What is Digg?124 Comments
- TreasureChest, on 10/12/2007, -7/+41Yes but how long until Optical Kitten Recognition renders this useless, the kittens in those pictures are far too obvious.
What you need is some obscured kittens, maybe mix them up with puppies like so:
http://www.plunder.com/Kitten-and-Puppies-download-593.htm - LiquidPenguin, on 10/12/2007, -0/+26I would like to point out something that wasn't mentioned.
When a person is selecting the images for this purpose they need to ensure that they need to have a large enough pool of both images (kittens vs non-kittens). If you choose too few images, a well designed bot can eventually obtain a large enough sample of images to determine what imgaes to select.
Some ideas I'd like to throw out there. One idea that can be put in is to expand this to not only include kittens but cycle through other animals or creatures. For instance, on one session, the user will be told to select kittens, another session, the user will be told to select puppies.
Expanding it even further, you can have a "Select the animals most like the animal shown in this picture." Which would help defeat any OCR software.
Of course, those two ideas add complexity and development time to the whole scheme, so you can take them for what they're worth :) - olliholliday, on 10/12/2007, -0/+23the idea i came up with to replace captchas was to have a single submit image, eg. of a city, and lots of different areas defined (server side only of course :)
the user is then asked to "click on the dog's nose" or "click the horserider's helmet" etc. and the server determines whether you're right using the x-y coords of the click passed by the client. (which is part of the http spec).
it saves the multiple http requests too. - olegk, on 10/12/2007, -1/+21This can be easily cracked. All you have to do is collect all the images that your system uses, then categorize them once (using a human). Then a script will simply compare images you show us to categorized, and check the kittens.
- nanos, on 10/12/2007, -2/+20This is a really cool idea. Way better than usual captchas.
Scroll down to the bottom of the page to see the kittens. - podgey22, on 10/12/2007, -1/+14If you want to play with it, there's also a test page that doesn't submit anything but works as the real one does here:
http://www.thepcspy.com/kittenauthtest - ani-pockdotnet, on 10/12/2007, -0/+13*
*
That reminds me of a flash game:
http://homepage.mac.com/pockyrevolution/meow.html
*
*
Get clicking! Or dragging? - dongiaconia, on 10/12/2007, -2/+15So does God kill one of the kittens every time you guess wrong?
- DoubtfulSalmon, on 10/12/2007, -0/+13I wrote two perl scripts. One hammered away at the kittenauth test for a while until it got all the pictures. Calculated md5 sums. I manually sorted them into kittens and non kittens, and came up with this list:
# md5 sums for kitties and non kitties...
{
# OMG KITTIES!
$kitties{'21ffbeb8772f8b554b1a5e9c3fbabb8f'} = 1;
$kitties{'31030a2c0932d146e3dd40323c301232'} = 1;
$kitties{'38a4cc604ef8058760b2c0ec9368c7bf'} = 1;
$kitties{'4cd3542a2a7749fff73329e5c531fd94'} = 1;
$kitties{'4dde2a7b0d1c192ac183fbed674308fe'} = 1;
$kitties{'5134a1cec32fbad2720ccc8a985ca009'} = 1;
$kitties{'7ec870482a1f0556db5200f341893538'} = 1;
$kitties{'80d9cda549fbf9684bb70f0600959e4a'} = 1;
$kitties{'8621dd7a9594018a8eade0d36a9a1c3e'} = 1;
$kitties{'8dd586bf3d5c29ca7d5944b1b5525ba6'} = 1;
$kitties{'9e8d24fed541ab70153be60ed805a772'} = 1;
$kitties{'a3fa937dd9063f7e901590a056931d60'} = 1;
$kitties{'b1f190471f448a66ad8e805c5b87c246'} = 1;
$kitties{'c93b7afd4ea1ef40946fe8318b469cb5'} = 1;
$kitties{'d676ffe22c0a0380ff161a230eef7da8'} = 1;
