Interesting People mailing list archives

Google Buys reCAPTCHA, Creating a Potential Privacy Issue

From: Dave Farber <dave () farber net>
Date: Thu, 17 Sep 2009 08:29:42 -0400





Begin forwarded message:

From: Rich Kulawiec <rsk () gsp org>
Date: September 17, 2009 8:09:20 EDT
To: Dave Farber <dave () farber net>
Cc: Lauren Weinstein <lauren () vortex com>
Subject: Re: [IP] Google Buys reCAPTCHA, Creating a PotentialPrivacy Issue

On Wed, Sep 16, 2009 at 07:06:43PM -0400, Lauren Weinstein wrote:

CMU's reCAPTCHA is a specific implementation
of the more generalized CAPTCHA concept, which attempts to validate
user input as coming from a human, not a (typically spam-related)
robot.


The entire "captcha" concept, never a good idea in the first place
due to its unfair impact on the visually-impaired, is dead.  Spammers
and other abusers now have the ability to defeat it at will by using

a combination of automated and manual techniques -- and are alreadydoing

so where it's worth their attention.

Automated attacks on captchas have pushed the necessary obfuscation
to a level that blurs the boundary between "one too hard for an
automaton" and "one easy enough for a human being".  And while human
beings aren't getting any better at this -- software is.

Manual attacks on captchas are carried out by workers hired at verylow

wages (often performance-based) to execute repetitive tasks, and by

unsuspecting users who are tricked into participating by methodssimilar

to trojans.  "Never underestimate the decode rate of a room full of

adept typists", to borrow from a famous aphorism regarding magnetictapes.


While thus far these attacks have (mostly) been directed at high-value
targets, it's reasonable to presume, given well-known past patterns
of spammer/abuser behavior, that they will spread beyond those as
methods are refined and resources more efficiently deployed.

---Rsk




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

Current thread:

Google Buys reCAPTCHA, Creating a Potential Privacy Issue Dave Farber (Sep 16)
- <Possible follow-ups>
- Google Buys reCAPTCHA, Creating a Potential Privacy Issue Dave Farber (Sep 17)
- Re: Google Buys reCAPTCHA, Creating a Potential Privacy Issue David Farber (Sep 17)
- Re: Google Buys reCAPTCHA, Creating a Potential Privacy Issue David Farber (Sep 17)