
AI Model Fundamentally Cracks Captchas, Scientists Say - gnicholas
http://www.npr.org/sections/thetwo-way/2017/10/26/560082659/ai-model-fundamentally-cracks-captchas-scientists-say
======
indubitable
Seems like natural language processing would be an interesting direction for
captchas.

\- _A man is running. A dog is behind him barking and growling._ What does the
man think might happen?

\- _A man goes up the stairs to the roof. He walks to the very edge of the
building. He takes one more step._ What is the man trying to do?

The correct answer should be pretty easy to parse out. And I'd expect a better
success rate for humans than some of the captchas today that increasingly are
looking more like magic eye puzzles than character recognition. But of course
the big question is generation. Can these sort of implication based stories be
generated in a way such that the final text can not trivially be reversed to
the answer (without even considering the 'meaning' of the question)? And for
that matter can these even be realistically generated in mass?

~~~
dmead
You're in a desert walking along the sand when all of a sudden you look down
and see a tortise. You reach down and flip the tortise on it's back. The
tortise lays on it's back, it's belly baking in the hot sun but you're not
helping. Why is that leon?

~~~
raverbashing
* Tortoise

* its back

* its belly

* Leon

(in case the mistakes were not for comedic effect)

~~~
kobeya
Found the simulant.

~~~
raverbashing
;)

Or maybe later Android versions know they should turn the Tortoise back on its
feet.

------
taesis
This [1] is the article they're citing. Note that a cursory search turns up
similar claims from back in 2013; it might be worth waiting for someone with
more experience and less bias to express their opinions before dumping your
captcha-related stocks.

[1]:
[http://science.sciencemag.org/content/early/2017/10/26/scien...](http://science.sciencemag.org/content/early/2017/10/26/science.aag2612.full)

~~~
thisisit
> captcha-related stocks.

Are there companies relying only only selling captcha for revenues?

~~~
stepik777
There are captcha farms in Asia where hundreds of people are sitting in the
building and solve captchas non-stop.

~~~
xkcd-sucks
Maybe captchas could be implemented as opinion polls re: tiananmen square or
something

------
vonnik
Is this the same old news from Vicarious? They announced this four years ago
and raised about a $100M since then...

[http://www.slate.com/blogs/future_tense/2013/10/28/captcha_c...](http://www.slate.com/blogs/future_tense/2013/10/28/captcha_cracked_startup_vicarious_claims_artificial_intelligence_breakthrough.html)

I thought the world moved on.

------
reilly3000
Since when was captcha not broken? Sites like
[http://www.deathbycaptcha.com/user/order](http://www.deathbycaptcha.com/user/order)
have been around for ages. Yes, a mere $6.95 gets you 5000 captchas solved by
OCR and humans in an avg of 6 seconds. Imagine that job.

Sure, AI can break captcha, but it can be done at scale for far less than an
AI research and GPU rig costs.

Google's approach to bot recognition is training their own bots incidentally,
so even an adversarial network attempting to bypass it would give it a ton of
training along the way to breaking in.

~~~
notatoad
>Imagine that job.

I don't believe it's a job. Isn't this the thing where captchas on target
sites are simply mirrored on other sites like sketchy filehosts? Real human
users are solving captchas to access some content hosted by this service, and
the solution they enter is passed through to the target site.

~~~
lsmod
Actually, you can make money by solving captchas. [https://2captcha.com/make-
money-online](https://2captcha.com/make-money-online)

------
partycoder
Vicarious demoed cracking captchas at least 3 years ago.

Dileep George, cofounder of Vicarious, is the former Numenta CTO, and claimed
to use probabilistic graphical models as a basis for their tech.

[https://www.youtube.com/watch?v=-H185jPf-7o](https://www.youtube.com/watch?v=-H185jPf-7o)

------
habitue
I don't see how captchas are "fundamentally cracked" if they only claim a
success rate at best around 2/3rds. Nor do they give an explanation for what
they mean by fundamentally cracked.

