Don't Write Off CAPTCHAs Yet
Spammers are like some presidential candidates, just when you think they are beaten or at least not too much of a threat, they make a come back - just ask Hillary Clinton or John Mcain. The spammers' comeback is at the expense of commonly used challenges to prevent automated spamming, service registration, etc. Yesterday I mentioned that Google Groups sites were being used to push porn possibly due to spammers breaking CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) challenges. Jeff Atwood at Coding Horror looks at the general problem of how effective these challenges can be. The problem, surprise, surprise, is balancing the effectiveness of the challenge with usability for humans. This is an age old problem in information security.
If a bot can break a single CAPTCHA test 20% of the time, the probability that they will beat 2 is 4%, not good enough to deter spammers with sizable bots. If sites started requiring three challenges the success rates for bots drops to 0.8%. Even that is probably too high to prevent automated registrations and spam and would probably do more to alienate users.
The tests need to change. Image analysis and natural language processing (NLP) are still difficult to automate. Anyone literate enough to use the Internet is literate enough to pass a NLP CAPTCHA. The current CAPTCHA lasted a few years before they were broken, the next generation will last that long if we are lucky but chances are we'll be updating the test again in less than three years.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
