# Oh, yeah, because that key is readily available on my keyboard...

•  Is it just me, or are the Captchas getting harder for humans to read?  Often I'm asked to enter a Captcha where you can't tell if it is an "i" or a "t"; or some nonsense like that.   But this one really takes the cake.  Hey, at least they're not asking us to enter arabic or greek letters (yet)

• Facebook uses reCAPTCHA. Basically, only one of the two displayed words is known and thus checked. If one of them has strange symbols in it, then it is only checking the other one.

• @dogbrags said:

Is it just me, or are the Captchas getting harder for humans to read?  Often I'm asked to enter a Captcha where you can't tell if it is an "i" or a "t"; or some nonsense like that.   But this one really takes the cake.  Hey, at least they're not asking us to enter arabic or greek letters (yet)

Nice try. "Ω" is a Greek letter.

• reCAPTCHA works by extracting CAPTCHA snippets from books. You got unlucky and your "first word" came from a physics book.

As for dogbrags, you're entirely right. CAPTCHAs are basically an arms race between the "good" people writing bigger and better tests to see if the visitor is human, and spammers writing bigger and better bots to break the tests. Hopefully something smarter will come along at some point, because reading an unreadable image gets old pretty fast.

• @anima said:

Hopefully something smarter will come along at some point, because reading an unreadable image gets old pretty fast.

Long as you have a rather small site with little public interest (to write a specific spambot for), creating an imaginative homebrewed solution works best in my experience. I have "invented" two different spambot traps. One requires the user to look up a word in an invented language from an online dictionary, the other has a "mail" input field that is hidden with CSS, but spambots faithfully fill it with their email addresses, which will cause the post not to be submitted. These two work brilliantly (even if they stop working I still have this idea to have a hidden field which will be assigned a magic value via JavaScript), unless someone wants to specifically spam my sites, which is really unlikely because they're so small. It won't help, of course, if the site you're running is Facebook.

• @derula said:

(even if they stop working I still have this idea to have a hidden field which will be assigned a magic value via JavaScript)

• @derula said:

[...] the other has a "mail" input field that is hidden with CSS, but spambots faithfully fill it with their email addresses, which will cause the post not to be submitted.

Clever. I like it. One could perhaps even go one step further and place the input field below an image/div/whatever, and make it more-or-less impossible to detect that its hidden' without actually rendering the page and running some nasty image analysis on the rendered output. (Or perhaps that's what you're doing already?)

@piskvorr said:

It'd be fun if one could detect/fingerprint a spambot using JS (possibly by benchmarking various JS calls?) and then start factoring prime numbers or something. One could even have the spambot return the result in a form...

•

Try that one. I spent minutes wondering which one is the known one and which one is the word the OCR couldn't understand*. Then I actually entered it, and the bugger didn't let me in.

* Недели is a word in Russian, means "weeks". Substrou isn't recognized by Google translate as a word in any language.

• @cvi said:

Clever. I like it. One could perhaps even go one step further and place the input field below an image/div/whatever, and make it more-or-less impossible to detect that its hidden' without actually rendering the page and running some nasty image analysis on the rendered output. (Or perhaps that's what you're doing already?)

Nope, I just have a display:hidden on the input, so if the bot has a CSS parser, it might figure it out. Your idea sounds awesome. You could also have the field included as the last field in a div that has fixed height and overflow:hidden, though probably the field being at the bottom of the form might be a giveaway. Maybe you could make it with CSS or probably combination of CSS/JS so that it is at the top of an overflow:hidden div and the top of the div is what's hidden...?

• Two more alternatives are:

1. "write the third word of this sentence into the following input"
2. "write the word wh<span class="foo">NOT_THIS_PART</span>atever into the following input", where .foo is styled as invisible (display:none or width:0;display:inline-block;overflow:hidden, etc.)

• if you're really paranoid about spammers you can always use something like that:

• But then Math impaired persons like Blakeyrat would not be able to access the site, you should be able to switch to other subjects.

• @haha-only-serious said:

...

Brilliant. Everybody knows computers suck at mathematics.

• @dogbrags said:

Is it just me, or are the Captchas getting harder for humans to read?

No, you're just becoming more and more robotic. You'll have to be destroyed before it progresses any further.

• @Pascal said:

Facebook uses reCAPTCHA. Basically, only one of the two displayed words is known and thus checked. If one of them has strange symbols in it, then it is only checking the other one.

And thus you can enter all sorts of fun things like curse words and racial slurs and hope they some day show up in digitized text. Extremely subtle misspellings are a good choice as well.

• @db2 said:

And thus you can enter all sorts of fun things like curse words and racial slurs and hope they some day show up in digitized text.

Damn you for ruining my ebooks.

• @Someone You Know said:

@dogbrags said:

Is it just me, or are the Captchas getting harder for humans to read?

No, you're just becoming more and more robotic. You'll have to be destroyed before it progresses any further.

Win.

•  My favorite anti-spam method involved the following radio control:

• I am a filthy, no-good spam bot
• I am a human
With the first option being the default.  I thought it was brillant.

• @hoodaticus said:

My favorite anti-spam method involved the following radio control:

• I am a filthy, no-good spam bot
• I am a human

With the first option being the default.  I thought it was brillant.

How well did that actually work?

• @haha-only-serious said:

if you're really paranoid about spammers you can always use something like that:

I'm still waiting PoC of this

• @hoodaticus said:

My favorite anti-spam method involved the following radio control:

• I am a filthy, no-good spam bot
• I am a human
With the first option being the default.  I thought it was brillant.

Mine is two questions -"Which of the following does not describe you accurately?" with answers "Human" (default) and "Bot", and "Is the answer to the above question correct?" with answers "Yes" (default) and "No".

• @haha-only-serious said:

if you're really paranoid about spammers you can always use something like that:

That is a great idea for a social site! Only allow people who can answer those questions in. Hmmmm, maybe even a dating site. You, my friend, are a genius!

(tired of celebrity BS on the net)

• @rooh said:

Try that one. I spent minutes wondering which one is the known one and which one is the word the OCR couldn't understand*.

There is always a word that the OCR could understand (or has determined though user input) and that

1. Only contains lowercase latin letters, i.e. no spaces, numbers or accents
2. gets "waved" by the computer after being rendered in a standard font. So they always end up lookin like the one on your left

So a word with cyrillic characters will never be the "real" word.
In 2 also lies the weakness of reCAPTCHA. They break it by making bots good in detecting the "real" word and just fill in some gibberish for the unknown one.

• @dtech said:

In 2 also lies the weakness of reCAPTCHA. They break it by making bots good in detecting the "real" word and just fill in some gibberish for the unknown one.
Or, since it's reCAPTCHA, not bother putting anything in to begin with.

• @dtech said:

There is always a word that the OCR could understand (or has determined though user input) and that

1. Only contains lowercase latin letters, i.e. no spaces, numbers or accents
2. gets "waved" by the computer after being rendered in a standard font. So they always end up lookin like the one on your left

I always thought that is works this way: they only use words that failed to be recognized. First, they put it on the left. When they have a good number of matching transcriptions, they believe this to be correct and consider it a "good" word they know the match for and can put it on the right. If it gets many different interpretations or lots of reloads, it is removed from the cycle. This way it actually makes sense to me; the way you described it, it's a really pathetic approach and not harder to solve than any other captcha.

• @derula said:

and not harder to solve than any other captcha.
reCAPTCHA's not meant to be particularly more difficult than other captchas (the distortion can be changed to make it easier/more difficult anyway) - the differentiation between it and other captcha's is that (normally) filling them out does slightly more than prove you're human to whichever site is using it - it's also being used to translate 'unreadable' (to OCR) words that have been scanned in.

• @OP: charmap is your friend. Ω = \u03a9.

• @The_Assimilator said:

@OP: charmap is your friend. Ω = \u03a9.

Are you REALLY going to dig into charmap for a fucking captcha? Because I know I sure as hell wouldn't.

• @PJH said:

it's also being used to translate 'unreadable' (to OCR) words that have been scanned in.

Sure, I knew that, but I thought it would also do what I said

At least that explains why the reCAPTCHA on one of my sites got broken without any trouble at all.

• @Weng said:

@The_Assimilator said:

@OP: charmap is your friend. Ω = \u03a9.

Are you REALLY going to dig into charmap for a fucking captcha? Because I know I sure as hell wouldn't.

Me neither. But I might dig into kcharselect, because there, it would suffice to type in "omega", select the upper-case Omega, copy it, paste, and there you go. Charmap is a bit more of an inconvenience.

• @derula said:

@Weng said:

@The_Assimilator said:

@OP: charmap is your friend. Ω = \u03a9.

Are you REALLY going to dig into charmap for a fucking captcha? Because I know I sure as hell wouldn't.

Me neither. But I might dig into kcharselect, because there, it would suffice to type in "omega", select the upper-case Omega, copy it, paste, and there you go. Charmap is a bit more of an inconvenience.

HAI YOU GUYZ I use lunix and it's so great and its so much better than windows and all the applications start with k for no reason you should use lunix too, hahaha you get viruses on win$oze Sorry, that's about the standard response I give for people bragging about a Linux feature that's also been in Windows for ages. Praytell, in what way is Charmap "more of an inconvenience" when you can do the exact same thing? • @blakeyrat said: HAI YOU GUYZ I use lunix and it's so great and its so much better than windows and all the applications start with k for no reason you should use lunix too, hahaha you get viruses on win$oze

Sweet, $icroSoft finally got a charmap that works like kcharmap which begins with a k because it was made by KDE, good for them! If they continue borrowing ideas from KDE, they might have a usable desktop shell for their pro$rietary operating sys$em in a few year$.

• @blakeyrat said:

@derula said:
@Weng said:

@The_Assimilator said:

@OP: charmap is your friend. Ω = \u03a9.

Are you REALLY going to dig into charmap for a fucking captcha? Because I know I sure as hell wouldn't.

Me neither. But I might dig into kcharselect, because there, it would suffice to type in "omega", select the upper-case Omega, copy it, paste, and there you go. Charmap is a bit more of an inconvenience.

HAI YOU GUYZ I use lunix and it's so great and its so much better than windows and all the applications start with k for no reason you should use lunix too, hahaha you get viruses on win$oze Sorry, that's about the standard response I give for people bragging about a Linux feature that's also been in Windows for ages. Praytell, in what way is Charmap "more of an inconvenience" when you can do the exact same thing? BUT THE LAST TIME I USED WINDOZE BACK IN 1995 (BEFORE I SAW THE LIGHT AND SWITCHED TO LINUX BLESS STALLMAN'S TOES) IT DIDN'T HAVE THAT FEATURE AND BECAUSE M$ IS A MONOPOLY EVERYONE KNOWS THEY NEVER ADD NEW FEATURES SO OF COURSE WINDOZE CAN'T HAVE SUCH A FEATURE 15 YEARS LATER!!! AND EVEN IF WINDOZE DOES HAVE THAT FEATURE IT MUST OBVIOUSLY HAVE BEEN STOLEN FROM LINUX BECAUSE EVERYONE KNOWS THAT LINUX IS THE MOST INNOVATIVE OS IN EXISTENCE, THAT'S WHY WE STILL DON'T HAVE GAMES ON LINUX!

(no offence intended, derula.)

• @blakeyrat said:

in what way is Charmap "more of an inconvenience" when you can do the exact same thing?

Windows charmap is an unusable piece of shit.

• @dhromed said:

@blakeyrat said:

in what way is Charmap "more of an inconvenience" when you can do the exact same thing?

Windows charmap is an unusable piece of shit.

Err, what version of windows are we talking about? Windows 7 version of charmap is decent

• @serguey123 said:

Err, what version of windows are we talking about? Windows 7 version of charmap is decent
You mean the same charmap that's been practically unchanged since Windows 2000?

• @ender said:

@serguey123 said:
Err, what version of windows are we talking about? Windows 7 version of charmap is decent
You mean the same charmap that's been practically unchanged since Windows 2000?

Yeah, that one, even when it stay the same, it gets better with every OS version.  That is one of its main selling points

• @serguey123 said:

Yeah, that one, even when it stay the same, it gets better with every OS version.  That is one of its main selling points

I really like the skin of the window border.

• @blakeyrat said:

HAI YOU GUYZ I use lunix and it's so great and its so much better than windows and all the applications start with k for no reason you should use lunix too, hahaha you get viruses on win\$oze

Okay, I rephrase my post: "In the char selection tool pre-installed on my OS, I was able to find a feature I had never discovered in Windows' charmap before."

For the record, I do like KDE for myself. I like some of its features over Windows. I like some Windows features over KDE and GNU/Linux in general. I'm not telling people to switch to Linux (any more); I'm warning them about OSX ("it's more expensive without a major benefit in function; some of your favorite Windows apps might not work; I will not be able to help you fix problems with it") and if asked, I will recommend Windows 7 if they can afford it, or else or if they specifically ask about Linux, I'll recommend Ubuntu. I use openSUSE myself because it works well for me, but I'd not usually recommend it to anyone else. I know you didn't try to be insulting, but please leave these phrases to actual fanboy assholes, thankyouverymuch.

• What’s the matter, “ℱℒS(Ω)” too hard to type?

I’ve had mathematical formulae in Captchas before; I keep wondering whether it’s better to enter the Unicode text, or some TeX version, [i]e.g.[/i], “\mathcal{F}\mathcal{F}S(\Omega)”

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.