

Clickcha - click the biggest/smallest number for CAPTCHA - est
http://clickcha.com/demo/

======
Groxx
_Clickcha is more secure than traditional text based CAPTCHAs which can be
read via OCR software._

Because... circled numbers can't be read by OCR software?

Without some visual obfuscation, I fail to see how this is an improvement
against bots. _Simple_ OCR + location of match = 100% success rate (just click
the middle). Improvement for _users_ , perhaps, especially due to its
simplicity... but I don't know if that's worth it.

~~~
est
> Simple OCR + location of match = 100% success rate

Sometimes it ask you to choose the biggest square, not only biggest/smallest
questions. The challenge varies all the time.

For example, I can ask you to choose the biggest triangle out of some boxes,
circles and stars, and the question sentence can be displayed using a line of
traditional CAPTCHA

~~~
retube
ok sure, but how many permutations of different questions are there? Once you
have these, it is trivial to OCR the numbers/shapes and pick the appropriate
one per the question.

~~~
iDope
> how many permutations of different questions are there?

Infinite! Just this of the possibilities with that kind of system. You could
keep adding different questions (just minor variations) and it won't be
difficult to keep ahead of spammers. Plus there is always a trade off between
security and ease of use. I think the ease of use with clickcha is well worth
the _slight_ loss of security.

~~~
retube
Having to manually add questions means that practically speaking the number of
possible questions <<<<<<<< infiti. As soon as you add another question, the
spammers will simply add it to their portfolio of question types. There is no
way "you can keep ahead of the spammers" with this.

~~~
thirdusername
Well there's that and they only need to break 1 of them, adding more types
doesn't really do anything when you can refresh except to slow things down by
a bit. :P

------
patio11
On the plus side, this is going to cost the first motivated spammer who runs
into it about $50 ~ $100 to get it broken by an Eastern European programmer
who is better at OCR than probably anyone on HN.

On the minus side, it is then totally useless aside from hassling actual
users.

~~~
timelinex
I think he is onto something, and just needs to think it through. I think
creativity should be encouraged.

~~~
wglb
On the part of clickcha or on the part of the eastern european programmer?

------
warp
That doesn't look at all impressive. It seems easy to write a solver for it.
Especially considering most spam bots are quite happy with relatively low
rates of succeeding, they can just brute-force until they find one they can
solve.

~~~
est
I think they use javascript to record the coordinate (x, y) where you clicked
it

on one scenario you 'll select a 24x24 square out of a 200x100 pixel picture,
the success rate is 2.8%

~~~
zebra
Bots will be happy by any success rate above 0%

~~~
iDope
Hi,

I am the developer of clickcha. Appreciate the input, but you seem to be
forgetting that bruteforcing can be avoided by temporarily banning the IP for
some time after certain number of incorrect attempts.

~~~
zebra
Don't forget that spammers exploit botnets with tens of thousands zombie
computers each one with unique IP. 2.8% from 10000 zombies = 280 first try
successful breaches.

------
mooism2
Whatever happened to the idea of filtering out comments that looked spammy, or
that linked to spammy web pages? E-mail spam filtering has come a long way,
without captchas to hide behind.

------
oscardelben
I written to the website owner offering to do a port for ruby on rails. I
think this clickcha will also cause curiosity in people and increase comments.

Edit: what's wrong with this?

~~~
ars
Is English your first language?

Because if not you'll have a hard time understanding what I'm saying. (And if
it is you have no excuse for the bad grammar.)

Basically you come across as (you sound like) a "cheerleader". You want him to
hire you, so you are praising his software. But your praise is false, and
doesn't add anything to the discussion.

Telling the whole world you want to do a ruby on rails port doesn't add
anything to the discussion either.

~~~
oscardelben
English is not my first language, but I understand your point. I thought it
was something nice after having read this page on his website:
<http://clickcha.com/faqs/>

Thanks for the clarification, it indirectly helps me to understand both the
culture and idioms of the english language.

