Presidium Podium

I want to talk about a particular type of captcha that has earned my contempt on grounds of its utter perversion.

Of all the things I could be moved to rant about from this vantage point (truly, a pool of manifold things), it is not entirely clear to me why I want to talk about this one. Besides, there are enough ridiculous applications of Internet technologies to fill a respectable galaxy in and of themselves, let alone the other things that belong to the genus “ridiculous.”

But wait, that’s what they told me a blog was for! So folks can rant about everything from the texture of their navel hair to their pet hare, and stuff like that. Nothing will stand in the way of my quest to get what I paid for.

Yes, I too hear the bells of irony tolling, in light of the chosen theme of “ridiculous applications of Internet technologies.” It’s an “interesting twist!” Ba-da-dooom! Cue for laughter.

Perhaps it’s because I feel that it blasphemes upon what is otherwise an interesting concept from a theoretical point of view, as far as computer science, cognitive science and artificial intelligence are concerned. Let’s chalk it up to striking a disciplinary nerve.

First, a brief explanation¹ of what a “captcha” is for those in the audience that haven’t picked this up mission-critical, synergistic, high-ROI Web 2.0 cross-platform collaborative content blogosphere term.

You’ve probably run into situations filling out forms online, entering bank information, posting to blogs, signing up for new services, and so on, in which you are required to manually input a series of characters as they appear in an image. This is basically intended to either prevent spam or add an extra layer of security by authenticating that the user is in fact human, thwarting automated processes that can fill out forms mechanically and submit them via a “robotic” HTTP request.

Malicious spammers and fraudsters often use these types of scripts to automatically create thousands of accounts for a particular purpose (to use as spam reflectors?), initiate batched credit card transactions with stolen numbers from a hijacked host in a short time, etc, etc. Fill in the blanks here; I’m so benevolent that I’m obviously hurting for creativity in the area of e-malice. [spreads angel wings]

Among the reasons this technique works are:

• The rendering of characters in an image as opposed to plain text makes it considerably harder to read the character stream; at the very least, it would require grabbing the image and running it through OCR (Optical Character Recognition)² software; all of which would have to somehow be worth the effort to defeat a particular captcha.
• The image is typically complex. The alphabetical characters are usually distorted or warped somehow, or appear with the superimposition or overlay of polychromatic lines or complex visual patterns rather similar to anti-counterfeiting designs that are not easily reproducible in copying. Government treasuries use these types of patterns in their printing processes to confer distinction upon an official, treasury-backed currency note. In this case, this has the effect of confusing OCR software by making it problematic to discern an alphanumeric character from extraneous data.
• Even if such schemes are theoretically defeasible in a programmatic way, the effort to defeat a particular captcha is absolutely not worth it in most cases. It would require very complicated image processing, and good captchas rotate the distortions employed. A spam or fraud effort would have to scale or pay very, very well to go through that kind of rigamarole.

That’s what a captcha is. In fact, many blogs have them to prevent comment spam. Numerous captcha modules are available for WordPress, as comment spam is a very common phenomenon due to the ubiquitous proliferation of WordPress installations.

Spammers have picked up on the fact that all WordPress form interfaces use the same basic form field ID keys and devised elaborate (ro)bot scripts that trawl the Internet in search of unsuspecting WordPress blogs and automatically post comments to them en masse.

If this blog becomes extensively linked on Google, where (ro)bot scripts can learn of the site URL, I very well may have to set one up for commenting as well, unfortunately. But we’ll tackle problems as they come - reactively, not proactively, otherwise I forfeit my admission to slacker heaven.

Anyway, of course folks quickly intuited that alphanumeric characters in captchas a relatively weak way to approach this problem, or at the very least an uninteresting one. Instead, one could design something that places even more complex demands upon a machine, but which would be utterly trivial to human subjectivity, thus highlighting the distinction between the two more acutely.

For instance, one could generate a series of pictures of various animals, and entreat the user to select the kittens of the group. It’s been done.

It would be a very difficult feat of image processing to accurately detect whether a picture contains a kitten. Possible, for sure; in fact, many enterprise content filters used in school systems attempt to do this for porn³. But accurately? Worth the effort? Absolutely not.

In theory, the concept is an interesting one. If nothing else, it’s a succinct statement about a fundamental problem explored in artificial intelligence and cognitive science: how could one make a machine mimick the adaptive subjectivity of the human mind, even with respect to relatively elementary sensory phenomena? Is it even logically possible?

Rather fascinating to think about, although I don’t claim the scholarly credentials to offer anything particularly intelligent or conceptually robust.

And now, we come to HotCaptcha.com, a captcha implementation that relies on the user picking three attractive people of a given gender from a group. The language of its error messages suggests that if you fail to pick the correct “hot” people, you aren’t certifiably human: “Die, bot, die!”

From a technical point of view, it’s actually a rather commendable implementation. It is easy to insert into a web application. It pays excellent homage to what the Web 2.0 lexicon terms mashups by, well, using them. The images are actually syndicated from the swill known as HotOrNot.com and the evaluation is performed based on the three highest-”rated” pictures. It even claims to use a HotOrNot API to do this - good use of web services and libraries.

Yet something about this is very off-putting. I’m not entirely sure what it is.

I suppose I could furnish some rather basic anticipated objections, sound prudish as they might to some of you. The user can only pick pictures of people that they are socially expected to find “hot.” But aside from the obvious reasons why that’s ridiculous, I don’t exactly feel that some jugular vein of sexual politics has just been sliced open.

(I did learn, from trying “switch to men” — out of idle curiosity as to whether the bias toward “mass-culture endorsed attractiveness” was the same — that I was apparently a bot, because I appear to not only lack the anything but the foggiest clue as to what it is that women find attractive about men, but — far more importantly for this exercise — have no expectation whatsoever of what is the “prescribed” social expectation of attractiveness by the masses of plebians submitting HotOrNot.com ratings. I imagine that’s a good thing from a heteronormative standpoint?)

But none of this cuts through to the essence of it.

I think if I had to pin it down to something, it’s probably some form of disgust that humans have once again managed to infuse - yea, pollute - yet another interesting and otherwise inertly formal innovation with sexual evocations, technology aiding and abetting.

At least the site acknowledges some form of that in its subtitle, “Using mashups to reach new heights (or new lows?) in security.”

Lows. Definitely new lows.

But then again, perhaps this objection is metaphysically problematic, rather as if I said that I suffer on behalf of the integrity of the concept of “comparisons” from the invention of beauty pageants.

That’s OK. If I wanted metaphysical coherence — or even to use the term “metaphysical” in a way that is truly correct — I wouldn’t have dropped out of the philosophy program.

You might say I ride the metaphysical short bus. These Presidium.org people are paying me by the word, so, garbage in -> garbage out as far as that goes.

^{1 Those who know me will understandably chuckle at the suggestion of brevity in connection with any explanation I deliver. But little did you know, these Presidium.org people are paying me by the word.}

^{2 The sort of stuff used to automatically turn scanned documents from mere images to editable text by “reading” the printed characters from the raw image.}

^{3 And fail. The only ones reported to work, in my experience, fall back on some sort of flat blacklist in the end.}

This entry was posted on Thursday, December 13th, 2007 at 4:33 am and is filed under Unequivocal Rants. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.