Hacker Newsnew | comments | show | ask | jobs | submit login

Clickcha is more secure than traditional text based CAPTCHAs which can be read via OCR software.

Because... circled numbers can't be read by OCR software?

Without some visual obfuscation, I fail to see how this is an improvement against bots. Simple OCR + location of match = 100% success rate (just click the middle). Improvement for users, perhaps, especially due to its simplicity... but I don't know if that's worth it.




> Simple OCR + location of match = 100% success rate

Sometimes it ask you to choose the biggest square, not only biggest/smallest questions. The challenge varies all the time.

For example, I can ask you to choose the biggest triangle out of some boxes, circles and stars, and the question sentence can be displayed using a line of traditional CAPTCHA

-----


I didn't catch the other question types, and the page isn't loading for me any more so I can't fiddle with it further.

I can see where that'd help (significantly), but I don't see how a captcha-reader can't also parse the key words, and interpret the image appropriately. "size-est" and "shape" / "color" is easy to rip out, and a basic OCR to detect shapes and sizes and a number is pretty basic.

And remember that the site lists Captchas as being OCR-able, and that the question sentence must be readable - quickly - by humans, so it can only be weakly obfuscated, unlike some of the shorter Captchas. That weakens an already-claimed-as-weak system, so it's easy to assume the instructions can be read. Detecting a couple key words via a smallish dictionary seems simple at worst.

A few mistakes can be ignored, because the server must allow a few - people will make them too. After all of the above, what's the success rate on a dumb interpreter? Say, one that can't understand order of words, merely their existence.

I'm not seeking to totally shoot this down - I think it's an interesting idea, and with a large number of objects and some visual obfuscation could possibly supersede Captcha. But it's achieved by adding logical complexity; to retain ease of use, visual complexity / some other form has to be sacrificed, which makes it easier to read by machines. Or, potentially, making the image quite a bit bigger, so the images / objects used can be made significantly more complex ("click the dog" when given several images).

-----


ok sure, but how many permutations of different questions are there? Once you have these, it is trivial to OCR the numbers/shapes and pick the appropriate one per the question.

-----


> how many permutations of different questions are there?

Infinite! Just this of the possibilities with that kind of system. You could keep adding different questions (just minor variations) and it won't be difficult to keep ahead of spammers. Plus there is always a trade off between security and ease of use. I think the ease of use with clickcha is well worth the slight loss of security.

-----


Having to manually add questions means that practically speaking the number of possible questions <<<<<<<< infiti. As soon as you add another question, the spammers will simply add it to their portfolio of question types. There is no way "you can keep ahead of the spammers" with this.

-----


Well there's that and they only need to break 1 of them, adding more types doesn't really do anything when you can refresh except to slow things down by a bit. :P

-----


And then you fall into the same problem with a race between captcha/clickcha programmers (who MUST maintain ease for human-use) and spam programmers (who can click randomly and still sometimes succeed, so they only seek to boost their chances).

I'll give them two guesses who will win most of the time.

-----


> circled numbers can't be read by OCR software?

It doesn't have to be circled numbers (or any other text), that is just one of the possibilities.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: