Could Photos Replace Squiggles in CAPTCHA?
The arms race between spammers, bots and publishers can drive the rest of us crazy too, and nowhere is that more evident than in the often maddening CAPTCHA challenges we have to jump through on many websites. Those squiggly lines run together and are too often impossible to identify. One company in Portland, Oregon believes their system of image based authentication could be used to replace traditional CAPTCHA systems.
Vidoop is a user authentication service provider that emphasizes financial services markets and OpenID. The company's core product lets users log in to sites by entering letters and numbers on top of images in a chart that only a human eye can identify; now Vidoop thinks it can apply the same principle to CAPTCHA. It's an intriguing possibility, as you can see below. It's not without controversy, however.
As you can see above, site visitors will be prompted to enter letters or numbers found along with a certain combination of images. It's a dramatically different cognitive process than the standard CAPTCHA challenge. In as much as it's different, it's quite interesting.
Vidoop says that as many as 20% of CAPTCHA attempts using other systems result in failure but that its system is much easier for people to use. The images can appear on a webpage, as a pop-up, or in a lightbox. The images are mostly Creative Commons licensed, the company told us - specifically under Attribution and Attribution Share Alike licenses as there is a link to a "credits" page on the bottom of each popup and the "image shield" itself is Creative Commons licensed.
How About Some Ads With Your Kittens and Puppies?
There's a business model here, too. Vidoop says that if this system catches on, site owners will be able to sell spots in their image boxes to advertisers. The concentration required in order to identify these images would be a huge gift to advertisers placed there. There's something a little troubling about that prospect, but the company says that in a survey so large they believe it's nationally representative and most other people don't mind. (Feed readers can click here to answer our poll about this idea.)The company also misses out on the social good component of, for example, the ReCaptcha project - where CAPTCHA is used to identify words that optical book scanning machines have been unable to digitize. Those exercises can be as frustrating as any other CAPTCHA implementation. We suspect that many site owners with an alternative offering who both increased usability and cash will prefer Vidoop's solution.
Innovations in visual media online, of which this is an example, are intriguing; but this one in particular stirs a certain ambivalence in me. Maybe I'm an outlier and few other people will feel psychologically imposed-upon by ads in technology such as this. Being asked to mentally parse images of cats from boats from fruit and finding, upon examination, a Taco Bell advertisement - feels like a betrayal of the trust I gave these collections of images when I looked deeply into their boxes.
It certainly looks easier than traditional CAPTCHA, though, and if anyone wants to gaze more thoughtfully into the squares where our sponsors' logos can be found - we're not going to stop you. From a user's perspective, and from the perspective of someone who values my relative cognitive independence, I don't think I feel entirely comfortable with what this company is doing. Perhaps the right to ignore advertisements is an essential one that Vidoop is failing to respect.
What do you think of Vidoop's CAPTCHA solution? You can try out the company's demo of the product for yourself here.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Well... I hate those squiggly-line, warped-text, color-vision-testing things, so any new attempt at replacing them is welcome.
I can see this might be a challenge for people who are not fluent in whatever language is being used. Even as a native English speaker I was a little thrown by the plurals. I was looking for 2 or more of each item. That could be fixed easily enough. "In order, enter the letters for the: house, boat, and computer."
I don't like the idea of ads that would be unrelated to the site content. But would you feel better if you were actually on the Taco Bell site, and the images were of their food items? I don't think it would not seem intrusive if the images were of products offered by the company, or of something related to the site's content. "In order, enter the letters for the: flower, tree, and cactus." One would have to be careful not to use jargon that could confuse the general public, however. "... hibiscus, lavender, and juniper."
i just read about that recently...mosaic-as-validator. neat concept.
Posted by: Jason Salas
|
April 6, 2009 4:40 PM
Anything would be better than the capchas we get now. I fail them at least once almost all the time, which convinces me I have some sort of mental failing, which kinda freaks me out.
I could care less if there's ads in capchas; I just want them to be something I can pass the first time.
I have become so frustrated with all of the squiggly letter captcha versions that I welcome a new change such as this. It is incredibly frustrating to be a human trying to do a human task (like leaving a comment on a blog) and getting caught in the snare of a bot filter like captcha. If real people have such a hard time getting through the safety guards, its time for a better solution. Vidoop's solution seems like an innovation that could ease these frustrations.
Advertisements are frustrating when they are instrusive and completely out of context. If they are able to encourage site owners to use this better captcha by allowing ads, I'm ok with it as long as the ads are good citizens too. I'm not bothered by seeing a Taco Bell burrito in the set of images, but a blaring Taco Bell logo being the image would put me off. I think the concept is acceptable; but its all in the execution.
I like the underlying idea of identifying images, but I think the actual implementation is too big, and too complicated.
CAPTCHA of this size has to be in a popup by itself, you can't just neatly place it next to other fields in the form, so you have to rethink your UI around it.
In my case at least, it also requires more thinking about the solution than just squinting at the squiggles and attempting the answer in regular CAPTCHA, because I have to identify the images, then look at the corresponding letter and retype that. IMHO a small improvement would be to have the user click on the images in order, record the order of clicks and send that when submitting the captcha (that'd require JavaScript support enabled, though).
This is hardly a new idea, and it's sad that Vidoop's PR machine is trying to steal the credit for it. The makers of KittenAuth are probably the ones who actually deserve the credit. See an example of kittenauth here:
http://www.thepcspy.com/contact
Yes, there are small differences between the two, but in light of KittenAuth, it's hard to see how Vidoop's idea is new and innovative.
Link text
Marshall. Thanks for the post. There are however a couple of items that need some clarification.
Our goal is to deliver the most usable verification solution that still stops BOTS whilst providing configurable options and brand reinforcement to the website.
Link to try the demo.
That took way too long, sorry but it'd be a disaster to bring this into practice for something as silly as entering something on a website.
Something like this for bank accounts? Yes. Entering a comment on a blog? No way.
About 2 years ago, I built a high school sports management system (http://www.mvpsportsystems.com/) and used images of different balls (football, soccer ball, golf ball, etc.) for the CAPTCHA. Personally, I hate the text-based ones. They raise the user's (my!) stress level when signing up on a site or leaving a comment because of the fear of getting it wrong. On my own blog, I use reverse CAPTCHA and a couple of other simple techniques to prevent 99.9% of comment spam while allowing legitimate users to post comments immediately and without moderation. More details about that here: http://tr.im/banspam
There's a business model here, too. Vidoop says that if this system catches on
You're right to call this an arms race. The technques to solve this specific captcha are still in R&D but they are available. The solution to the problem of spam has to be one of law or economics in the long term.
Aren't there only 12*11*10=1320 possibilities to brute force the mockup shown? Not exactly the best security, especially with distributed CAPTCHA cracking.
that's cool! i like it!
The Vidoop CAPTCHA is crapola. It can be easily broken because they have a small image database, so writing a program that can pass it would take no time.
ersonally, I hate the text-based ones