« Things No One Mentions When They Whine for the Good Old Days | Main | Incumbent Protection »

You're in the desert, you see a tortoise lying on its back, struggling, and you're not helping -- why is that?

We have all filled out online forms where one has to copy sometimes (purposely) hard to read letters from an image to confirm that one is not a robot (CAPTCHA).  Microsoft offers an alternative called Asirra, which stands for "Animal Species Image Recognition for Restricting Access."  I thought this might be a joke at first, but apparently it is real and MS provides access to it and sample code to use it for free.  You can get it here, and, perhaps more importantly, you can test to see if you are human.

Post title from here.

Posted on May 14, 2008 at 09:06 AM | Permalink

Comments

I can't thank you enough for posting that link. I can finally prove to my wife that I'm human.

Posted by: Ian Random | May 14, 2008 9:26:03 AM

A LOT of financial institutions have started using this recently.

Posted by: epobirs | May 14, 2008 10:14:52 AM

Blade Runner is one of my all time favorite movies. I recognized the title immediately.

Answer: What's a tortoise?

Posted by: Sailorcurt | May 14, 2008 11:47:38 AM

I've heard about this, and I'm wondering if we're about to experience a revolution in feline image detection algorithms. Seriously, these guys have been absolutely shredding captchas. I think that this is a stopgap measure at best.

Here's what gets me: A well-recognized best practice is to never log into a financial institution from a computer that isn't yours - keeping your computer secure is enough of a pain; relying on someone else's security is batshit insane. So if you take it as a precondition that you will be doing your online banking from your own computer(s), the simple solution is to have a thorough verification process (for example, one of my banks calls my phone and reads me a number to input into a web page) and then sends an SSL certificate to your browser. Yes, SSL authentication works both ways. It can identify a web site to you (the most common use), but your browser can also store certificates that authenticate it to the site in question. This is pretty good security - it's pretty much impossible to brute-force it. It still relies on the security of the end-user's machine and browser, but so does every other online authentication system so in no case are you worse off. Bonus - it's 100% transparent and automatic. Once it's installed, the user doens't have to do a thing.

Posted by: Erik The Red | May 14, 2008 8:57:59 PM

Followers of Microsoft will be shocked, shocked to hear that they stole the idea

Posted by: Jim Hu | May 14, 2008 9:57:32 PM

It isn't very "smart": if you select _only_ dog pictures it says "You're a bot!". I would think it obvious that 100% "wrong" is just as indicative of being a human as 100% correct; possibly more so.

Posted by: bob r | May 14, 2008 11:57:54 PM

This is much better.

Posted by: George Weinberg | May 15, 2008 9:41:51 AM

@George - Ironically enough, on a technical lever that is probably the most difficult problem to "crack." Tragically, political correctness will keep it out of the mainstream (although I might find a use for it on my site).

Posted by: Erik The Red | May 15, 2008 3:01:20 PM

Worse. Captcha. Ever.

Posted by: Scott | May 15, 2008 8:27:48 PM

The comments to this entry are closed.