(01-13-2011 11:22 AM)Banalyst Wrote: What do you mean?
I can't figure out how to solve the pairing puzzle. It seems all my attempts fail.
(01-13-2011 11:22 AM)Banalyst Wrote: Have you really looked what is "given"?:
Not behind the scenes no. I don't intend on breaking this system myself, so I have better things to do with my time >_>
(01-13-2011 11:22 AM)Banalyst Wrote: - the code in browser is obfuscated
Obfuscation != security
(01-13-2011 11:22 AM)Banalyst Wrote: - eaxh "visible" (percieved by human as one piece) element, fixed or movable one, is a collection of randomly decomposed smaller pieces, randomly identified, randomly placed, of random sizes
But the browser obviously knows how to piece them together to give 3 movable pieces. What stops a bot from doing the same?
(01-13-2011 11:22 AM)Banalyst Wrote: In a very few attempts a bot will be blocked for 10 min and proposed to solve a different captcha
Depends how this block is enforced. IP blocking? Then just use multiple proxies. You only need enough to keep the bot happy for 10 minutes, then you can just keep cycling through.
(01-13-2011 11:22 AM)Banalyst Wrote: One cannot even get both the repeatable (and clear) code and images of a captcha to develop a bot against all from the pool.
If the puzzle is actually changed often, then obviously the bot will, similarly, need to be updated often to get past the new system. Whether or not they will bother is another issue, but all the while this is happening, the end user suffers from having to learn new puzzles.
(01-13-2011 11:22 AM)Banalyst Wrote: The bot approaches are easily identified
Any bot worth bothering about won't obviously show any signs of looking like a bot. Otherwise, we wouldn't need captchas, and just use these "other techniques" to identify these bots.
(01-13-2011 11:22 AM)Banalyst Wrote: They are not. It is all smoke and mirrors
Regardless, it's unlikely you're going to make a big puzzle for the sake of the end user. If it's not all 3x3, then it's probably not too far off from that either. For example, I doubt you're going to have a 10x10.
(01-13-2011 11:22 AM)Banalyst Wrote: Also note that spammers here are dealing with a monitored active service (and the patterns of automated passing and/or even attemprs of cracking are easily detected) and platform for easy creation of new spamproofing solutions (in response and preventively), not just static and/or passive solutions (and services) offered by other services.
Manual monitoring is silly IMO (if that's what you're referring to as "active monitoring"). Chances are, you're going to get close to 100% humans entering in captchas before it gets popular and bot coders decide to think of a way to automatically solve the puzzles. And by that time, you're going to have a huge volume of legit users, and detecting the relatively small number of bots that attempt to solve the puzzles will hardly blip on your radar (assuming you still do manual monitoring at that point - which I'm sure you won't - the costs of this will be exceedingly high).
(01-13-2011 11:22 AM)Banalyst Wrote: In essence the question is not whether it is theoretically possible to pass our protection but by which comparative cost and who is going to always win this competition
That's essentially the case with ordinary captchas (significantly more difficult to solve by computer than to generate by computer), and will be the same with KeyCAPTCHA. The advantage of the latter is that it's just being under-used, so unlikely any bot coder is going to bother. More popular services such as reCAPTCHA already employ many of your benefits, such as central hosting, and I don't believe are easily solvable by bots (due to them not being OCR-able by the serving host). reCAPTCHA also has the benefit of being more familiar to users and possibly easier to solve (at least I find it easier to copy text than try to piece together a puzzle; may not be the case with others)
Search
Member List
Calendar
Help
