Who is Luis von Ahn?

Luis von Ahn was then an assistant professor of Computer Science at the Carnegie Mellon University (now a professor), a recipient of a Microsoft Research Fellowship and the MacArthur Fellowship (also known as the Genius Award). As aforesaid, he is best known for developing Captcha and reCaptcha.

He begins his human computation lecture by verifying that the audience is well acquaint with the captcha procedure required at the end of an online registration form. Then he brings up the captcha paradox: captcha is a program designed to pass tests designed to automatically fail programs. Thus, if programs like captcha lean on human knowledge and experience, what more can computers learn from humans? Or in other words, how can us humans humanize computers further?

Humanizing Computers

One thing that humans do better then computers is give the most accurate description of an image. Google image search, for example, is based on text, the names given to the image files rather than the image content itself. What flaws the accuracy and reliability of the search results, and moreover, reduces the accessibility of the web to the visually impaired.

To challenge captcha tests, spam experts have created “captcha sweat shops”, usually in developing countries, where employees solve captcha puzzles all day for about $2.5 an hour, i.e. about 1/3 cent per puzzle. Similarly, humans can be exploited to improve internet search results. But instead of paying people to tag web images all day, Mr. von Ahn has found a better, faster, and even cheaper way to fasten images labeling online.

If only in 2003, 9 billions of humans hours have been used for the purpose of playing solitaire, he thought, the wasted human cycles can be used similarly. That way, he came up with the ESP Game. The ESP Game is an online, two-players’ game where players are paired randomly and have no ability to communicate with each other. Both players are presented with an image they are required to describe in one word. To score points, they are also required to provide the same one word description as their play partners.

Of course, cheaters are always a concern, so the players had to first undergo test images, and only if passed successfully their results were taken in consideration. Still, tagging images is an inexact, often controversial science, and to make things more accurate, players faced challenges like being introduced to “taboo words” (words that cannot be included in the description), were informed about the other player’s playing time to encourage competitiveness and offered a single player version of the game.

Later on, the enthusiastic response the ESP Game led to more sophisticated games. Such as Peekaboom, which was designed to train computer vision research so they will be able to identify each part of a complicated image, and Verbosity (then not yet released), a two-players guessing game based on familiar party games and aimed to collect common sense facts, an ability computers lack and humans usually own.

Dear Infosyssec, why not using captcha or any other spam prevention applications, instead of giving your potential clients a hard time???

In that way, one can say that captcha entry services – which are also known by the term “captcha bypass services” – are evil tools that do spam.

This article will review some of these captcha entry services.

Royal Captcha King
Website URL: http://www.captchaking.com
The “Royal Captcha King” offers monthly subscription for different amounts of captcha entries with 95% captcha entry success guaranteed.

For 39.95$ per month you get 1000 Captcha entries a month,
for 99.95$ per month you get 3000 Captcha entries,
for 179.95$ per month you get 5000 Captcha entries and
for 349.95$ per month will credit you with 10,000 Captcha entries a month.

Data Entry BPO Services
Website URL: http://www.dataentrybposervices.com/services/data-entry-services/captcha-entry-services.html#
”Data Entry BPO Services” is a large business that promises 100% success rate and 60% saving of costs for its Captcha entry services.

On a side note one should know that India is the market leader in solving Captchas, as the labor cost there is very low.
When using Indian workers to bypass captcha test, one may get 7000 to 25000 and even 50,000 captcha entries per day for 3$ per 1000 image entries!!!

If that is not cheap – than I don’t know what cheap means…

]]> http://adscaptcha.com/2010/03/27/captcha-entry-services-review/feed/ 0 http://adscaptcha.com/2010/03/10/captcha-entry-cracking-captcha-using-humans/ http://adscaptcha.com/2010/03/10/captcha-entry-cracking-captcha-using-humans/#comments Wed, 10 Mar 2010 10:26:58 +0000 Ads Captcha http://adscaptcha.com/?p=157 Captcha entry, Captcha bypass, captcha – 3 bizarre terms- do they have anything in common?

Well, Captchas are those short tests we have to pass when we want to register to or participate in all kinds of online community platforms such as forums and blogs that require deciphering a captcha test. Captcha comes to prevent automated bots from spamming all kinds of online platforms and websites. Captcha filters robots leaving human users to enjoy the services of certain sites that request Captchas.

Just like in any field, some people found a way to bypass this wall of captcha.
Cptcha can manage bots, preventing them from spamming the web with textual links and other advertising content? No problem.
We’ll hire people to do the captcha tests for others and the spam will continue.

What this “Captcha Bypass” or “Captcha Entry services” means – hiring low paid human workers to carry out captcha tests – to make “captcha entry”.
The worker is paid 1$ for 1100 correct Captcha entries. Some pay more, some pay less, but it doesn’t matter. What matters is the fact that human cheap work power replaces the automated spammers or bots by performing repeatedly Captcha bypasses, entering Captcha codes, and contaminating websites with spam!

Just like the old song says: “Money makes the world go around”.

Some of them, like the “Web Biz Captcha” and “Lanap Software” for example, offer free upgrade versions for life.
You may always try it for free before buying!

More than that, there is always the possibility of using Open Source Captcha, a recommended way of saving money…

The reason websites use Captchas is a strong wish to filter spam sent by spam bots.
Yet weak Captchas can be defeated by PWNTCHA!

What is a PWNTCHA?

Captcha, is a decoder project that decodes Captchas by using visual techniques. It stands for “Pretend We’re Not a Turning Computer but a Human Antagonist” as well as PWN Captchas.

Some Captchas are pretty weak. They consist of one single distorted word and an image, the letters are not rotated or not rotated enough, there is no deformation, or weak deformation, no color variation and weak perturbation. Such Captchas are cracked by PWNTCHA 92% of the time, in a pretty short time (somewhat around 10 seconds! Not more! )

Some harder Captchas, more challenge response tests, consist of 10 words displayed in clutter and distortion and the user is asked to name 3 of them. PWNTCHA succeeds to decode those Captchas 33% of the time.

As a matter of fact PWNTCHA proves the inefficiency of the common Captcha!

Maybe time has come for Captchas to be more difficult for humans as well as computers?…

Who and How in Comment Spam
Before talking about how we can prevent comment spam , we should define what is the target and how it is done.
The who or what is any web application that allows free comment for visitors and/or accepts hyperlinks submitted by users, for example -  blogs, forums, wiki, guestbooks and social platform.
Regarding the how, one should know that most of comments spam is done by robots that post thousands of random comments and commercial ads combined with hyperlinks.

Why?
Spammers aim at achieve a higher rank for their site as well as relevant traffic.  Google algorithm evaluates websites statistically by putting them in a higher or lower page rank, according to the amount and quality of their backlinks.

How to prevent comment spam?
Captcha – An example of validation technique
One way is to use technique of validation. Captcha is a test (mostly a distorted text with an image to be deciphered by the user) given to a user before submitting his comment. It verifies the user as a real human being, not a robot spammer.
Yet Captchas are not undefeated as there are weak Captchas that might be cracked by bots.

User Authentification
An alternative for comment spam prevention is “user authentication”. User is asked to set up a username and a password before he is allowed to comment on the site.

Links with no Power
Websites can combat comment spam by disallowing links in posts. A tag Rel=”nofollow” is attributed on the spammer’s comment and Google ignores the link from being pageranked – so basically the goal of achieving higher rank is denied.

Spammers Identification (Project Honey Pot)
Lately a new project named “Project Honey Pot” has started to track comment spam. Thousands of traps are installed all over the net watching what comment spamming is being posted by robots to blogs and forms. The collected data is available for all countries to block comment spammers.

Spam tracking Plugin
Akismet is another solution. It is a plugin that trackbacks all kinds of blogs and forums. If the comment is already known as spam – it’s never published.

What about the future?
No doubt that in the future comment spam prevention techniques will get more sophisticated just as well as new ones will be developed. This is due to the fact that achieving absolute defeat of comment spam is not only an ongoing mission but quite not an easy one also…

A bot spammer is never tired of doomed attempts. A bot spammer never gets frustrated when it fail.
As for human users, I, myself, get pissed off with Captcha after the third attempt.
If I fail to decipher a Captcha three or four times, I simply give up!

That brings me to the following idea: Wouldn’t it be wiser to set a limit to Captchas wrong attempts? Let’s say after 5 attempts the user is blocked and can no longer activate a false account? This suggestion enables Captcha to function as a spam blocker right from the beginning!
Yes, I know it denies accessibility for human users, but than it stops spammers from endless cracking Captchas attempts.
I believe that under the circumstances less human users are preferable.

Massive bot spammers are less desirable but you know what people say: Sometimes – less is more.

As a matter of fact – everyone needs captcha!
Whether you are a private navigator with a private e-mail  or an owner of a blog or a forum – if you don’t want others to abuse your platform and / or spam it for their own good, you need protection.

Why do people use spam?

One of the reason for online spamming is the wish to achieve a higher “Search Engine Ranking”, which can be done, among other tactics, like SEO and advertising networks, by getting relevant links to your site.
How can one get more links to his website? Among other, getting additional links can be done by simply inserting messages with your link into other websites that allow it, like forums or blogs.

Why do business marketing use spam?
For the same reason – to achieve a higher ranking as well as better traffic to their business through posting advertisements to mailboxes of innocent users as well as to all kinds of online platform (blogs, forums and social media platforms such as facebook, digg and even flickr).

How is it done?
It should be noted that only a minority of online business uses manual spammers while the majority uses spam robots.
The automatic spamming is done by bots that spider the web for all kinds of  users forms and then post a spam message of advertisement.

Can you protect your e-mail box or website from spammers?
Yes, you can. One of the options is to use Captcha and thus prevent registration of spamming bots to your site, or, if we talk about mail-spamming, to use Hydmail which is a special kind of Captcha programmed for mailbox and cannot be deciphered by spam robots.

Click here to read more about captcha security applications

What form of spam Captcha can prevent then?

Among others, Captcha is able to prevent forum spam, comment spam or spam in blogs, guestbook spamming and newsgroup spam.

Forum spam – What, How and Why?

Forum spam is a process of posting abusive advertisements or unwanted messages on internal forums, generally by spam-bots. It is done by inserting a link or dozens of links into the forums. The links come with minimum text and the content is mostly irrelevant to the forum but still it is inserted in hope that it will prevent spam filters from carrying out their mission. By adding links to the forum, the spammer strive to attract potential customers to its site.

Comment spam / Spam in blogs

Similar to forum spam, links that point to the spammer’s website are inserted into blogs using the section of comments given by the blog.

The one who is behind these comments spam is doing it in order to increase his site search ranking! Inserting as many links as possible, while using keywords as anchors, also increases the number of potential visitors or paying customers to the spammer’s site.

Guestbook spamming

According to Wikipedia, a guestbook is “a paper or electronic means for visitors to acknowledge their visitation to a site, physical or web-based, and leave their name, postal or electronic address (if desired), and a comment or note, if desired. It is used at museums, hotels, churches and so on”.

This applies to the web as well.
Web sites use guestbooks to display the type of visitors who visit the site as well as getting a feedback from the visitors about the site. (The visitor is not required to open an account and can leave a public comment).

Commercial website spammers may leave endless comments adding links to their site for the same reason mentioned before – increasing the number of potential visitors or paying customers to the spammer’s site.

Newsgroup spam

Newsgroup spam is a process of posting endless articles with faked and falsified article headers to usenet newsgroup in order to disrupt and make the newsgroup unreadable.

Can we fight against those forms of spam?
Yes. We can!

Since captcha demands the user to prove he’s a human being (by solving a simple test that humans complete easily) bots that run into the captcha test while trying to sign them selves up to all kinds of online platforms such as forums, guestbooks or blogs – are being stopped simply because they can not complete the test.
In other words -
Captcha is the perfect solution for online spam prevention!