Hacker News new | comments | show | ask | jobs | submit login
How CAPTCHA got trashed - The wiggly words are now most useful for malware authors (computerworld.com.au)
17 points by nickb on July 16, 2008 | hide | past | web | favorite | 11 comments

It's interesting to hear that some parts of Craigslist are 90% spam now. You'd think that under a traditional parasite-host model, the spammers wouldn't want to completely kill off the message boards / classified sections where they direct their attacks. Once the users are gone from what was once a useful part of the Web, no amount of spam there is going to yield any results.

From the spammers' perspective, it's a "tragedy of the commons" situation. To each individual spammer, it is worthwhile to keep posting on craigslist for the short-term even if the sum of their actions is suboptimal in the long-term.

The difference between typical parasites and spammers is that spammers are human. Humans aren't logical, nor are they being killed off by attacking the wrong host (hmm... idea?), so it's not surprising that the situation doesn't follow a biological model.

I guess the "Turing" part of the name was a bit hopeful. Are the attacks actually doing OCR, or are they brute-forced against a database somehow? (or maybe those are the same thing these days?)

I guess anything that's widespread enough will make cracking it valuable enough to get someone to work around it, but it seems like we could probably come up with something that was quite a lot more human-y requiring?

Language understanding? Whatever it is that AI PHD students are failing to solve these days?

A prediction: You know what will replace CAPTCHAs? A credit card number. That's right. Sending an email will cost 1/100th of a penny. A craiglist posting will cost 1/10th of a penny, etc, etc. Someone just needs to make it work.

Doesn't at least some part of you think, "If it was so easy, it would have been done at some point in the past 15 years? There are all of these absolutely brilliant minds working on this problem - why haven't they done this before?"

Microsoft tried to get micropayments rolling at least half a decade ago, that's probably why there isn't a workable system in place yet.

There isn't a workable system yet because each company tries to make something proprietary. Micropayments will catch on when there's a simple protocol for it, like SMTP is for email.

That could be a good deal for a spamming business. I think that certain spammers currently invest significantly more than 1/100th of a penny per solved CAPTCHA.

Well, yeah, but it would give them an incentive to invest more in targeting their customers correctly. At this point, a million new addresses to a spammer is an asset; if we implemented this plan, that would be a huge liability.

The ideal, once your email-receiving price gets high enough, would be for spammers to basically send the kind of spam that you would have paid to know about anyway (e.g. instead of reading a gadget blog, spammer pays you $1 to look at his customized spiel pitching a particular gadget similar to the ones you've previously liked).

What about the processing costs?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact