

Maptcha: An Experiment in Map-Based CAPTCHA - boyter
http://maptcha.com/

======
jere
The first example is not indicative of the actual difficulty because the
letters are pink (this is noted, but still).

Beyond that, the examples use extremely hard to see letters... that completely
defeats the purpose. There's no need if the challenging part for the computer
is detecting satellite imagery.

There are multiple letters on some of the images, sometimes hovering between
two images. Again, why? The computer is going to have no problem divvying up
the images, but the ambiguity is confusing for humans.

Make the letters _as easy to read as possible_ please. If that breaks your
captcha, find a new captcha method.

~~~
jere
In fact (and I can't believe I didn't think of this before, why have letters
at all?!? The user has to scan over the images then go back to the text field
and enter in characters. Why not just click to select?

------
chris_va
I like how you are thinking outside the box a bit.

Having said that, there are a couple of issues: 1) This is really not a hard
problem for a computer to solve. Detecting different image types is pretty
trivial. You made it a lot easier by making the letters sit in the boxes in a
regular manner. 2) A high percentage of captchas are now broken by humans,
instead of robots. This is not a problem you will likely encounter in a small
site, though.

(1) Is an easier problem to solve. You could do "input the letters near the
cat", or "input the letters near the map of florida".

(2) Is harder, but most of the people who break captchas live in 3rd world
countries, so you could possibly arbitrage cultural knowledge (see florida
example above). They will catch on pretty damn quick, though.

~~~
ignostic
(2) Could be looked up by someone easily, and could potentially turn foreign
readers/customers off for no good reason.

I think you're better off just banning IPs. You can get a blacklist to start
if you're really worried about it.

~~~
chris_va
IP banning usually doesn't work, since that was the first countermeasure
employed.

The captcha farms got a lot better at using large proxies/gateways to hide
their traffic.

------
Doctor_Fegg
At OpenStreetMap we would love a map-based CAPTCHA that actually contributes
to our map. Right now we (like most people) use ReCAPTCHA on our wiki... which
has the rather exasperating effect of contributing map data (StreetView house
numbers) to our main competitor, Google.

On the upside, you can usually type a wrong number into the ReCAPTCHA. ;)

~~~
johnzdennis
I'd love to help - drop me a line at zack@asetniop.com and maybe I can help
devise a method that can fulfill both your aims.

------
pornel
It's not very quick or readable, and it's not useful for users with impaired
vision.

Technically it has two weaknesses:

\- non-map images are chosen from a small set. Good implementation will need
equally large set of non-map (and presumably non-offensive and deceptively
map-like) images.

\- satellite photos don't seem very hard to identify, e.g. even using
histogram as an input to a simple classification algorithm could give decent
accuracy (gray/brown/dark green color scheme dominates) and tree shadows, cars
and rooftops may be easy features to detect with fancier algorithms.

------
johnzdennis
Hi everybody, designer here. I really appreciate all the feedback; this
concept is still in its infancy and can obviously use quite a bit of
improvement, but I'm trying to tweak it as best I can to maximize its
usability.

Couple of notes: 1\. The ultimate intention is to either pull images (both
satellite and decoy) from the web as they are needed or create a database of
images and update it regularly. Thus identifying images as real or decoy will
only work on a short-term basis; there will always be new images entering the
fold.

2\. If people like this concept well enough to keep at it, I'm planning to
automate some kind of color-matching scheme so that it's not possible to just
look at the histograms of the images and identify the satellite images thusly.

3\. I'm only just starting to learn about OCR, so at this moment I have no
idea whether it's worth bothering to disguise letters or even whether it's
worth using letters at all. I prefer having a two-tiered approach; having to
ID a satellite image AND identify characters. If the bots are too good at
identifying the characters and/or it's too hard for humans, that just leaves
the satellite question and from what I've read that's not a high enough level
of entropy.

4\. I don't have anything lined up for an audio solution just yet. I'm fooling
around with a few concepts, but nothing worth mentioning just yet.

5\. Thanks to all those who wrote in suggestions/solutions and signed up!

------
nevster
No images are displayed in Firefox. I just see the pink letters. Works fine in
Chrome. IE just shows nothing except a black bar on the left.

