A new kind of CAPTCHA?

CAPTCHAs, the automated tests that are meant to prevent spam-bots from overrunning free e-mail services and comment forms, have been defeated. What’s next? Hopefully not something like this… I tried it three times, and only succeeded twice.

Statistics also indicate that it wouldn’t work too well — there are less than 30 variations, so even randomly choosing three of the pictures would result in a greater than 3% success rate, which is likely sufficient for spammers. And if there are only a set number of pictures to choose from, it would be easy to have a human classify them the first time they’re seen, and the computer to remember the classification (several of the same pictures came up multiple times while I was trying it). And I could think of fairly simple algorithms that would bump up the accuracy. It’s a tough problem.

When you run into a tough problem in math, it usually pays to see whether parts of it can be transformed into an easier one. For example: using public-key technology, it’s easy to confirm whether two digital signatures refer to the same ID or not, without giving out the information needed to duplicate that ID. Find some way to verify someone initially, and public-key technology could be used to confirm that it’s the same person later. It’s not foolproof (the private part of the key data could still be stolen), but it would be a major pain in the spammers’ tails.

Of course, all of this may become moot as soon as someone develops a true learning AI, one that could solve such a problem as well as a human. That kind of AI could easily be used by the bad guys to get around any CAPTCHA problem, but it could also easily identify and delete spam messages with an extremely high accuracy level. I suspect that the latter would more than make up for the former, because there are only a limited number of ways that you can write a message advertising something.

It’s a very interesting subject, all around.