How Can I Prove that I am a Man?

I got paid this week and finally had some cash to get my Internet connection back. I buy my Internet in one-month increments from a local wireless provider. It’s all very convenient, and rather cheap too. I just connect to their wireless network and when I bring up my web browser it takes me right to a subscription page. I enter in my billing information and select how many months of access I would like to pay for. At the bottom of that screen is the familiar security code used to prove that I am, in fact, a human being and not some piece of code trying to brute force their system.

I entered my name, address and credit card information. Upon scrolling to the bottom of the page I discovered that the blurry, skewed letters I needed type into the text box had been replaced with a broken image.

You can see in the screen shot above that they do provide a couple of work arounds to my problem. I clicked the “I cannot read the code…” link only to have the page refresh with another broken image. I tried it again with the same result. Then I tried the little speaker button next to the broken image. A few seconds later the connection timed out. Perhaps the system knew that I was not visually impaired.

Ultimately, I called the ISP and spoke to Carl. After explaining my situation to him, he took my billing information and MAC address. He did not subject me to any turing tests. Five minutes later my Internet was up and running.

This method of verifying that you are a human is called CAPTCHA (official CAPTCHA site is: http://www.captcha.net). CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, and is used to prevent spammers from automatically establishing hundreds of accounts, or squatters from getting all the good user names. Mechanisms like this have been around for about 10 years, and as time has gone by, a race has emerged between CAPTCHA programmers and those who wish to subvert the system.

Many techniques for bypassing these test have sprang up. The easiest to describe involves downloading the image and running it through image recognition software that can interpret the text in the image, then upload the text via an http request. A similar, “poor man’s” version of this method uses a website called What the font. This website lets you upload an image containing text, and then it will tell you what font the text is in. The site also gives you a plaintext version of the characters in the image.

The most interesting method for subverting CAPTCHA is having other humans solve them for you. One way this is done is by setting up free porn sites that require you to pass the CAPTCHA code to get to the porn. The CAPTCHA code they are entering is actually a copied image from a site like yahoo or myspace and the information they enter is passed along to those sites to create an account.

The people developing these work-arounds to CAPTCHA are not all spammers and squatters. Most of them are people like me who just want to see these annoying security measures disappear. Their goal is to win the race with the CAPTCHA programmers by exposing the flaws in the system. In the meantime, however, CAPTCHA codes are getting more and more difficult to solve. I, myself have failed to provide the correct text from these images on more than one occasion.

Luckily, the absurdity of have to prove to a computer that you are human has not escaped the attention of the W3C, the web consortium that works on creating standards for Internet technology. They are currently working on alternatives to CAPTCHA that are non-interactive, that is, do not require a user to do anything to verify they are really a person. Some proposals are limited use accounts for trial periods, heuristic checks that identify the type and volume of data being sent from an account, and improved spam-filtering, among other things.

I pine for the day that these security measures disappear. In the meantime, however, I just hope that my ISP has their broken images fixed by next month.

 

 

Vacation (2)

I really do intend to write more about my vacation, but haven’t found the time for a comprehensive post about it yet. My camera fell in a creek at Yosemite the first day I was there. It started working again about a week later, but I did manage to get some good pictures of the coastal redwoods, the golden gate, and a few other things. You can view the few pictures I did snag here. Luckily, Jesse had his camera with him at Yosemite and managed to get some good photos of the park. You can see his pictures here.