$kitties{'d787f3622325d3e7a1a36179a8039e4a'} = 1;
$kitties{'f41524d69c0aba2ef8c060768cbf956c'} = 1;
# OMG NOT KITTIES :-(
$kitties{'038b3be9a0619ab5a9f324975fb9631b'} = 0;
$kitties{'047866758c9e8493c6c0debf11fccecd'} = 0;
$kitties{'114e4ddbc93e9802a0034a8fb0771796'} = 0;
$kitties{'1840e8c8e00a0e051ed3a7aebc9d1f44'} = 0;
$kitties{'210f44ad03c16527944b0264eb18890e'} = 0;
$kitties{'25339aaa96c8b04706fd71f4032fef37'} = 0;
$kitties{'2ccb6ac3d0be1d3002f1843de108d927'} = 0;
$kitties{'5ab1f4e0c04df22a154ba55aa071d4ca'} = 0;
$kitties{'65b341e6523b093b903e0aae68a1cde1'} = 0;
$kitties{'67c926112d8f47d3555d577c628df79f'} = 0;
$kitties{'71f5f7e5fe05c99137b497c54beaa51d'} = 0;
$kitties{'720b916abc1e9b1b06a8281e197b1e9b'} = 0;
$kitties{'7529642a9a05a38cac32daf170004d6d'} = 0;
$kitties{'859c349829fd99f26be5d7f84dea2826'} = 0;
$kitties{'892442cd77e103847be1dd6d8cb3ece8'} = 0;
$kitties{'90a993b5ac146eddacb444d8e45744bb'} = 0;
$kitties{'923cb8b1236b1baab917ec325550011f'} = 0;
$kitties{'9c2b8c5bed051d6ea1b4e4d2c55471a8'} = 0;
$kitties{'9f928723152ed23691e3c6cf3140e503'} = 0;
$kitties{'a124ddcb5df67c38bbfaba1a64a318ab'} = 0;
$kitties{'a5b952ccf056b5bdfe8ed1d60d653ece'} = 0;
$kitties{'b1aaae2da6bf78a80849612ca30e061c'} = 0;
$kitties{'bad498dec1bb48f007719582d42a53ce'} = 0;
$kitties{'ce980aa59362442823dde65c0b5e90f1'} = 0;
$kitties{'cf02ecef0ca6dd1700d5d22480d44e5d'} = 0;
}
A second perl script loads a kittenauth page, and correclty identifies which positions have kittens each time, output something like this:
Not at position 1
Kitty at position 2 - loudmax, on 10/12/2007, -0/+10@olegk
The same permutations applied to text can be applied to images. This doesn't mean that the system can't be defeated, but the limitations are no worse than those which exist currently, and it's easier on the end user. - podgey22, on 10/12/2007, -0/+9There are certainly some good extension ideas there.
I particularly like the cycling of images so instead of using 2 image folders you could have a folder for each "type of image" then randomally pick 1 folder to be the "correct" answer and build the rest of the images from any folder apart from that one.
I've posted a summary of this as a comment under the article:
http://www.thepcspy.com/articles/security/the_cutest_humantest_kittenauth#com - w0rd, on 10/12/2007, -1/+9@ThankTheCheese
Maybe you should take a look at the picture. It was a joke. - voodooVince, on 10/12/2007, -0/+7I am envisioning a real-time kitten image generator...
1. kitten lies in box lined with green-screen material...
2. computer captures webcam images throughout the day and chroma-keys random pics from the web on to the green background...
3. crack open VICTORY beer!
(once in a while it might be advisable to tie-dye the kitten with edible vegetable inks)
(yeah, the fun in that //is// debatable) - lteague, on 10/12/2007, -3/+10LOL @ the result when you successfully choose 3 kittens:
OMG PONIES!!! YOU CLICKED 3 KITTENS!!!!!!
Who would have thought Slashdot would create a new cliche with their April Fools gag? - groogs, on 10/12/2007, -0/+6One problem with this is spammers are turning to other methods besides OCR to beat captchas.. there are reports that they'll post them on their own site, and ask their users to enter the code to see porn or download a game. Once the user enters it, their system automatically goes back and posts to the original site. This system would be vulnerable to the same sort of attack. (one way to minimize the risk is to time-limit each set that gets generated, but this can also be pretty user un-friendly .. ie, it has to be a larger time than the time they spend writing a post).
