The squished-up word is the control word, and the straight one is the unknown one. You only need to get the wavy word right and just guess at all the cut-off examples.
Here's something interesting. If I go to the ReCaptcha demo page in Chrome that is logged in to Google, I get all house numbers, a lot of which seem like easy OCR. If go to the same demo page in Incognito mode, I get the two word version instead, like this blog is complaining about.<p><a href="http://www.google.com/recaptcha/demo/" rel="nofollow">http://www.google.com/recaptcha/demo/</a>
The audio captchas are psychotic. They are scarier sounding than anything I've heard in a horror movie lately, and I have never been able to solve one.
Here's the one I got on linkedin recently<p><a href="https://twitter.com/check_ca/status/480784849260019712" rel="nofollow">https://twitter.com/check_ca/status/480784849260019712</a>
I was just thinking this yesterday when I had to recover a Flickr account I hadn't used in ages. I had to solve captchas from Yahoo and Microsoft.<p>The Yahoo captcha used rotating, bouncing letters on a scrolling background of more letters - ridiculous. Microsoft's was just a typical smeared mess, but no easier to actually solve.<p>I think I failed each at least 3 times.<p>It's not just difficult captchas, but use of them everywhere. The site my university recommends for ordering textbooks starts inserting captchas if one searches more often than perhaps twice within a minute. Another I can't recall the details of requires a captcha solve to make any sort of profile change despite being previously authenticated.
I'll repost this once again. Why you should never use a CAPTCHA:
<a href="http://www.onlineaspect.com/2010/07/02/why-you-should-never-use-a-captcha/" rel="nofollow">http://www.onlineaspect.com/2010/07/02/why-you-should-never-...</a>
Lately I've noticed 90% of my captcha's being a single number. That is it. A number like "1057" with nothing else. what do they honestly expect me to do with this?<p>Basically I have to fill in the number and then guess whether it was the first or second set of characters and fill out bogus before or after the number and hope I got it right. The numbers weren't even hard for a computer to read. The only thing it does is waste everyones' time.
What is everyone thoughts on this type of CAPTCHA?<p><a href="http://areyouahuman.com/site-owners/playthru/" rel="nofollow">http://areyouahuman.com/site-owners/playthru/</a>
I can't believe we have not figured out something better than captchas by 2014. I would imagine Google could figure at least how to bake something into Chrome which many would eventually follow. It's asinine that all legit customers have to go through such a silly, completely unrelated hoop.
I always worry that they're getting harder because I'm getting old, so it's comforting that an arms race against bots is the real cause! :)
I think it's time to move to the ultimate captcha: "Is this post spam?"<p>Then we just hope that the spammers create a perfect solver again :)
I realised an intersting thing there. I also get those complex captaches using firefox. But I also have an Opera12.17 running. With this one my captchas for the same page are ridiculousy easy. Sometimes it's just an house number. One item. I never had one even close to what I get on FF.
A paper came out awhile ago showing that neural networks are extremely vulnerable to adversarial examples [1]. They showed even slight perturbations of an image generated with their method could cause NNs to misclassify it, but appear no different at all to a human. I am interested if methods like this could be used to extend the life of CAPTCHA a bit longer, even as computers are starting to beat even humans at object recognition tasks.<p><a href="http://cs.nyu.edu/~zaremba/docs/understanding.pdf" rel="nofollow">http://cs.nyu.edu/~zaremba/docs/understanding.pdf</a>
We found that neural networks can solve CAPTCHAS much better than humans, 99.8% on the "hard" ReCAPTCHA instances: <a href="http://arxiv.org/pdf/1312.6082.pdf" rel="nofollow">http://arxiv.org/pdf/1312.6082.pdf</a><p>This is why visual recognition is just one of the signals you need to use to tell humans and computers apart <a href="http://googleonlinesecurity.blogspot.com/2014/04/street-view-and-recaptcha-technology.html" rel="nofollow">http://googleonlinesecurity.blogspot.com/2014/04/street-view...</a>
Dear website owners, please, do not use reCaptcha. As was noted in other comments, Google discriminates against the users who try to protect their privacy by showing them nearly unsolvable variant. For instance, I see the hard version all the time since I started to use Privacy Badger for Firefox. It is also not impossible that they discriminate by user-agent.<p>And generally it is a very bad idea to choose the most popular service among the alternatives, as by doing so you are contributing to the centralization and monopolization of the Internet.
<a href="https://www.youtube.com/watch?v=kNdDROtrPcQ&feature=kp" rel="nofollow">https://www.youtube.com/watch?v=kNdDROtrPcQ&feature=kp</a><p>Pretty neatly conveys the feelings on this topic.
It took me about 30 min and >15 captcha's before I could register for this site. The audio didn't help either...<p>They <i></i>are<i></i> getting ridiculous.
[shameless blog post promo ahead]<p>One simple way for minimizing junk going through automated submits. Idea without using recaptcha at all:
<a href="http://ademsha.com/notes/simple-proposal-to-stop-spam-going-through-web-forms/" rel="nofollow">http://ademsha.com/notes/simple-proposal-to-stop-spam-going-...</a><p>It works only with JS enabled and uses randomization in order to stop bots learning how to avoid it.
I have to type this awful thing every time I log into Envato and I can never get it right. It's so frustrating. Envato refuse to acknowledge its an issue.<p>I don't even get the point of it since you can get passed them by just hiring people off like at <a href="http://antigate.com/" rel="nofollow">http://antigate.com/</a> for as little as 70c per 1000 captchas
Recent discussion, <a href="https://news.ycombinator.com/item?id=7419667" rel="nofollow">https://news.ycombinator.com/item?id=7419667</a> (there are others)<p>Also a couple of examples <a href="http://alicious.com/hard-recaptcha-huh/" rel="nofollow">http://alicious.com/hard-recaptcha-huh/</a>.
Since 2012 there have been some changes that make it easier under "normal" conditions: <a href="http://googleonlinesecurity.blogspot.com/2013/10/recaptcha-just-got-easier-but-only-if.html" rel="nofollow">http://googleonlinesecurity.blogspot.com/2013/10/recaptcha-j...</a>
Is it not obvious in the first case that "secretary" is the unknown word? Clearly ocr wasn't able to read it due to the fading. Likewise, the cut off words spanning two lines in the later versions are obviously the unknown words. The author states right at the beginning that he understands there is a control and an unknown word; he then proceeds to "hope" that the obvious unknown word is the control in the first case, then skip numerous captchas where the control word is straightforward and the illegible word is obviously the unknown. This certainly sounds like willful ignorance for the sake of a blog post.<p>Also, '“Onightsl”? “Onighisl”? Are those even words?' No, my understanding is that dictionary words are never used as the control, so as not to be vulnerable to dictionary attacks.<p>Edit: I'm not suggesting that these captchas are in any way good; they do clearly have issues. I'm just saying that storyline in the blog post seems contrived. To me it would be more convincing if presented in a more genuine manner. However, perhaps he was simply very unlucky.
I believe that this will eventually become a losing game. Normally there's an arms race between those creating security and those thwarting it. In this case, once the recognition schemes are as good as humans, the game is over for good.
If only we could invent the verbal equivalent of a trapdoor function. A word puzzle that would be extremely easy for computers to generate and humans to solve (since we understand language), but extremely hard for computers to solve.
Easy...
A stereogram "captcha" ...
What's the hidden 3D image?
More fun too...
<a href="http://www.brainbashers.com/stereo.asp" rel="nofollow">http://www.brainbashers.com/stereo.asp</a>
This is where Facebook comes in handy! Please add your captchas there: <a href="https://www.facebook.com/IHateCaptchas?fref=ts" rel="nofollow">https://www.facebook.com/IHateCaptchas?fref=ts</a>
It is funny how link [1] from my app solving this problem got more upvotes :)<p>[1] <a href="https://news.ycombinator.com/item?id=7944540" rel="nofollow">https://news.ycombinator.com/item?id=7944540</a>
There are plenty of tricks around Visual Captchas. What you need is a semantic captcha that's only recognizable as such by a human. Hide a simple question somewhere in a piece of text.
The problem isn't captchas, but users not understanding how to interact with them. So what if a few are bad? Hammer out best guesses, fast as you can, until you're successful. It's not as if you're graded on accuracy. There is no reason to ever resort to the refresh button,<p>Out of curiosity, I went and opened the demo page (<a href="https://www.google.com/recaptcha/demo/ajax" rel="nofollow">https://www.google.com/recaptcha/demo/ajax</a>) in a new incognito window and timed myself. I can do about 8/minute at maybe 90% accuracy.<p>Captchas are only a problem if you compulsively refresh in hopes of getting something clear.
I've recently seen a bunch of them with just one number. Just a single 7 or 4 on a white background and nothing else. Kind of scratch my head at those ones.
hmm, I have to say I haven't had a recaptcha that bad yet, but I have had some bad ones....
But uh... on the first bad recaptcha when trying to guess their password they thought - this recaptcha is ridiculous I will try to solve it of course but just right now I am also going to screenshot it because this is naturally the first thing I think to do!
Alternatives exists, but the usage is low.<p>A simple solution is google Authenticator (or similar systems).<p>The only problem is a system for all kind of users and equipment.