Thinking Captcha

re: Thinking Captcha

Jordana — Wed, 11 Oct 2006 17:29:10 GMT

will this be for my blog too or just yours?

re: Thinking Captcha

Geoff Appleby — Wed, 11 Oct 2006 17:41:01 GMT

Yours too if you want it. *nods*

re: Thinking Captcha

Dave Burke — Thu, 12 Oct 2006 00:21:31 GMT

I have nothing to add but "Genius. Pure genius!"

re: Thinking Captcha

Dave Burke — Thu, 12 Oct 2006 00:22:32 GMT

Oh, one suggestion. Don't forget to show some tongue!

Community Server Daily News for Thursday, October 12, 2006

Community Server Daily News — Thu, 12 Oct 2006 02:15:45 GMT

news of the day a grab bag for what's happening in Community Server The San Francisco MeetUp on the night

re: Thinking Captcha

MattyT — Thu, 12 Oct 2006 07:26:03 GMT

I like it. :)

One potential way around it is that automated spammers could just iterate through the images until success. There are a few ways around that but here's one: Munge all the images together so that it's just one bigger image. Record the pixels of where the individual images are located and use the coordinates of where the user clicks to do the check.

If you make the images different sizes it'll be especially hard to fool (automated spammer wouldn't know how many options there are). You could also add noise to the images to make it harder to detect image boundaries.

Javascript highlighting would be trickier.

It would be tough to make stateless (you'd have to record the individual image's locatation within the big image).

Anyway, just thinking out loud - which means that it's an interesting idea - get to it! ;)

re: Thinking Captcha

Geoff Appleby — Thu, 12 Oct 2006 07:42:41 GMT

Dave: Thanks man. It's not worth doing if it's doesn't have the burkelizer seal of approval :)

Matty: That sounds like too much work *grin* although a very suitable fallback if V1 fails to fool em.

I did some work on it last night and this morning, and i've come much further. It now actually works :)

I still need to take some pictures of myself, and there's no management interface yet (hard coded for the numbers so far, images a registered in query analyser, and the images that _are_ there at the moment are 404ing, but the principal code has been written. On my local mirror of crankygoblin, my blog won't accept comments unless i click the correct two out of 5 pictures.

I've also started thinking about combinations and permutations. there needs to be enough combinations that it's not easy to 'guess' but few enough that it's easy for legit users.

So i've pretty much decided on the 3 rows of 3 images, with 3 images needing to be clicked. I'll see how it goes, but that should do for now.

Captcha of Tomorrow

Daily News Faq List — Tue, 21 Nov 2006 21:07:14 GMT

Australia's Geoff Appleby presents the Captcha of Tomorrow.

Captcha of Tomorrow

Community Server Bits — Sun, 11 Mar 2007 18:47:16 GMT

Australia's Geoff Appleby presents the Captcha of Tomorrow.