Michael Kaplan said,
> I suggest that the following be removed from the FUSSP list:
> "Spammers can't automate puzzle solving, character recognition,
> or or other hoops in the FUSSP that legitimate users must jump
> manually."
I object; Michael, you did not provide, imho, sufficient empirical or
other convincing evidence, proving that your CAPTCHA is immune to
automated solution. I understand your intuitive claims but I think these
can only serve as some intuition. Of course, such intuition could
convince somebody to use your system, and after 10-20 years of such
serious use, you may claim you have a convincing proof.
On the other hand... Did you consider that user used to receiving and
solving your CAPTCHA in bounces to their e-mail, may be abused by
spamware or other malware, causing them to solve your CAPTCHAs for the
hacker's advantage? I mean, these poor fellows whose machines are
zombies, now will become victims on their human time as well, as they
are forced to solve your CAPTCHA's... Of course, the spamware will
present the CAPTCHAs as if they are bounces to mail that the user
actually sent - this is trivial (certainly with your current design - I
guess, one response would be to incorporate some aspects of the e-mail
into the CAPTCHA itself - not that this solves the entire problem...)
So I suggest adding/modifing the rule as follows:
"Spammers can't automate puzzle solving, character recognition,
or or other hoops in the FUSSP that legitimate users must jump manually,
and can't trick users into solving these puzzles for them."
Best, Amir Herzberg
http://AmirHerzberg.com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg