back to article AI bot rips off human eyes, easily cracks web CAPTCHA codes. Ouch

Computer software that mimics how the human visual cortex works can solve text-based CAPTCHA challenges, the image recognition tasks often used by websites to differentiate human visitors from spam bots. A paper describing the code was published on Thursday in the journal Science. A team from Vicarious – a California startup …

  1. MrBanana

    Success rate of 89.9%?

    That's better than I manage with these bloody things. And don't get me started on looking for shop signs or vehicles in some random high street picture.

    1. Jared Vanderbilt

      Re: Success rate of 89.9%?

      Amen brother. I can't wait for the app to come out. Have it run in the background and auto fill and submit any CAPTCHA that pops up.

      1. DropBear Silver badge
        Facepalm

        Re: Success rate of 89.9%?

        Wait, there will be an app?!? PLEASE, you can have all my money / first-born child / kingdom I don't even have, ANYTHING, just let me have it! These days most things pester me with multiple Captchas daily and I keep near-failing them all! The fairly recent ones (looking like torn scraps of a grainy photo of something that may or may not have been letters viewed in a mirror shattered into a thousand pieces on the bottom of a stormy lake - absolutely NOTHING like the examples accompanying this article) were only moderately maddening, but the current "tile" based ones that replaced them have well and truly pushed me off the deep end. I swear these bastards are allowed to keep throwing up new image after image after image after image after image after image and hold you hostage to indefinite lengths that Gitmo wardens can only dream of, without ever declaring you either human or machine (and in the end they declare you a bot anyway and from then on there's flat out nothing you can do to log in again in the foreseeable future - well, except clear all cookies and PPPoE redial to change your IP). Sensei, please, I'll do anything! ANYTHING...!

        1. Kiwi Silver badge
          Flame

          Re: Success rate of 89.9%?

          These days most things pester me with multiple Captchas daily and I keep near-failing them all!

          I find blocking the scripts for google, clodfool etc tends to stop those ones coming up. I can go for days without seeing on on El Reg, but if I allow google for a moment for some other page I seem to get their horrible ones again. Over and over and over and over. I think if you make a few mistakes, after 100,000 images they decide a decent AI would get 100% but a human would only manage 99.999%, but they have to run a decent enough sample size.

          These days after the 3rd of 4th run I decide I'm no longer interested in the site and find something else to do for the day.

          --> Mr capthca maker, would you like to pay me a visit? I have a lovely blowtorch I'd love you to meet.

    2. tony2heads
      Terminator

      Re: Success rate of 89.9%?

      Are you a AI system then?

    3. Muscleguy Silver badge
      Boffin

      Re: Success rate of 89.9%?

      I seem very good at those. But then I have a very visual memory, near photographic and have spent much of my scientific career looking for tiny differences between very tiny things.

      Also with those you are actually helping a deep learning system by categorising scene objects for them.

      That system which can create novel near photo-realistic street scenes was trained on such CAPTCHAs. Thus I prefer them to the munged letters. At least you are doing something useful.

      1. Ledswinger Silver badge
        Devil

        Re: Success rate of 89.9%?

        I seem very good at those.

        Then slip this leash on, and you can be my captcha hound.

        However, from a personal perspective I have a slight image problem with a Muscleguy on my dogleash. I could more comfortably manage a Musclebabe on a leash. Or better, I could be on a Musclebabe's leash.......no, I didn't write that, forget you saw that.

        Move along, move along, nothing to read here.

  2. Mage Silver badge

    Oh no not again

    A) This is old news

    B) "Training" (Really adding a to a database) with loads of examples isn't real AI. Real humans don't need loads of examples. Three year old human vs computer "learning" what a hot dog is.

    C) OCR once needed special letters, then by 1976 Ray Kurzweil had got OCR to work with almost any font (omnifont). Then he proceeded to build a machine that with synthetic voice could read books to the blind.

    As computers have got better at captchas (a stupid name), they made them harder to the point where humans find them difficult. The ones on eBay are horrid.

    It was absolutely inevitable that further development of OCR would make the captcha useless. It's not AI. Just incremental development of specialist algorithm with a larger database. Google has been using the captcha system* to improve their OCR on their Google Books scanning program (which initially was very very poor compared to human proof read OCR teams of Project Gutenberg).

    So nothing surprising about this.

    [* Google only offers something if they get benefit, in this case improvements in OCR of real books]

    1. Mage Silver badge

      Re: Oh no not again

      Found it XKCD Constructive Approx 2013

      So regarded as inevitable 4 years ago?

      Less relevant, but related XKCD Suspicion

      Note test is called VK

      1. Paul Hovnanian Silver badge
        Terminator

        Re: Oh no not again

        "Note test is called VK"

        Voight-Kampff?

        1. bombastic bob Silver badge
          Devil

          Re: Oh no not again

          "Voight-Kampff?"

          I found this:

          http://www.allthetests.com/quiz30/quiz/1386100782/Voight-Kampff-test-questions

      2. Allan George Dyer Silver badge

        Re: Oh no not again

        And XKCD Self Driving

    2. User McUser

      Re: Oh no not again

      Real humans don't need loads of examples. Three year old human vs computer "learning" what a hot dog is.

      Yeah, they kinda do. Letters are especially hard compared to physical objects.

      No matter how you orient a hotdog in space it's still a hotdog but letters are not like that.

      Turn the letter "b" upside down and now it's a "p" - mirror it and it's a "d" or "q". It's part of why children learning to write will sometimes render letters backwards or in other strange ways.

  3. Anonymous Coward
    Anonymous Coward

    Good

    I hate those stupid damn Captcha boxes. It seems like if bots are such a problem, then they could figure out something better than a Captcha box to discover it. I have seen Captcha boxes that were so bad, that NONE of 30 people could figure out what it was.

    And the street scenes? How many do I have to look at? That dot of a sign that barely registers 8 pixels by 8 pixels might well be obvious to someone,but not me.

    1. bombastic bob Silver badge
      Mushroom

      Re: Good

      "I hate those stupid damn Captcha boxes"

      so do _I_ . The #1 reason: they all require FORNICATING SCRIPTING to be enabled

  4. This post has been deleted by its author

  5. Adrian 4 Silver badge

    Tell the website authors

    I keep hearing about how Captchas are broken. But still they keep using the wretched things.

    If the site gets so many visitors they can't evaluate a new user (clue: it's only necessary to moderate the first few posts), can't they afford a few more staff ?

    And the street scenes .,, they're crap, too. Who evaluates them to find the correct answer ? A bot, I guess. Well, duh.

    1. Nick Ryan Silver badge

      Re: Tell the website authors

      You clearly don't run any public sites. It's NOT just about protecting user registration after the fact, there is a lot more to it than that. Consider just the two scenarios:

      Your website has a public registration form. Without a captcha any vaguely known about website will easily receive hundreds of spam/malware/whatever bot account registrations every day. A remotely popular website will receive considerably more. As a result bot accounts will be created, advert/spam/malware links will be posted all over your website forums (or whatever else it has). Fine, you could remove these after the fact but the reputation of your website will rapidly drop to Daily Mail levels with even a few malware infections and spam/advert/link bot attacks generated by these bots. You could choose to manually approve new user accounts but then you have the entertaining task of trying to identify the gennuine account requests among the hundreds of spam-bot account requests.

      Your website has a "contact us" form for visitors to send messages to you using. Without a captcha, for a vaguely popular site, you will receive many bot-messages every day. This is particularly the case if they find that the content of the message is CC'd to the "sender" - in which case congratulations, you are sending spam on their behalf. Even if the content of the message is not CC'd to the "sender", it's a fine way to clutter up inboxes, perform email floods and to flatten the reputation of your organisation's email servers.