------
rallison
An interesting approach, although one line of javascript will solve all
samples beyond the first one (didn't bother writing extra code to handle your
demo case):

$('.trueletterimage').each(function ()
{$('#userdata').val($('#userdata').val() +
$(this).attr('src').split('.')[0].split('/')[1])});

Copy paste into the console and enjoy.

Ok, obviously the above is mostly in jest. I always enjoy seeing new captchas,
despite most having major flaws. I do have to echo other comments that mention
the user difficulty issue. Using this in production would require more
explanatory text than your average captcha, and it does seem to take a little
longer to figure out than, say, a recaptcha image. That said, likely the
bigger issue is one of image classification allowing bots to solve most of
them.

~~~
dougmccune
the above is also directly ignoring the text immediately below on the page:

 _This is dumb! I already figured out how to crack_ _it, and yes, of course I
realize that the production_ _version will render the MAPTCHA as a single
image,_ _not as separate elements, and it will draw from a_ _practically
limitless database of images._

I'm not saying this is a good captcha, but if your first response is seriously
to not read any of the text on the page and go for the easy "hey, look how
dumb this is" answer, are you really trying hard enough?

~~~
rallison
I did read that. And that is why I added the "in jest" part, followed by my
serious comment. However, rereading my comment, I should have said "in jest"
instead of "mostly in jest."

~~~
dougmccune
ah, I can re-read and see how that is meant as a joke specifically targeting
the text I quoted. Gotta love the internets, where no one can hear your
intonation and subtleties

~~~
rallison
Indeed. On the plus side, with this comment chain, I doubt that anybody else
will miss the subtlety.

------
antonatos
one thing i found very irritating: in one of the tests that asked to type the
group of letters where the image is from satellite, i find the group "y p k a
1" but the answer i got was 'wrong, group is "k p y a 1"'. if i am not
mistaken, based on the mathematical definition of the group, groups "y p k a
1" and "k p y a 1" are the same

~~~
johnzdennis
Updated to allow any order input; shouldn't be an issue anymore.

------
benlarcey
Great idea but I don't think it's the solution to the captcha problem. There's
a lot of visual noise for a person to analyse and I found it considerably
harder than reCaptcha types. However that may be a bonus for deterring human
solved captcha à la deathbycaptcha.com

------
pbnjay
I was expecting "click on Tennessee" and then a region of the US - which might
actually be an appropriate captcha if you assume the site users know US state
geography.

This however, is difficult to read for a human and probably easy to write a
bot for.

------
tantalor
This should be accompanied by an image classifier to demonstrate its
effectiveness.

My guess is the contiguous nature of the satellite images might make the
problem a bit easier, sort of like Battleship.

------
aabalkan
Apparently street view cars are also considered as satellite photos.

------
tagawa
It's good that there's effort going into improving captchas but IMO the big
issue is finding something that also works for users with poor or no sight.

------
barsae
Order shouldn't matter for the result. ie: 3ypg1 should be just as valid as
3pyg1. Not everyone scans images top-left, going right, to bottom-right.

~~~
corobo
This might have been my downfall too, personally it was more of a scan over
the entire image and type letters as I see satellite images, didn't even
notice I was doing it like that until I saw your comment. I read something a
while back how "left brain hemisphere" people scan sequentially and "right
hemisphere" people jump in to find things at random. I can't speak for its
accuracy or its place in reality but the end result is that this thing could
do with accepting values in any order.

Not sure if that'd make the whole thing less useful however..

~~~
johnzdennis
I don't think that would make it less useful; either the bot reads it right or
it doesn't, the leeway introduced by allowing any order input is miniscule, I
think. So I updated it so it won't get fussy about order.

------
dlsym
It's so bot safe that even a human can't solve this!

Finally a good way to keep potential Customers from using your product!

~~~
corobo
Yeah I got around a 50% success rate, maybe I'm just more robot than man these
days :(

------
pbreit
I guess fine as an exercise but, wow, is this awful from almost every
perspective (usability, space usage, difficulty to crack).

------
saraid216
I was expecting this to be a random lat/lng and asking you to pick (for
example) the most prominent feature displayed in the map. A major city or a
famous mountain or something.

------
yeukhon
In general, wouldn't this be easy to crack too if the bot writer can write a
good image-to-text recogniter?

[http://techcrunch.com/2012/03/29/google-now-using-
recaptcha-...](http://techcrunch.com/2012/03/29/google-now-using-recaptcha-to-
decode-street-view-addresses/)

