Who is Luis von Ahn?

Luis von Ahn was then an assistant professor of Computer Science at the Carnegie Mellon University (now a professor), a recipient of a Microsoft Research Fellowship and the MacArthur Fellowship (also known as the Genius Award). As aforesaid, he is best known for developing Captcha and reCaptcha.

He begins his human computation lecture by verifying that the audience is well acquaint with the captcha procedure required at the end of an online registration form. Then he brings up the captcha paradox: captcha is a program designed to pass tests designed to automatically fail programs. Thus, if programs like captcha lean on human knowledge and experience, what more can computers learn from humans? Or in other words, how can us humans humanize computers further?

Humanizing Computers

One thing that humans do better then computers is give the most accurate description of an image. Google image search, for example, is based on text, the names given to the image files rather than the image content itself. What flaws the accuracy and reliability of the search results, and moreover, reduces the accessibility of the web to the visually impaired.

To challenge captcha tests, spam experts have created “captcha sweat shops”, usually in developing countries, where employees solve captcha puzzles all day for about $2.5 an hour, i.e. about 1/3 cent per puzzle. Similarly, humans can be exploited to improve internet search results. But instead of paying people to tag web images all day, Mr. von Ahn has found a better, faster, and even cheaper way to fasten images labeling online.

If only in 2003, 9 billions of humans hours have been used for the purpose of playing solitaire, he thought, the wasted human cycles can be used similarly. That way, he came up with the ESP Game. The ESP Game is an online, two-players’ game where players are paired randomly and have no ability to communicate with each other. Both players are presented with an image they are required to describe in one word. To score points, they are also required to provide the same one word description as their play partners.

Of course, cheaters are always a concern, so the players had to first undergo test images, and only if passed successfully their results were taken in consideration. Still, tagging images is an inexact, often controversial science, and to make things more accurate, players faced challenges like being introduced to “taboo words” (words that cannot be included in the description), were informed about the other player’s playing time to encourage competitiveness and offered a single player version of the game.

Later on, the enthusiastic response the ESP Game led to more sophisticated games. Such as Peekaboom, which was designed to train computer vision research so they will be able to identify each part of a complicated image, and Verbosity (then not yet released), a two-players guessing game based on familiar party games and aimed to collect common sense facts, an ability computers lack and humans usually own.

Thus, Confident Technologies has released its image based captcha plugin for Wordpress, stating that product is “easy on people while being tough on bots” as opposed to the frustrating, site abandoning encourager text based captcha. Confident Captcha displays a number of images, organized in a grid, asking the user to prove his humanness by clicking on one of the presented images. Users can choose the number of images and the background color to avoid the common side effect of image based captcha, its being the center of attention.

Just released on June 23, the Confidential Captcha was downloaded only by two dozens of users (as for the moment of writing); Still, looking at some of the most popular text-based captcha plugins for Wordpress, you hardly notice a meaningful drop in the number of downloads a day, nor a huge increase in the number of image-based captcha downloads. So,difficult or not, most Wordpress users may be still hung on the good old “type the two words” captcha.

Ran into some funny or amusing captcha you feel like sharing with the world?
write it down at the comments section and we’ll add it to our list

Dear Infosyssec, why not using captcha or any other spam prevention applications, instead of giving your potential clients a hard time???

Who and How in Comment Spam
Before talking about how we can prevent comment spam , we should define what is the target and how it is done.
The who or what is any web application that allows free comment for visitors and/or accepts hyperlinks submitted by users, for example -  blogs, forums, wiki, guestbooks and social platform.
Regarding the how, one should know that most of comments spam is done by robots that post thousands of random comments and commercial ads combined with hyperlinks.

Why?
Spammers aim at achieve a higher rank for their site as well as relevant traffic.  Google algorithm evaluates websites statistically by putting them in a higher or lower page rank, according to the amount and quality of their backlinks.

How to prevent comment spam?
Captcha – An example of validation technique
One way is to use technique of validation. Captcha is a test (mostly a distorted text with an image to be deciphered by the user) given to a user before submitting his comment. It verifies the user as a real human being, not a robot spammer.
Yet Captchas are not undefeated as there are weak Captchas that might be cracked by bots.

User Authentification
An alternative for comment spam prevention is “user authentication”. User is asked to set up a username and a password before he is allowed to comment on the site.

Links with no Power
Websites can combat comment spam by disallowing links in posts. A tag Rel=”nofollow” is attributed on the spammer’s comment and Google ignores the link from being pageranked – so basically the goal of achieving higher rank is denied.

