questions could ask for answers that change frequently, or they could just be asking for lesser-known information. examples: "how many euros is the u.s. dollar buying today?" "what is the capital of andorra?" "how many planets are in the solar system?" "what is the last name of the author of madame bovary?"
(3) ask the user to perform some internet activity. examples: "download the image displayed to the right, upload it to the web, and provide its web address." "join the irc channel #xyz on server irc.abcdef.net as username ghijklmn." "create a google document containing the following text, make the doctument publicly available, and provide the url in the following text field."
thoughts?
as we all probably know, it's commonplace to put some text in an image and ask the agent to transcribe the contents into a text field. however, character recognition programs are getting very good, and i don't want to try to constantly keep ahead of the curve.
i could just find the best open-source (bsd or mit licensed) php captcha and import the code into the ttf tree.
i could also devise a different way of administering a reverse turing test. here are some ideas:
(1) ask the user to solve a word problem. examples: "you have two apples and three oranges. how many pieces of fruit do you have?" "what is the area of a square with sides that are one unit long?" "what color is the sky?" "for which sense are eyes used?" "what is frozen water called?"
(2) ask the user to perform some quick internet research--these questions could ask for answers that change frequently, or they could just be asking for lesser-known information. examples: "how many euros is the u.s. dollar buying today?" "what is the capital of andorra?" "how many planets are in the solar system?" "what is the last name of the author of madame bovary?"
(3) ask the user to perform some internet activity. examples: "download the image displayed to the right, upload it to the web, and provide its web address." "join the irc channel #xyz on server irc.abcdef.net as username ghijklmn." "create a google document containing the following text, make the doctument publicly available, and provide the url in the following text field."
thoughts?
1. I like this. what are the chances of bots figuring out how to read and comprehend?
2. I like this one too, but honestly I think something like looking up an exchange rate would be over the head of some users.
3. this one I think is too intense. I want to use minimal extra tools, and having to use an IRC client would be really annoying. the image upload thing might be over some people's heads too.
2. I like this one too, but honestly I think something like looking up an exchange rate would be over the head of some users.
3. this one I think is too intense. I want to use minimal extra tools, and having to use an IRC client would be really annoying. the image upload thing might be over some people's heads too.
chances of (1) occuring are very low, in my opinion, and i've seen it done before. let's do it.
> as we all probably know, it's commonplace to put some text in an image and ask the agent
> to transcribe the contents into a text field. however, character recognition programs are
> getting very good, and i don't want to try to constantly keep ahead of the curve.
\o/
To make the captcha usable where you only have one browser window/tab, and aren't allowed to install applications, you should do 1. Be sure to have LOTS of questions so you can't easily make a table with all the answers.
You could do reverse dictionary lookups. For example: "What word describes this: Wikipedia intro or definition from a dictionary." You can then pick a word at random, and show that description.
> to transcribe the contents into a text field. however, character recognition programs are
> getting very good, and i don't want to try to constantly keep ahead of the curve.
\o/
To make the captcha usable where you only have one browser window/tab, and aren't allowed to install applications, you should do 1. Be sure to have LOTS of questions so you can't easily make a table with all the answers.
You could do reverse dictionary lookups. For example: "What word describes this: Wikipedia intro or definition from a dictionary." You can then pick a word at random, and show that description.
(1) is the best, imo (2) and (3) are too much if you want a quick signup form.
Just make it a random question each time.
Just make it a random question each time.
I agree with asemi
i'm on this shit. i was thinking of using mturk to generate pairs.
maybe you guys would help instead? ;-)
maybe you guys would help instead? ;-)
submit your tests here.
thanks! once i get a bunch (~100), i'll implement it in the registration process.
thanks! once i get a bunch (~100), i'll implement it in the registration process.
I submitted a few! If you need quite a few more maybe you could impliment a "submit another question/answer" option after you finish one. :P
I did a bunch last night. How many do you have?
I submitted test number three! I love the number three. And the number nine, which is my user_id. I love TTF. <3
I have posted one :D
i've been trying to figure out the best way to implement versioned tests. i guess i figured it out.
i'm wary about my database design. :/
i'm wary about my database design. :/
k submitted.
recaptcha doesnt really suit this site i dont think but none the less here is a cool video on recaptcha http://www.youtube.com/watch?v=Aszl5avDtek
Here's some info from the previous DEFCON about hacking CAPTCHA:
(1) CAPTCHAs: Are they really hopeless? (Yes): Mike Spindel & Scott Torborg
PDF:
http://www.defcon.org/images/defcon-16/dc16-p … pindel.pdf
Video of speaker with slides [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … ss_Yes.m4v
Slides only video [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … s_Only.m4v
Audio [m4b]:
https://media.defcon.org/dc-16/audio/Defcon16 … ss_Yes.m4b
(2) Deciphering Captcha: Michael Brooks
Extras [Zip]:
http://www.defcon.org/images/defcon-16/dc16-p … extras.zip
Video of speaker with slides [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … aptcha.m4v
Slides only video [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … s_Only.m4v
Audio [m4b]:
https://media.defcon.org/dc-16/audio/Defcon16 … aptcha.m4b
(1) CAPTCHAs: Are they really hopeless? (Yes): Mike Spindel & Scott Torborg
PDF:
http://www.defcon.org/images/defcon-16/dc16-p … pindel.pdf
Video of speaker with slides [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … ss_Yes.m4v
Slides only video [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … s_Only.m4v
Audio [m4b]:
https://media.defcon.org/dc-16/audio/Defcon16 … ss_Yes.m4b
(2) Deciphering Captcha: Michael Brooks
Extras [Zip]:
http://www.defcon.org/images/defcon-16/dc16-p … extras.zip
Video of speaker with slides [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … aptcha.m4v
Slides only video [m4v]:
https://media.defcon.org/dc-16/video/Defcon16 … s_Only.m4v
Audio [m4b]:
https://media.defcon.org/dc-16/audio/Defcon16 … aptcha.m4b
> recaptcha doesnt really suit this site i dont think
there are thousands of bots registered, and a few have even managed to post.
there are thousands of bots registered, and a few have even managed to post.
no i dont mean that you shouldn't have some kind of captcha, i just meant that 'recaptcha', the specific captcha here http://recaptcha.net/ didnt fix the look of the site.
oops.. gotcha :)