Webware

Which way is up? Google's test relies on finding images that are easy for people but hard for computers to orient correctly.

(Credit: Google)

Google has released research results about a new test to foil computers pretending to be humans by requiring them to orient an image so it's upright.

A persistent problem on the Internet is screening out automated computer systems that can be used, for example, to sign up for spam-sending e-mail accounts or post comments designed to improve a site's search results. Google, which already devotes a lot of resources to block e-mail and Web spam, has tried a new test to keep the bots at bay.

The test is the latest variation on a screening technique called a Captcha (completely automated public Turing test to tell computers and humans apart). The idea is that people can often tell which way is up in a photo, but computers have a harder time.

Captchas are in widespread use today, usually in the form of obscured or distorted text that people can still read. But there's a lot of work in the area, including identifying 3D images and distinguishing between cats and dogs.

Here's how Google authors Rich Gossweiler, Maryam Kamvar, and Shumeet Baluja described the image-orientation technique in their paper (click for PDF):

This task requires analysis of the often complex contents of an image, a task which humans usually perform well and machines generally do not.

Given a large repository of images, such as those from a web search result, we use a suite of automated orientation detectors to prune those images that can be automatically set upright easily. We then apply a social feedback mechanism to verify that the remaining images have a human-recognizable upright orientation.

The main advantages of our Captcha technique over the traditional text recognition techniques are that it is language-independent, does not require text-entry (e.g. for a mobile device), and employs another domain for Captcha generation beyond character obfuscation. This Captcha lends itself to rapid implementation and has an almost limitless supply of images.

We conducted extensive experiments to measure the viability of this technique...Our Captcha technique achieves high success rates for humans and low success rates for bots, does not require text entry, and is more enjoyable for the user than text-based Captcha.

Images can be hard for people to orient upright, too. One 500-person test showed wide disparities in the opinion of which way was up for the left image but not the right image.

(Credit: Google)

The tricky part is finding the right balance between too easy and too confusing. Some images are hard for people to orient correctly, and some have cues--faces, text, blue skies, and green grass--that computers can use to figure out which way is up.

To get around this issue, while being able to draw from the large number of images on the Web, the technique presents people with new images as well as those known to perform well. If people have trouble consistently telling which way is up, that image isn't included in the library.

The researchers like their system in part because the image doesn't have to be obscured or distorted, as in text-based Captchas such as those Google currently employs. But image-based Captchas aren't immune from the bot vs. Web site arms race.

"As advances are made in orientation detection systems, these advances will be incorporated in our filters so that those images that can be automatically oriented are not presented to the user," the researchers said. "The use of distortions may eventually be required."

(Credit: Screenshot by Dong Ngo/CNET)

Captcha, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a method used by many Web sites to fight against computer-generated input. As computers get smarter, Captchas hves become more of a nuisance because most of them are now tough for us humans to pass.

I recently blogged about a new and more humane way to create a Captcha by using 3D images and the implementation of that method at Yuniti.com. I've just run into a different approach, similar to the Asirra tool revealed by Microsoft in 2007, that seems even easier for humans to pass while remaining impossible for machines to figure out.

It's called Captcha the Dog from a Web site of the same name. Like the 3D-based Captcha, this method uses images instead of text for the challenge. However, the challenge is always the same: clock on the one different object on the screen, i. e., click on the photo of a dog among eight photos of cats.

With Captcha the Dog you are required to do this multiple times in a row. Each time, the position of the dog is changed and if you click on the wrong picture once, the process starts over from the beginning.

Once you have clicked on the right one enough times, all the photos will be those of cats. This is when you know you have passed the Captcha.

As it is currently impossible for a computer to distinguish between these photos, it's virtually impossible for a machine to randomly select the right image multiple times in a row.

This method of Captcha costs $25 per year with customized images. Beyond that, you can get its codes for free. The new method is said to be compatible with any browser (including that of the iPhone) and can be implemented within 15 minutes without the use of cookies.

This seems a simple yet effective alternative to the text-based Captcha that's so popular and so frustrating to use. However, like other image-based Captcha methods, Captcha the Dog doesn't currently offer a way to support people with disabilities. However, the site states that its new version will offer an audio component for vision-impaired people.

Try out the new Captcha method at Captchathedog.com and leave your thoughts in the comments.

The newly implemented Captcha method that's based on 3D images.

(Credit: Dong Ngo/CNET)

I wrote a blog about a new way of creating Captchas by using 3D images that Taylor Hayward, a blogger, came up with and thought it would be really cool when implemented. Now, 3D Captchas seem to have become a reality--however, not from Hayward.

Incidentally, the folks at YUNiTi.com, a social Web site, have been working on the same idea for a few weeks and have implemented the method on their Web site.

The site announced Wednesday that it has created a 3D Captcha method that is unbreakable by current computer technology, yet much easier for humans to identify.

Captchas is short for Completely Automated Public Turing tests to tell Computers and Humans Apart. This is a way to make sure the input is not generated by a computer.

Similar to Hayward's idea, this new technology relies on our ability to identify objects in 3D instead of using alphanumeric characters. YUNiti's 3D Captcha, however, has three objects in the challenge and extends the list of images to any object, not limiting it to animals as in Hayward's idea. This increases the challenge's level of complication to prevent computers from successfully making the correct guesses.

I tried a new Captcha at the Web site and it worked very well. You just need to click on the placeholders for each object, then you are presented with a list of objects to choose from. After four mouse clicks, I passed the Captcha the very first time.