~~~
ComputerGuru
Before you can say that a 66% success rate isn't good enough, you need to
compare it to the human success rate. I barely get 2/3 myself.

~~~
a_imho
This is my experience as well, very frustrating being locked out of your
account when you need to take care of business. Nevermind cracked, they are
fundamentally broken if a human can't get a nearly perfect success rate.

------
taneq
10 points to the first person to hack up a CAPTCHA using Winograd schemas.

~~~
Filligree
Why not cut out the middleman? Make the captcha be controlling a paperclip
manufacturing device.

~~~
stefanpie
This comment is referring to this deceptively simplistic game:
[http://www.decisionproblem.com/paperclips/index2.html](http://www.decisionproblem.com/paperclips/index2.html)

Trust me this is nothing but simple and will take you on a wild ride.

~~~
taneq
Oh, I thought it was in reference to the Paperclip Optimizer referenced every
now and then on lesswrong.com :S

~~~
FeepingCreature
(It is, and so is that game.)

~~~
taneq
Oh, of course. Duh. :/

------
reacweb
One of the fundamental problem with captchas is that writing a bot that defeat
captchas is a very interesting exercise for teaching AI.

~~~
falcor84
I always understood this to be a feature. Captchas seem to be used as public
signposts for tasks that AIs are not yet good enough at.

So, given the financial incentives on both sides, I'd like to believe that
continually creating and overcoming these tasks is a possible route to AGI.

------
gruez
Is there more to this than "text captchas can be broken by deep learning"?

------
Sir_Cmpwn
What's the human pass rate for captchas? I bet I've personally failed at least
20% of the captchas I've solved in my lifetime.

------
trophycase
At a certain point it will be impossible to create a working captcha. Are we
basically engineering a Turing Test?

~~~
mitchty
Some of the captchas I get lately have honestly made me think I'm probably not
a human as far too often I can't make heads or tails of the letters.

At a certain point I just give up and refuse to use the worst sites that use
this junk.

~~~
SomeStupidPoint
I just assumed the test was that if you can decode that mess, clearly you're a
bot.

------
_pdp_
Many types of CAPTCHA systems can be defeated with machine learning models and
OCR. Google provides its own called Google Vision API. Here is a brief example
how this is done in practice: [https://blog.websecurify.com/2017/10/cracking-
captchas.html](https://blog.websecurify.com/2017/10/cracking-captchas.html)

Perhaps this is an old news as this technique has been out for a while but I
find that it is still relevant in the many cases I have encountered.

Furthermore, in my experience, I attribute Google's failure to improve
reCAPTCHA's "I am not a robot" visual appeal as one of the key factors why
many organisations are simply not using it.

------
briga
I think rather than being broken, captcha models are just going to be made
more complex. Maybe they'll start asking you to write a poem or play a mini
problem solving game.

~~~
taeric
I'd expect adversarial images to take off in captcha space. Don't try and
avoid the models, exploit them.

~~~
lozenge
Adversarial images need to be made with knowledge of the model.

~~~
yorwba
Actually, no [1]. From the abstract:

 _We can cause the network to misclassify an image by applying a certain
imperceptible perturbation, which is found by maximizing the network 's
prediction error. In addition, the specific nature of these perturbations is
not a random artifact of learning: the same perturbation can cause a different
network, that was trained on a different subset of the dataset, to misclassify
the same input._

[1] [https://arxiv.org/abs/1312.6199](https://arxiv.org/abs/1312.6199)

EDIT: Also interesting: "Universal Adversarial Perturbations"
[https://arxiv.org/abs/1610.08401](https://arxiv.org/abs/1610.08401)

------
wheresmyusern
a lot of services use facebook to verify that someone is a human. there should
be a service that exists only to manage peoples identities online. sign up,
provide some id, an address and last four of your social. later, maybe a
letter is sent to the address and returned with a verification code. then,
every other service on the internet could use that service to prevent bots,
spam and other things.

~~~
pinum
I can foresee absolutely no potential problems with this plan...

~~~
wheresmyusern
then what do you propose?