      1. myhandler

        Re: Tell the website authors

        If you cc the message back to the sender you deserve to be penalised.

        Email verify and then allow posting.

        In forum posts filter out all html, or just the links, until user is marked as genuine.

        1. Kiwi Silver badge
          WTF?

          Re: Tell the website authors

          If you cc the message back to the sender you deserve to be penalised.

          Why? If I wish to contact a company for something, and am stuck with their contact form rather than a proper email, why should I not get a copy of whatever I sent them?

          Why should they be penalised for giving me a copy of what I sent them so I have a record of things?

          1. Nick Ryan Silver badge

            Re: Tell the website authors

            Because you could put anybody's email address in the "your email address" field and effectively send them an anonymous (spam) message just using the website's "contact us" form. This is why spam-bots target these things because they want to see if they can use them as an anonymous spam relay.

            1. Kiwi Silver badge
              Pint

              Re: Tell the website authors

              Because you could put anybody's email address in the "your email address" field and effectively send them an anonymous (spam) message just using the website's "contact us" form.

              The better ones have a captcha of some sort to defeat (or at least significantly rate-limit) the spammers.

              So. Why should sites be punished for giving me a way to use their contact form and still have a record of what I sent?

      2. DropBear Silver badge

        Re: Tell the website authors

        Awesome! Now please tell me why are the fucking catpchas still there AFTER I logged in successfully on the first try - and I still have to prove I'm human before I can proceed!

        1. Nick Ryan Silver badge

          Re: Tell the website authors

          Because they hate you? :) Seriously though, I can't think of any reason for many of those other than to try and prevent automated submissions after a manual login.

          The ones I tend to fail on are the picture ones where you have to identify all of the damn squares that have a smallest part of a mountain, street sign, store front or whatever in them.

  6. Anonymous Coward
    Anonymous Coward

    What about...

    Math puzzles? I have 2 dogs, you have 3, how many dogs if we're all walking together etc... Do these still confuse AI?

    1. bombastic bob Silver badge
      Joke

      Re: What about...

      math puzzle...

      well, if you want to confuse the AI, list dog breeds and one cat breed, like

      "Mark has a dachsund, Jean has two border collies, Bill has a rottweiler, Ron has a German shepherd named Killer, and Velma has a tabby. How many dogs are present?"

      The answer will be "zero, they all ran after the cat".

      1. MacroRodent Silver badge

        Re: What about...

        Some Finnish sites have used tests where a simple math problem is given in Finnish ("yhdeksän plus kaksi?), and you must type the result as a number (11). Was pretty effective since most spammers are foreigners, but now Google translate makes short work of these.

        1. Joe Harrison Silver badge

          Re: What about...

          I can manage Russian well enough for the sites I like to visit but I am floored completely if I encounter any captchas. I can mostly recognise A no matter how much it is distorted but try telling the difference between л and п or ш and щ

          1. DropBear Silver badge

            Re: What about...

            Yup, all we need is replace this stupid s##t with even stupider s##t like "30 cows in a field, 28 chickens how many didn't?" then wonder why the correct answer is "10"...

            1. Tikimon Silver badge
              Devil

              Re: What about...

              "Yup, all we need is replace this stupid s##t with even stupider s##t like "30 cows in a field, 28 chickens how many didn't?" then wonder why the correct answer is "10"...:"

              This went around my office a few weeks ago. I happened to be the only one who got it right. Doesn't bode well for puzzle-challenges.

              Computers will eventually be better than humans at ANY of this, and inevitably the challenges will become unusable to humans but easily solved by machines. So what's left? Something involving body fluids? "Press the Auto-Pierce pad to collect a drop of blood and verify you are a human. We're sorry, your challenge failed, please re-sample and try again."

  7. Anonymous Coward
    Anonymous Coward

    Hopefully good news and CAPTCHAS will die soon...?