Marcos Boyington, co-founder and primary software engineer of YUNiTi.com, told CNET News that he and his brother came up with the idea without knowing of Taylor Hayward's method. Boyington believes this was joint discovery of the same concept by people in different parts of the world. He said he is seeking contact with Hayward to talk about collaboration opportunities.

You can try the new Captcha by visiting YUNiTi.com.

You've been sent an e-mail, and it's critical the contents are safe from prying eyes. In the case of Gmail, and a handful of other popular Web-mail providers, your e-mail could be in a dozen different servers (albeit encrypted), or even be analyzed to try to sell you contextual ads.

The creators of Lockbin would like to help you avoid such security calamities with their closed system that will take any message and send it to someone in a highly secured manner. How secure? You can't even open it unless your recipient happens to have the "secret word" which acts as the encryption code. When it's time to actually decrypt a message, the entire process is done within the recipient's browser window instead of Lockbin's servers, meaning if it gets into the wrong hands the message's security is not entirely compromised.

Lockbin's creators note that "nothing is perfect, and neither is this," but I must admit, any system that requires a captcha to even get to the point of writing a message feels like going through airport security.

Related: HushMail

You better know the secret word as a message recipient using Lockbin. Otherwise, there's no way to crack the code.

(Credit: CNET Networks)

According to security vendor BitDefender, spammers have defeated a system designed to differentiate humans from machines when registering new accounts online. Known as Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart), the system won't allow users to advance until distorted characters in a box are correctly entered. BitDefender says a new threat, Trojan.Spammer.HotLan.A, is using more than 15,000 automatically generated bogus Microsoft Hotmail accounts to spread and is registering 500 new accounts per hour, suggesting the Captcha system has been defeated.

BitDefender says the Trojan horse accesses one of the free Web mail accounts from Microsoft or Yahoo, pulls encrypted content from a Web site, decrypts the message (usually spam for a pharmaceutical product), then sends the e-mails to presumably valid addresses obtained from another Web site. Exactly how the Trojan is able to create the bogus Web mail accounts is not documented.

Spam, zombie robots, and the rest of the dark underbelly of the Internet has led to one of the Web's big annoyances: the captcha. That's the barely readable block of random letters you must translate in order to prove your humanness, and it's supposedly the one thing that separates us from the machines. It's also used in nearly every site registration process--and more recently at site logins. The bottom line is that it's annoying but also utterly necessary to keep evil at bay.

Enter reCAPTCHA, a project of the School of Computer Science at Carnegie Mellon University. A mix between disease-curing Folding@Home, and MyCroft [review], reCAPTCHA requires users to solve two jumbled words: one is the actual captcha, the other is just a word that needs to be translated into text. These words come from various scanned books and documents residing on the Internet Archive. Many of those books were written before computers and in their current state (PDFs and image files) are just glorified photographs--a medium that is still hard to sort through. Once complete, they'll be digital text, and completely searchable.

Words for translation are not just chosen by random. Documents that have been scanned, get checked by an Optical Character Recognition (OCR) engine, which is able to pick up many of the words. Those that are misspelled by OCR, or are impossible to read, are plucked and put into the ReCaptcha word pool. Sites can implement ReCaptcha several ways. There are plug-ins for WordPress, MediaWiki, phpBB, and PHP.

I've embedded a sample ReCaptcha below. You'll notice both words look similar, as ReCaptcha is using both words from the same source, so you can't tell which one has already been solved.

Related: inChorus [review]

[found on del.icio.us]

Venture capital blogger Fred Wilson hit a minor speed bump while searching on Google the other day. The site asked him to verify that he wasn't a bot by filling out a Captcha.

(Credit: Fred Wilson / A VC)

Other people have previously seen this block, though we don't hear about this very often. If you manage to set off Google's filter, it should be a pretty innocuous block. Enter the text, and you should be back up and googling in no time.

That is, unless you are vision-impaired, as this blogger ranted back in 2005. In that case, you need an alternate route around the speed bump. Google has one. Click the wheelchair icon on this page. It will read you a series of numbers, overlaid on a background of jibberish. Presumably, a human will be able to pick out the numbers, but a machine will not. This feature does not appear to be active on the block page Wilson stumbled upon.

Update: Here is Google's official response:

STATEMENT:
In order to maintain a speedy service for everyone, we attempt to filter out searches that are done in rapid succession by automated computer programs. One of the ways we detect and block these sort of searches is by noting when an unusual number or type of queries originate from the same IP address. Blocks for a proxy IP may happen if there are rogue computers behind the proxy that search on Google automatically.

If you're asked to type in a word written in squiggly text (a "captcha"), doing so will enable you to resume your searches. If you are not given this option, please wait a while before you search again.

Also, please double check that neither you nor those on your network are using automated computer programs that are unauthorized to access Google (including software that automatically submits pages, checks rankings, etc.).

BACKGROUND:
As background, Danny Sullivan wrote about this last September.

I recently signed up for a trial of SmartSheet (review forthcoming), and it took me three tries to get past the "captcha," the distorted numbers and letters I had to type to prove to the sign-up system that I was a human.

I'm a person, dammit. You can tell because I'm cursing at the screen. If you make the text any harder to read I'm going to take my personal business elsewhere. Then you'll have nothing but the robots to keep you company.

Related: I also tried to get my new laptop setup on the cellular network today, which required calling up the carrier and reading two long strings of digits off the bottom of the laptop that were so small I needed to use my glasses like magnifying lenses. Since the numbers are embedded in the hardware, why couldn't some software send it over the Web and sign me up that way?

It's a bad day for eyeballs.