http://www.perlmonks.org?node_id=385165

peppiv has asked for the wisdom of the Perl Monks concerning the following question:

I was curious to see who thought what about image verification technology. You know, the old type in the box what you see in the graphic. If successful, one would then be able to put in their user name and password and get on with a tracked session. Anything to keep out spiders and other crawling programs that might try to gain entry into a system.

I am currently slammed at work with other things and was hoping someone had made a dent in this area with Perl. I'm sure it could easily be done using the GD library. You could generate text at random and use it to create a PNG and verify against itself through user input. You could even drag out predefined words/images from a DB.

Or, is it not even worth entertaining?

peppiv

Replies are listed 'Best First'.
•Re: Image Verification Program
by merlyn (Sage) on Aug 23, 2004 at 17:59 UTC
      Hmmm. Excellent points to consider. Thanks. Sorry I couldn't find this link earlier.

      But how do you get around the typical username/password authentication to log into one of your accounts somewhere? Wouldn't they need to be ADA compliant also? Or does a good text-to-speech reader read the text and prompt the individual to type their info?

      peppiv

        I have been seing services adopting the practice of offering sound files as a verification vehicle for those who can't see the image.

        I don't know of a CPAN module that implements this so far, though, so you'd have to roll your own on this one.

        Makeshifts last the longest.

        If you want to make sure you'll be ADA compliant, there's some information on creating an audio Turing test here. I responded to that thread at the bottom, but I'm not familiar with that message board and I might try creating a new thread that gets pushed to the top of the list where someone might actually see it.

        UPDATE: See the replies I got here.

      A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Image Verification Program
by Aristotle (Chancellor) on Aug 23, 2004 at 18:03 UTC
Weird but true
by gaal (Parson) on Aug 23, 2004 at 18:28 UTC
    It's a pretty effective technique, but I've seen reports (sorry, can't find any links right now!) of insidious spammers putting up fake pr0n sites with "verification" pages that are actually stolen from sites they want to spam; they are in effect exploiting visitors they attract to their site for a sort of proxy computation.
      It's a pretty effective technique

      Depends what you're protecting. In general I've found the opposite - even ignoring the accessibility issues. For two reasons:

      • These things can be read by computers if somebody clever is coding them. Noticed how much more distorted the images on Yahoo are getting? Now I'm getting them wrong more often than not and I have pretty close to perfect vision (in one eye anyway :-). Escalation can only lead to images that more and more people with "normal" sight have problems with.
      • There are hacks to get around them. The fake-registration technique you mentioned is in wide use now. For anything that involves even a small dollar value for getting a registered account the Evil Person hires sweatshop labour that just sits there and registers accounts eight hours a day.
        It's It used to be a pretty effective technique :(

        Arms races suck.

Re: Image Verification Program
by adrianh (Chancellor) on Aug 23, 2004 at 23:27 UTC