Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <ian.g.kelly@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.018
X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; 'scripts': 0.03; 'source,': 0.04; 'reason,': 0.07; 'alternatives': 0.09; 'mess': 0.09; 'properly.': 0.09; 'solution,': 0.09; 'random': 0.14; 'cases)': 0.16; 'intersection': 0.16; 'jumped': 0.16; 'mangled': 0.16; 'meanwhile,': 0.16; 'reliably': 0.16; 'sorts': 0.16; 'throw': 0.16; 'two.': 0.16; 'underlying': 0.16; 'wrote:': 0.18; 'wed,': 0.18; 'user.': 0.19; 'machine': 0.22; '(in': 0.22; 'aug': 0.22; 'instance,': 0.24; 'looks': 0.24; 'question': 0.24; "i've": 0.25; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'css': 0.30; 'field,': 0.30; 'message-id:@mail.gmail.com': 0.30; 'easier': 0.31; '13,': 0.31; 'occurs': 0.31; 'everyone': 0.33; 'screen': 0.34; 'problem': 0.35; "can't": 0.35; 'something': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'passwords': 0.36; 'wrong': 0.37; 'so,': 0.37; 'two': 0.37; 'machines': 0.38; 'to:addr:python-list': 0.38; 'fact': 0.38; 'pm,': 0.38; "couldn't": 0.39; 'to:addr:python.org': 0.39; 'read': 0.60; 'easy': 0.60; 'problems.': 0.60; 'solve': 0.60; 'voice': 0.60; 'most': 0.60; 'tell': 0.60; 'gone': 0.61; 'limited.': 0.61; 'simple': 0.61; 'back': 0.62; 'such': 0.63; 'field': 0.63; 'more': 0.64; 'phone': 0.66; 'computers': 0.72; 'captcha': 0.84; 'laid': 0.84; 'messed': 0.84; 'dozen': 0.91; 'serious': 0.97
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=glxcSs5RinIIHeytCBazA49VZWhYc2i5KeIHuQNGkQ4=; b=FAAb55Zy8fK5H2zE5nyCWIMczZrJPyOd/ll8ER1mRmct6vRytqEcly6p2HRgNex5EM qGDNRubiO7k3DgSejetK548cwhU8fJcs446QGWVhnzjGHFq/iou3UV4NnTimE9yJDK7a i1Kfq5GTN9+rxgtHTsInIlv5TGIu9gma83Q/EhxVKLHjMARwHAMovS3cm6i8y+j4NG0y S0RtM+EUgqmAEeXpJIfx26rTsgK3xIL74J+yPLDyKcCZgZfzp/iOJ5ZBhZ0LSGruv5Kk WjFMG48nPme/uubHHm0hetD42RnOnffLudm3jOX1sw3LA7OaNhO+F0kM46ftd8oiN45T buZQ==
X-Received: by 10.70.35.207 with SMTP id k15mr5941062pdj.5.1407961003254; Wed, 13 Aug 2014 13:16:43 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <CAPTjJmrvAbD0iVTkyrvujB=5wTizmZQNxhZ-EWjbC3KPG8ZyEw@mail.gmail.com>
References: <8c2e4bc2-4f46-4a68-83ed-469fe171de3a@googlegroups.com> <mailman.12884.1407848347.18130.python-list@python.org> <2320baf0-e097-4d67-97c1-dd37ca79fffb@googlegroups.com> <mailman.12887.1407856051.18130.python-list@python.org> <lsdce7$94t$1@dont-email.me> <mailman.12889.1407858847.18130.python-list@python.org> <376a239c-77e8-4e0e-9300-847dfa8a8547@googlegroups.com> <CAPTjJmo=Sr3Y4KaDfa4n6=bfxZFNWUohN93OtnHcvaYFT08mDA@mail.gmail.com> <53EB4E68.8050405@harvee.org> <CALvWhxtBnx2TX2VKpaoHvrr5QXpG3YMzrud3TzapCD8U7k=Fyg@mail.gmail.com> <CAPTjJmrvAbD0iVTkyrvujB=5wTizmZQNxhZ-EWjbC3KPG8ZyEw@mail.gmail.com>
From: Ian Kelly <ian.g.kelly@gmail.com>
Date: Wed, 13 Aug 2014 14:16:02 -0600
Subject: Re: Captcha identify
To: Python <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.12946.1407961336.18130.python-list@python.org>
Lines: 38
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1407961336 news.xs4all.nl 2971 [2001:888:2000:d::a6]:52117
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:76235

On Wed, Aug 13, 2014 at 1:43 PM, Chris Angelico <rosuav@gmail.com> wrote:
> There are alternatives that are both easier for legit people and
> harder for spambots. Some rely on the fact that humans read things two
> dimensionally, and scripts look at the underlying structure; so, for
> instance, random field names and cunning CSS to match them up with
> their labels can result in a form that's completely messed up in the
> source, but looks perfect to a user. Or you can put extra fields down
> that you can't see if the form's laid out properly.

Chances are that if these tricks mess up a spambot, they will also
mess up a screen reader.

> Or you can combine
> those sorts of tricks with a very simple challenge-response, like
> "What is one plus one?" that requires some specific value to be in a
> specific field - and if that value occurs in the wrong field, you
> throw the form back to the user.

If I ask my phone "What is one plus one", a very nice sounding voice
will tell me that one plus one is two. It takes some cleverness to
come up with a question that is likely to stump a machine but not
deter a human, so the pool of such questions will necessarily be
limited. Meanwhile, all the spambot has to do is flag the question for
a human to answer and store the answer somewhere, and the question is
now useless.

> For some reason, everyone's jumped on the "show some mangled
> text/numbers and ask the user to enter them" bandwagon, in the same
> way that everyone has gone for passwords that require
> lower/upper/digit/symbol and (in the most annoying cases) are actually
> length-limited to something stupid like 12 characters. Yes, maximum,
> not minimum. Grumble.

I've seen some captcha systems that I couldn't solve after a dozen
attempts, and I have no serious vision problems. It's a problem with
no easy solution, and as computers get more powerful the intersection
of {problems machines can't solve} and {problems humans can reliably
solve} grows ever smaller.