Spammers Identification (Project Honey Pot)
Lately a new project named “Project Honey Pot” has started to track comment spam. Thousands of traps are installed all over the net watching what comment spamming is being posted by robots to blogs and forms. The collected data is available for all countries to block comment spammers.

Spam tracking Plugin
Akismet is another solution. It is a plugin that trackbacks all kinds of blogs and forums. If the comment is already known as spam – it’s never published.

What about the future?
No doubt that in the future comment spam prevention techniques will get more sophisticated just as well as new ones will be developed. This is due to the fact that achieving absolute defeat of comment spam is not only an ongoing mission but quite not an easy one also…

I’ve just read an article on online “Network World” by Brad Reed dated 10/01/09 saying that hackers have found a way to crack Facebook’s Captchas and create false accounts. Those accounts are used for spreading spy ware phishing credit cards and other valuable information from innocent users.

Those rogue accounts show a picture of a woman and the moment one clicks on her video profile – it activates the spyware.

Facebook states it’s doing its best to eliminate false accounts ‘though it’s not easy to detect them. As a matter of fact, anyone can bypass Facebook’s Captacha code simply by googling a Youtube video tutorial which shows step by step how to remove facebook’s Captcha’s code.

I guess the nice thing in this story is the fact that Facebook, the great social network, has joined Google, Yahoo and Hotmail – all targets for spammers attack.

Once again it has been proved that captcha should be improved constantly  if it’s into serving as a reliable spam blocker as well as a security system.

You can read more about Facebook Captcha Attack here

To make a long story short - Captcha can tell human and bots apart but cannot recognize human with disabilities who are not bots and fail the test because of their disabilities…

Captcha Alternatives
But do not worry. There other alternatives for Captcha:

One of the alternative methods is a sound test also known as “audio captcha“. It requires the potential user to listen to some sounds which are played on a noisy background, filter the sounds and repeat them. It is a good solution for low vision or blind users, but not for deaf people or users who don’t have a good hearing.

 Other captcha alternatives are as follows:
Spam filtering – software for blogs contain spam filters targeted to delete spam messages. More advanced systems are able to control spam attacks and filter permanently or temporarily spam contents using the IP address of the user.

Heuristic checks – are based upon the user’s data such as requests, pages he has visited, IP address, data entry or signature data and assist in detecting robot users. 

Single sign-on – This system is similar to a passport. It utilizes visual verification. No doubt – it’s highly recommended for people with disabilities.  

Public key infrastructure solutions – This is another alternative solution not used yet but may help low vision users – to use certifications issued by government or other trusted authorities that verify their identities. The disabled user will have to telegraph the site, inform his or her disability and get access to the site’s service.

Biometrics – Another tool, to be used together with the single sign–on system (using D.N.A / fingerprints). Microsoft has already developed a new system of Biometric verification but it will take years until the biometric hardware will penetrate into the market.

 To sum up, Captcha is a good solution, but not for all. When it comes to disabled people with low vision or hearing and other disabilities, one must consider some other security tools and / or software, such as the captcha-alternatives mentioned on this post (spam filters, heuristic checks and so on).

As a matter of fact – everyone needs captcha!
Whether you are a private navigator with a private e-mail  or an owner of a blog or a forum – if you don’t want others to abuse your platform and / or spam it for their own good, you need protection.

Why do people use spam?

One of the reason for online spamming is the wish to achieve a higher “Search Engine Ranking”, which can be done, among other tactics, like SEO and advertising networks, by getting relevant links to your site.
How can one get more links to his website? Among other, getting additional links can be done by simply inserting messages with your link into other websites that allow it, like forums or blogs.

Why do business marketing use spam?
For the same reason – to achieve a higher ranking as well as better traffic to their business through posting advertisements to mailboxes of innocent users as well as to all kinds of online platform (blogs, forums and social media platforms such as facebook, digg and even flickr).

How is it done?
It should be noted that only a minority of online business uses manual spammers while the majority uses spam robots.
The automatic spamming is done by bots that spider the web for all kinds of  users forms and then post a spam message of advertisement.

Can you protect your e-mail box or website from spammers?
Yes, you can. One of the options is to use Captcha and thus prevent registration of spamming bots to your site, or, if we talk about mail-spamming, to use Hydmail which is a special kind of Captcha programmed for mailbox and cannot be deciphered by spam robots.

Click here to read more about captcha security applications