<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">*An uneducated statement made from row 41 seat D destined to Michigan*</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">CAPTCHAs that are based on obfuscation are a losing battle (imho) due to what I like to call 'the sophistication arms race'. Good guys write increasingly sophisticated CAPTCHAs (I hate typing that, btw, let's use HIP (Human Interactive Proof)). The 'bad guys' write software to break them. The 'bad guys' also have access to other really smart people trying to solve other computer vision problems. Check out the work conducted by the UC Berkeley Computer Vision Group. Anyhow, the efficacy of the HIP system decreases proportionally with the number of carbon based life forms that can actually decode the mess. Which means the good guys are limited in their sophistication because everyday grey matter can't figure it out well enough. On a long enough timeline, or so I suppose, the number of humans capable of passing the test drops below 'most' acceptable false negative rates. The result is the 'bad guy' wins the race and spams the universe.</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">I've implemented an SMS based HIP system at <a href="http://areyouahuman.org/" target="_blank">areyouahuman.org</a>. Yes, you can slang some code onto your mobile device to get the challenge. But, I'm currently writing the per-site threshold mechanism that should resolve this. </font></p>
<div style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"></font> </div>
<div style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">This system presumably helps prevent site automation via thresholds, driving the cost of breaking it up, and by using an identifier that is in lesser quantities - IPs are 'easier' to commandeer than phone numbers.</font></div>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">What are some thoughts on this approach?</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"> </font></p>
<div style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">Blake</font></div>
<div style="MARGIN: 0in 0in 0pt"> </div>
<div style="MARGIN: 0in 0in 0pt">
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">>I would like to RTFM on alternatives to CAPTCHAs, but I don't know what FM to R.</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">>If someone here wants to say "forget it" or "this is the current best technique" or what-have-you, I'd be thankful to hear.<span> </span>Not trying to start a large thread; >you can, if you like.</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">>--dan</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3"> </font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">_______________________________________________</font></p>
<p style="MARGIN: 0in 0in 0pt"><font face="Consolas" size="3">Dailydave mailing list</font></p>
<p style="MARGIN: 0in 0in 0pt"><a href="mailto:Dailydave@lists.immunitysec.com" target="_blank"><font face="Consolas" size="3">Dailydave@lists.immunitysec.com</font></a></p>
<p style="MARGIN: 0in 0in 0pt"><a href="http://lists.immunitysec.com/mailman/listinfo/dailydave" target="_blank"><font face="Consolas" color="#800080" size="3">http://lists.immunitysec.com/mailman/listinfo/dailydave</font></a></p>
</div>