Someone really determined could also download all your images, pick out the kittens, then compare md5()'s of the file, or use another image comparison technique. Even if you start to generate dynamic pieces on top, they can compare that say, 80% of it matches.. You can also do things like flip, invert, change hues.. but again, it only raises the stakes - maybe now they have to identify 120 unique images vs 30. it's still doable.
Now, all that said, I think this is still a good idea. It's just not the be-all end-all solution. - MatttK, on 10/12/2007, -2/+8This will never fly. Consider this: we all know porn drives the internet. Do people really want to be faced with images of the kittens they're about to kill when they're trying to log into their favourite porn site?
- inactive, on 10/12/2007, -0/+6@olegk
Unless the images are modified in some way, such as changing the hue, or warping them slightly, or blacking out random parts of the image. - johndi, on 10/12/2007, -0/+6That's funny, but you could easily replace kittens with porn stars and all would be happy again.
- oboreruhito, on 10/12/2007, -0/+5What, click the three Bunnies you want to submit to?
- w0rd, on 10/12/2007, -0/+5@stokestack
http://www.captcha.net/ - podgey22, on 10/12/2007, -0/+4The next version will corrupt image data slightly and randomly by injecting a random size, random contents block of data into the end of the image as its being streamed out... Hopefully this will stop your evil (albeit clever) programming
- wilf_brim, on 10/12/2007, -0/+4That game just freaked my cat out. She kept walking around the screen trying to figure out where the meowing was coming from. Kept ruining my score by tromping on the keyboard.
- tempusrob, on 10/12/2007, -1/+5Had an idea similar to this once ... props to you for getting off your bum and actually implementing it, you're a better man than I! haha
- bani, on 10/12/2007, -2/+5too easy to defeat. you'll need a huge database of images, not easily publically available, for this to be reasonable as an auth system.
- ggko, on 10/12/2007, -0/+3Wouldn't you perfer a nice game of Global Thermonuclear War, Professor Falken?
- Ahnteis, on 10/12/2007, -0/+3Still not accessible.
Better to use (one of a set of) common sense questions.
Things that make sense to humans, but computers can't answer.
Accessible, and easier then trying to read the @#$@# captchas. (I HATE the digg one with a passion.) - myFriendDerrik, on 10/12/2007, -1/+4This would be better with boobies...but, I say that about everything.
- maverick999, on 10/12/2007, -0/+3Captchas are very difficult for visually impaired users to deal with. This kitten solution would also be a problem. Maybe an audio solution might work best? Just a thought...
Here's a mirror as well: http://www.thepcspy.com.nyud.net:8080/kittenauthtest - mistshadow2k4, on 10/12/2007, -0/+3Not only is it a great idea because of the kitten factor, but it should be far less annoying than those text-based images. All too often it's difficult to read the text in the image, let alone when there is an "O" and you can't tell whether it's supposed to be the letter or the number.
- cybershrike, on 10/12/2007, -0/+2I actually really like it, it's a slightly more *fun* way to do it, because the whole text-***** background thing really is a bad system is impossible to use
- rspeed, on 10/12/2007, -0/+2GENIUS!!!
This is a much better method than the text fields, and is presented in a humorous fashion. Kudos! - falcon707, on 10/12/2007, -0/+2I know a way to fool the bots! Have the "Select all of the kittens" text as an obscured image, this way image readers don't know what they're supposed to be looking for in the first place. Also have it randomized so sometimes you're looking for llamas, donkeys, goats and cows. I love the idea of using just using my mouse hand to verify I am human. I'm sure a lot of other geeks out there are just as lazy...
- Poddo, on 10/12/2007, -0/+2I find it kind of ironic, as Ahnteis said, that Digg's verification is the one I hate the most.
But this is some good thinking, a little tweaking and I think they may be on to something - Ahnteis, on 10/12/2007, -0/+2Audio doesn't work for aurally impaired users, not to mention people who have sound turned off.
Something in simple text is easiest. - forger, on 10/12/2007, -0/+2I simply love it.
