

Review my photo CAPTCHA web service - davidbnewquist
http://peoplesign.com
No, it does not have a "Cats 'n Dogs" theme--not that there's anything wrong with that:)
======
noaharc
By what measure is peoplesign more secure? You have 6 choices in 2 menus --
even a robot that is completely stupid will pass 3% of the time.

I know that in the past some captchas were broken at rates of 30-40% (Hotmail,
I think). Is this really still the case?

~~~
davidbnewquist
You answered your own question. 30-40% > 3%.

But more deserves to be said. A site like Hotmail is a big, focused target for
spammers. They face pain if a bot can beat their CAPTCHA even 10% of the time.
Smaller sites get spam too, but they generally get it from dumber bots looking
for unprotected sites. A 2 panel peoplesign CAPTCHA is probably all they need.

With 2 panels at 6 labels each, a random guess has a 1/36 chance to pass.
Fortunately, a large number of incorrect guesses is behavior that can be
detected and blacklisted.

Futhermore, peoplesign can be customized to offer more security. Number of
panels (and soon number of menu labels) and other characteristics can be
modified. Check out a customization demo at
<http://peoplesign.com/main/pickTheLabelDemo.html>

------
backwardsbryan
I downloaded the PHP plugin, and applied for a private key to use the service.
The key came immediately, and I've already added the captcha to my site So far
I am impressed. <http://www.backwardsparadigm.com>

------
coryshaw
Very cool idea. It does seem faster than most captchas I've used. Would be
cool to have the option of only one image, and be able to choose the answer in
one click instead of via a drop-down menu. That would make it really fast
(though probably less secure)

~~~
davidbnewquist
Good call, in fact I'm working on this. I force numPanels >=2 because 1 panel
currently causes layout issues.

------
jabberJohn
Looks easier to read than most CAPTCHAS, though I suppose that you have to
speak english to get past it. Could be a good way to learn a language :)

Has this stood up to any bot attacks yet? What's the significance of the image
discoloration?

~~~
davidbnewquist
Thanks JJ. You are right about English literacy being useful to pass. Soon, I
will expose an option that uses picture labels instead of natural language
phrases.

But don't throw the proverbial baby out with the metaphorical bath water! The
literacy requirement _may_ be an effective defense against the armies of human
sweatshop CAPTCHA solvers that we hear about in the news.

Regarding attacks, would be attackers have more important targets for now.
peoplesign isn't yet protecting any major sites.

peoplesign images have been recolored using a "secret sauce" algorithm.
Recoloring one of two similar pictures reduces effectiveness of color
histogram matching. It even reduces effectiveness of more sophisticated color
profile matching techniques. In short, the recoloration is defense against a
particular type of attack.

------
loumf
If you draw the labels onto the image (make them each one word) and make the
user type them, it's still an easy captcha for a person, but much harder for a
bot.

If this spreads, it will be worth making a bot for, so that you can spam any
of the sites that use it -- right now that bot just needs a few hits on
average, and a slightly smarter bot can space them out, so that they are
conceivably like commenters.

------
amr
This is nice but too big for most forms that use captcha (comments, feedback,
etc...).

~~~
davidbnewquist
Its true that a 2 panel peoplesign is slightly larger than most text-based
CAPTCHAs. However, there will soon be an option to use only 1 panel, which
will hopefully make it small enough even for space conscious sites.

------
softbuilder
Remove the word "arguably".

You're marketing. Not the time for balanced language.

~~~
davidbnewquist
So by removing that word, I'd be adding 'truthiness'?

~~~
davidbnewquist
Actually, I think 'arguably' could be removed in that context without being
disingenuous. Thank you for the feedback.

------
jauderho
This is too hard. Why don't you have some boxes that you can drag and drop to?

------
javert
I found a misspelling in a label for a plane image. (The correct selection was
'striped plan' or something like that.)

Also, what turned out to be a hydrant looked to me like the leg of a moon
lander. (I stared at that thing for a really long time, but I still saw the
leg of a moon lander.)

~~~
davidbnewquist
Misspellings are deliberate and enhance security. Note that you still knew to
pick the misspelled "striped plan" and passed. Another label for that picture
might be "stryped plain".

Also, you correctly identified hydrant because "moon lander" fortunately was
not one of the choices:)