    Meantime 'Feedback' when you're progressing through multiple captcha stages would be nice. Its like typing in an asterick-obscured password field that's 20+ characters long. Why don't all sites offer a 'show typing' option? Even the guy who invented obscuring thinks it was all a mistake!

  8. Florida1920 Silver badge

    CAPTCHA never worked for me

    Anyone familiar with the alphabet can solve one. I switched to a Q&A on my board and the number of would-be spammer registrations plummeted. I moderate all new registrations anyway, but the switch greatly reduced my workload.

    The ones on Google (which you see if you click through search results too quickly), where you have to ID street signs, cars or buildings are particularly annoying. FFS Google, so what if it's a robot? It's not as if Google doesn't use bots to scrape my site.

  9. Winkypop Silver badge
    Coat

    What about using moral challenges?

    Find the ODD one out:

    Do you think sexual harassment is OK?

    • No, never
    • It is deplorable
    • This is a bad thing
    • Stop doing it
    • I am Donald Trump

  10. Kaltern Silver badge

    This is not FUCKING AI.

    Intelligence, Artificial? NO. Pattern Recognition.

    Seriously. Anything that is autonomous is apparently AI these days.

    AI will only exist when a machine asks something not in it's original coding and understands the answer.

    1. Anonymous Coward
      Anonymous Coward

      Hey, you may be right, but...

      Everything done by technology is now called "AI" I expect that applies to my washing machine adjusting the amount of water it uses for a smaller load, upwards.

      Do you recall in th 90's when everything was "Turbo" and even computers had a useless button to prove it? This is history repeating itself with the next hype bubble.

      Nevertheless, thumb up for not becoming assimilated :)

    2. Swarthy Silver badge
      Boffin

      One Could argue....

      Once could argue that Natural Intelligence is nothing more than pattern recognition with probabilistic generative models. One of the reasons why people see faces in so many things.

      The core of NI is that we can recognize patterns of patterns (like noticing how many "faces" we, as a species, see in things that have no faces) and make predictions based on this recognition, including recognizing the pattern of how our predictions fail, and updating our models accordingly.

    3. Florida1920 Silver badge

      You can be my [site's] bodyguard

      Seriously. Anything that is autonomous is apparently AI these days.
      And Betty, when you call me, you can call me Al.

  11. tiggity Silver badge

    street sign captchas

    Am I the only one who deliberately does a few of the street sign things wrong?

    In protest at how irritating they are (poor quality images, made worse viewed on a tiny phone screen) - and make them realize they are not fit for purpose - with the added bonus of their self driving car "AI" gets less useful data to work with.

  12. MJI Silver badge

    Want it now

    I bloody hate the things, especially the road sign ones

  13. Tikimon Silver badge
    Facepalm

    CAPTCHA as anti-privacy weapon?

    I run my browser as locked-down as I can manage it. I block scripts, spying, Faceborg "like" spy-buttons, etc. It might be my imagination, but I feel like more web sites are tying their CAPTCHA challenges to the basic site scripts. Block anything and you've blocked the gatekeeper challenge as well and can't use the site at all. Could be coincidence, could be my paranoia, could be a real thing.

    "Prove you're not a robot, and let us track you for profit."

  14. DerekCurrie Bronze badge
    Angel

    The Next Step In CAPTCHA Evolution:

    The security rebus.

    We're going to get to a point where even actual humans can't decipher these things. Oh wait, that already happened.

    STAND

    ----------

    I

  15. Mike 16 Silver badge

    AI

    I have to wonder if "Kids these days" even get the bit at the beginning of The Loved One where Dennis Barlow (Robert Morse) claims his occupation is "AI Donor".

  16. arctic_haze Silver badge

    Happy to hear that

    As soon as robots start beating us at captcha recognition (which is not difficult in my case), the captchas will be pointless.

    The downside is... I have no fcuking idea what they will invent next to make our lives miserable.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019