- Sababaaa, on 10/12/2007, -0/+2Cool idea, i like it. Anything that doesnt require me to take my hand off my mouse is better than the current system imo
- inactive, on 10/12/2007, -2/+4!!! OMG KITTENZ !!!
- nathanchase, on 05/06/2009, -0/+2http://img334.imageshack.us/img334/148/arrowcaptcha1rb.gif - that's sorta the idea
- addisonj, on 10/12/2007, -0/+2wow... just wow... thats amazing
- asplodzor, on 10/12/2007, -0/+2You failed to click 3 kittens
- rspeed, on 10/12/2007, -0/+2It changes every time. There's less than a 0.2% chance of ever getting the right combination.
- StealthTomato, on 10/12/2007, -0/+2Critical problem: his method for randomly choosing pics that are sans kittens. He randomly picks pictures from either a "0" (no kittens) directory or a "1" (kittens) directory. No problem: Image source. Write a bot that determines whether the image comes from a 0 or a 1 directory.
- tuxidomasx, on 10/12/2007, -0/+2this is actually a pretty interesting idea-- way to think outside the box.
captchas can be irritating (especially with letter-number mixups. i.e. is that a zero or an 'O')
what i did was drop all letters and numbers that could be confused with another letter or number. so there are none of the following in my scheme: 5,S,0,O,I(eye),1(one),l(el),8,B
considering that this wont weaken the system very much anyway, I think its a decent tradeoff for making captchas easier to read. OCR's used for spam suck. and spammers suck too. thats why i applaud people coming up with other ways to keep them at bay.
Its also good that some sites (like digg) give the users the ability to quickly and easily flag posts/articles/entries that shouldn't be on the site. there may not be a 100% guaranteed solution that would also be pleasant for the users, but there is a happy medium. I don't mind captchas if i know that they can stop the casual spammer. - purpleplatyduck, on 10/12/2007, -0/+2Nah, there's too much of a chance of a computer brute-forcing that system. It'd decrease the chances greatly to make you play a complete game of Monopoly against the computer. Or for the more strategically minded, Risk.
- PathDaemon, on 10/12/2007, -0/+2BEST GAME EVER!
- naisanza, on 10/12/2007, -0/+2oneof the dudes replied:
"God kills a kitten every time I...
nevermind."
LMAO - podgey22, on 10/12/2007, -0/+2I believe I went over that (albeit briefly)...
The images are just physically stored in a folder called "0" or "1"
The client doesnt see any of this because of extensive URL Rewriting. They just see something like this:
http://www.thepcspy.com/images/dynamic/kitty/2/0.541016659019988
the /2/ represents which grid location and the is just a random double to stop browsers caching - podgey22, on 10/12/2007, -1/+3>> If you're interesting in reading the expert opinion on captcha from the web standards body, instead of some random kid's "great idea"...
Ok enough with the "kid" nonsense. The idea of this is to supposed to stop the current trend of telling your users "YOU ARE A BOT!!! If you think you can prove otherwise, complete this test". Its supposed to be fun and cute instead of taxing. It is not supposed to replace a bank's pin input system.
>> "External projects ...have shown methodologies and results indicating that many of the systems can be defeated by computers with between 88% and 100% accuracy, using optical character recognition"
Whoops bad quote there kiddo. What do you think an OCR system is going to get from a picture of a kitten? Its name off its collar?
>> this kids system offers 84 possible answers for a given captcha. For a 8 character text captcha, there are (36 ^ 8) over _two trillion_ possible answers!
I'm not a "kid" already.
The problem with captcha is that if its given to a OCR system, it knows what its looking for in the image. It KNOWS there are letters there.
>> In fact the w3 paper mentions that the graphical captcha method used by ING direct has already been compromised.
Its a completely different concept.
>> Crappy captcha ideas are a dime a dozen, just like crappy anti-spam techniques. People come up with 'em every day, and they're 99.99% crap.
And 99.99% of them are all trying to confuse OCR.
If you're not happy with this, dont use it -- carry on forcing your users to compete against the latest OCR technology. - podgey22, on 10/12/2007, -0/+1Haha I'll consider it...
-
Show 51 - 100 of 124 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is 