Results 1 to 9 of 9

Thread: Silent Captcha - working behind the scenes instead of being a barrier

  1. #1
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Question Silent Captcha - working behind the scenes instead of being a barrier

    I just read the 9 Common Usability Mistakes In Web Design from Smashing Magazine and this part made me wonder:
    You could also use contact forms to bypass the problem of showing your email address on a page; however, you’re still likely to receive spam unless you put some good Captchas or other spam protection mechanism in place. Keep in mind that things like Captchas are barriers to user interaction and will likely degrade the user experience.
    Of course I was aware of this, but now I had an idea. Wouldn't it be possible to have a silent Captcha that works behind the scenes and is not a barrier? What I was thinking is that it might be possible to recognize humans by the way they write their messages.

    I don't know much (i.e. anything) about how spamming works, but I'm guessing the spam message is just inserted somehow and then sent away. A human, on the other hand, would type out the message character by character, maybe go back and make some changes, and then hit the send button.

    I guess more advanced spam robots (or whatever they are) could simulate this behavior, but I'm guessing most of them can't and even those that can might not be so perfect (or rather too perfect to be human). If the human passes the test, nothing would happen, they would just have to hit send and that's it. If the test is not passed, either because it was a robot or because the human's typing tempo was too perfect, a regular Captcha could appear saying something like "We don't believe you are human, please write the word you see".

    What do you think? Would this be possible? Or does it exist already? (I'm sure heaps of people have thought of this but after some searching I found nothing).
    Eddy Proca
    I love Dropbox. Get it through my girlfriend's referral link (I reached my limit) and both you and her get 500 MB extra! Thanks and you're welcome!

  2. #2
    Join Date
    Feb 2009
    Location
    Romania
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by Snookerman View Post
    I just read the 9 Common Usability Mistakes In Web Design from Smashing Magazine and this part made me wonder:

    Of course I was aware of this, but now I had an idea. Wouldn't it be possible to have a silent Captcha that works behind the scenes and is not a barrier? What I was thinking is that it might be possible to recognize humans by the way they write their messages.

    I don't know much (i.e. anything) about how spamming works, but I'm guessing the spam message is just inserted somehow and then sent away. A human, on the other hand, would type out the message character by character, maybe go back and make some changes, and then hit the send button.

    I guess more advanced spam robots (or whatever they are) could simulate this behavior, but I'm guessing most of them can't and even those that can might not be so perfect (or rather too perfect to be human). If the human passes the test, nothing would happen, they would just have to hit send and that's it. If the test is not passed, either because it was a robot or because the human's typing tempo was too perfect, a regular Captcha could appear saying something like "We don't believe you are human, please write the word you see".

    What do you think? Would this be possible? Or does it exist already? (I'm sure heaps of people have thought of this but after some searching I found nothing).
    A spammer can easily make a program easily which complete automatically all fields from a form except capcha code so i think that the capcha do not eradicate the spam atoll.

  3. #3
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Default

    I don't think you understood my post, please read it again.
    Eddy Proca
    I love Dropbox. Get it through my girlfriend's referral link (I reached my limit) and both you and her get 500 MB extra! Thanks and you're welcome!

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    Snooker:
    that's actually a cool idea. I'm also not sure if it would work (it would have to involved reporting the user's keystrokes somehow, or something similar, so I suspect it could be viewed as a security risk), but it's neat idea.

  5. #5
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    A spammer can easily make a program easily which complete automatically all fields from a form except capcha code so i think that the capcha do not eradicate the spam atoll.
    In that case the email is not sent.
    Of course I was aware of this, but now I had an idea. Wouldn't it be possible to have a silent Captcha that works behind the scenes and is not a barrier? What I was thinking is that it might be possible to recognize humans by the way they write their messages.

    I don't know much (i.e. anything) about how spamming works, but I'm guessing the spam message is just inserted somehow and then sent away. A human, on the other hand, would type out the message character by character, maybe go back and make some changes, and then hit the send button.
    It's an idea, but it has a high rate of false positives (some users might want to copy/paste a whole message) and false negatives (a spammer could program their bot to randomly pause between each character and make 'mistakes', but since this seems like it would need to be client-side they could just simulate the script with an acceptable value anyway).

    Some sites attempt to recognise spam by the content of the messages, but this has its problems too — YouTube will not accept Lojban comments unless we use implicit pauses, since it views the relatively high number of '.' characters as an indicator of spam (?!).
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  6. #6
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Default

    It's true that there would be errors, but surely, this should stop most of the basic spammers, shouldn't it? Of course, robots could be built to try to simulate humans as much as possible but that would require extra work and the more time the spammers would have to improve their robots, the more time for the silent captcha to learn how to find them better.

    An example would be the 20 questions site. In the beginning, it was very bad at guessing the word but after some learning it is now much better than most humans. The silent captcha could work in the same way, learning something after every single usage. There are so many things to look at, the tempo, the words used, the content of the message, etc. There could even be a correlation between the language and the probable type of keyboard the user has, thus the difference in time between different letters. If this silent captcha would be used by several sites (like reCAPTCHA), the statistics could be sent to a database that would just continue learning. The spammer would have to put a lot of work into building robots that can beat it.

    False negatives, like the user copying and pasting could be avoided since the user must type at least some text. If a human just copies and pastes text and sends it, odds are it's a human spammer. Also, like I mentioned before, if the silent captcha believes the user is not human, it could output a regular captcha which the falsely accused humans could use to prove themselves.

    I believe this would be possible in a not so distant future.
    Eddy Proca
    I love Dropbox. Get it through my girlfriend's referral link (I reached my limit) and both you and her get 500 MB extra! Thanks and you're welcome!

  7. #7
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    But it still has to listen on the client-side, which means that it can simply be disabled.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

  8. #8
    Join Date
    Oct 2008
    Location
    Sweden
    Posts
    2,023
    Thanks
    17
    Thanked 319 Times in 318 Posts
    Blog Entries
    3

    Default

    One solution would be to use a regular captcha and remove it with the silent captcha. If the user disables it, boom: the regular captcha comes back. Take that R2D2
    Eddy Proca
    I love Dropbox. Get it through my girlfriend's referral link (I reached my limit) and both you and her get 500 MB extra! Thanks and you're welcome!

  9. #9
    Join Date
    Jun 2005
    Location
    英国
    Posts
    11,876
    Thanks
    1
    Thanked 180 Times in 172 Posts
    Blog Entries
    2

    Default

    The user can submit a value that makes the server think they've been accepted by the silent CAPTCHA or just modify the client-side portion to always return true.
    Twey | I understand English | 日本語が分かります | mi jimpe fi le jbobau | mi esperanton komprenas | je comprends français | entiendo español | tôi ít hiểu tiếng Việt | ich verstehe ein bisschen Deutsch | beware XHTML | common coding mistakes | tutorials | various stuff | argh PHP!

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •