Thank you for you time. I include responses to those queries of yours to which
a concrete response could be readily given. I also include a couple of new
methods I've developed to deal with the flaws that have been pointed out.
This is the first and only CAPTCHA developed that is invulnerable
to
technical circumvention. I have to admit that I am surprised that
this innovation in and of itself has not generated more discussion.
Maybe it's because more people agree with me, that it can be and will
be defeated technically, than with you, that it can't and won't?
There's a lot of very good work being done by computer vision people,
solving basically this very problem - and with difficult noisy
real-world images, not the nice clean synthetic ones you use.
The traditional way in which a CAPTCHA would be used to transmit text would be
to take an alphanumeric character and distort it enough so that an optical
character recognition program could identify it, but you couldn't distort is so
much so that a person would have trouble identifying it. These alphanumeric
characters represent 36 simple 2 dimensional objects; not a very large universe
of objects to pick from. CAPTCHA today still do a surprisingly impressive, if
not quite sufficient, job of foiling OCR software.
I have replaced the task of identifying a never changing library of 36
two-dimensional objects with a constantly changing effectively infinite library
of 3D images. It took me one day to whip up the three crude 3D objects in my
example, and I am inexperienced with generating such objects. How long would
it take any video game manufacturer or computer animation studio to whip up
2,000 easily identified and unique objects? How long would it take a spammer
to design a program to recognize these objects? Remember, the spammer isn?t
going to have access to the actual library of 3D images, he will only have
access to the 2D output. How will the spammer deal with the fact that the
objects in this library will constantly change?
Yes, this is vaporware, but the theory is sound. I am an optimist when it
comes to technology and I believe that one day we will have computers that can
recognize almost any object in the world, but that day isn?t today.
I have the contact information of authorities in the field of developing human
interactive proofs and I plan on submitting my concept to them. I will defer
to their opinion of my CAPTCHA. I decided, however, that my first step on this
journey would be the ASRG.
I[']ll guess that every three or four months a TYPICAL user will
suffer a day or two of spam and will need to deactivate a single
sub-address. Otherwise this system is beyond any technical
subversion. Is there any other system existing or proposed that
can
claim this?
Sure. Any of them. And in most cases, with about as much truth.
I would accept one concrete example of a more effective anti-spam.
Bounces [-] The fact that my system employs bounces seems to
greatly
disturb many people. The strongest objection concerns the
additional
burden these bounces will put on the email system.
Perhaps strongest to you. The strongest to me is that the
challenge/bounce messages will spam anyone whose address gets forged
into the from-line of spam to an early adopter. Committing abuse in
the name of fighting abuse is hypocritical - and unacceptable.
I just figured out an excellent way to deal with the bounce issue. I wish I
had thought of it earlier. It is as follows:
The problem with the bounces does not involve the small number of bounces sent
in response to emails from legitimate senders who are not on the white list and
who used a deactivated sub-address. The real problem will be with the bounces
that are sent in response to the hoard of spam that is being sent using a
deactivated sub-address (or with no sub-address at all).
All emails that would have generated bounces are first sent through a weak spam
filter (meaning one that will almost never generate a false positive). Let?s
say that this weak filter identifies 95% of these emails as unambiguously being
spam. Bounces are now generated only to the remaining 5% of emails. Now my
system will only increase a networks traffic by about 5%. This small increase
in traffic should be quite tolerable. We have also dramatically decreased the
number of innocent people who will be hit with these bounces because a spammer
forged their email address.
There will still be some innocent victims, but the number is now far fewer.
Frankly though if a spammer is able to forge your email address then you must
really be receiving a lot of spam and you would probably be better off either
switching to a less obvious address or by activating my system.
The theoretical maximum increase in email traffic that this system
could generate would be 100% if we consider an email account that
receives emails with invalid sub-addresses exclusively.
Not quite. There is no real limit to the maximum increase when two
implementations start challenging one another's challenges - it's a
classic bounce laser.
In my system bounces will never be sent in response to a bounce.
Filters likely increase email traffic to much greater extent,
albeit
indirectly, as spammers generate vast quantities of spam to get
around them.
And why won't the same be true with your system?
Spammers can have some success against a filter by sending 10 times the email
that
they normally would. Why would any spammer try to deal with an effectively
non-existent email address by sending 10 times more email to that address?
Language [-] There was also a lot of concern over how the bounces
would be managed by recipients who use different languages. I
would
respond that most people who correspond with each other do so in
the
same language.
Yes - but how is your system going to know what language that is?
Also many web-sites use the common technique of showing icons of
international flags to represent languages, and clicking on your
respective flag will bring up a page with your own language. This
same technique can apply to bounces.
I'll believe it when I see it. You appear to have mistaken email,
which is a static technology, for the Web, which is interactive to at
least the minimal extent necessary to support the sort of user
interface you describe.
I just realized the obvious answer to the language issue and it?s so simple that
I?m embarrassed that I did not think of it earlier. The answer to this problem
is the following:
When you activate this system you select what languages you want the bounces to
go out in. Someone who spoke English and Chinese would select both languages.
The bounce will go out containing instructions in BOTH languages. If someone
who only spoke Russian sent this Chinese and English speaker an email using a
deactivated sub-address then yes, the Russian person would not be able to
directly follow the instructions to decode the CAPTCHA. It will be a rare
occurrence, however, for these two people to be corresponding. The
inconvenience introduced between people who cannot communicate with each other
in the first place will be a tolerable flaw in this system.
The typical user is not exposing their email address multiple times
a
day to spammers.
No; the typical user is exposing others' email addresses multiple
times
a day to spammers.
Okay, that's a slight exaggeration. The proportion of zombied
Windows
boxen out there has not yet reached 50%, so "the typical user" still
isn't zombied. But any zombied machine's address book is available
to
spammers in full, including any address using your system that may be
in it.
The efficacy of automatically generated sub-addresses has already been proven,
just look at services such as Zoemail and Reflexion. These services are very
effective at stopping spam. My system would ideally encompass these proven
technologies. My system addresses the flaws that exist with these
technologies, namely these services cannot retroactively protect existing email
accounts in any practical way and that legitimate senders who have their
sub-addresses deactivated have no practical spammer-proof way of acquiring a
new address.
Is there anyone who does not think that this system is profoundly
superior to every other challenge/response system?
As I would hope is obviously by now: Yes. Me.
Can you be more specific as to why my system is not superior to every other
challenge/response system? Is there any other challenge/response system that
allows for the unimpeded receipt of third party emails? Is there any other
challenge/response system that avoids challenging every unique correspondent?
Is there any other challenge/response system that uses a challenge that is as
resistant to automated attack as my system uses?
Seeing the CAPTCHA requires a system that either allows for a
graphics capable MUA or allows activation of a hyperlink [-] True.
You would need to access a system that would allow you to see
graphics.
Which kills it right there, as far as I'm concerned. (As if it
needed
further killing for me.)
A graphics capable MUA is the most convenient, but all you would
really need is a computer with a web browser so you can paste the
link into the browser and view the CAPTCHA.
No. A computer with a *graphics-capable* web browser.
Don[']t most people have access to web browsers?
Most people? Certainly. And if you can arrange that only those
people
ever send mail to your system, you're fine - in that respect.
Typical users can see email graphics. I obviously travel in
different circles since I don[']t know a single person who uses an
email system that is not graphics capable.
Your system needs more than graphics capable; it needs graphics
convenient. I can, if I need to, extract an image frokm a webpage or
email and look at it. It is not a convenient process, and I most
certainly would not bother to do it to answer a C/R challenge.
I would argue that most typical users would not worry enough about
the minority of people who cannot access graphics via their mail
system. The incentive to use a system that effectively eliminates
spam would outweigh the need to cater to this minority.
Typical email users use systems that are graphics convenient. A smaller number
use a system that is graphics capable if not convenient. A very small number
of people use systems that are graphics incapable. The worst case scenario is
that someone refuses to adjust to a graphics capable system. In such a case my
system will revert back to the functionality of Zoemail or Reflexion; two
pretty good if imperfect systems.
I don't know if this process is helping anyone else but it is helping me. I
spent a lot of time thinking about what obstacles existed and ways to get
around them but it wasn't until I came to this board that I understood that I
paid insufficient attention to issues such as problems caused by errant bounces
and language barriers. I already feel that my concept has been improved and I
will update my website before pursuing this further at other venues. I admit
that I am still baffled by some of the objections to my system but I will
persevere.
Thanks,
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg