I like how the turing test is reversed.... It isn't so much a concern whether human's can recognize a computer (these days anyway), but rather, can a computer recognize a human.
Maybe it's time to beat the captcha-cracking guys at their own game: use mechanical turk to "interview" people signing up for a new email account.
If you signed up via an IM session rather than a web form it would leave a lot more context in the communication, which might be useful for making a determination. You could also give the Turker additional money for an account that hasn't been flagged for spam in 30 days.
I don't know if this idea has any merit at all, but it seems like a natural response to the arms race at hand.
Given the financial aspect I'd prefer a technical solution as well, just as the spammers surely must wish they could solve captcha computationally. Unfortunately they're willing to pay per account and unless their opponents (the major email providers) are also willing to, they have a significant advantage.
I think the CC providers charge merchants for these. Do you know that to be incorrect? If I'm correct this means that it now costs email providers cents per account per month, which just took an expensive turn for the worse.
If it doesn't work that way I bet Visa amends their merchant agreement to start charging -- they aren't in the business of doing millions of identity verifications per month for free.
Oh, you definitely pay for the privilege of submitting Auth requests. You have to have a merchant account with the card issuer. The systems I've worked with went through a third-party gateway system which connects out to all the different card issuers. It's definitely not cheap to set up. I'm not sure if there's a per-request charge or not. I wouldn't be surprised either way.
I think there would actually have to be some money changing hands. Five dollars would be enough to throw out the spammers and still be a small enough amount to keep customers happy. This is assuming that their e-mail is extremely important to them.
I'm thinking Google and Microsoft can't do this. Perhaps there is a niche opportunity here?
I liked the early days of gmail where an invite was required - an invites were really hard to come by. Invite-only could be another barrier if you don't give new accounts the ability to invite for some weeks, and trickle in the invites.
But to really work, it needs the force of law (not that it wouldn't be gamed, but it's a lot easier to throw someone in jail for crossing the post office than some random companies TOS).
I'm not suggesting doing away with internet anonymity.
But I do think I would be a lot more comfortable transacting business remotely with people I knew had gone in to the post office or DMV and engaged in a legally binding act of self-identification.
Does anyone know technical details about how to crack Gmail's captcha system? I've no interest (or reason) to actually implement this, but it is very interesting.
> ... the list of CAPTCHA's it now understands and can bypass is reportedly fully up-to-date, and includes newer designs that ask the user to identify a cute cat or other distinct animal.
Basically, they've discovered a way to automate cuteoverload.com. And they're using this power to break captchas. Bastards.
There's no further information on how the program has accomplished this feat, but the list of CAPTCHA's it now understands and can bypass is reportedly fully up-to-date, and includes newer designs that ask the user to identify a cute cat or other distinct animal.
I assume the cute cat picture is displayed among other pictures.
