AreYouHuman CAPTCHAs defeated using SimpleCV

From my brief time playing around with the demo on the AreYouHuman page, it seems like the game is loaded onto the client side, and the javascript then initiates a callback to the php form indicating the results. Since the client has complete control over the javascript, it seems like it would be possible to simply send the server fake acknowledgement that the user has completed the game successfully. This seems fundamentally flawed and differs from regular captcha, where the client side has no awareness of right and wrong answers, and can't give immediate feedback. It simply acts an input to the server, which then judges the correctness, and if it isn't correct, returns a <i>different</i> problem, so a bot would have to start all over again.<p>So I think beating this captcha wouldn't require computer vision and stuff, simply sniffing the traffic on a successful run of the game and then replicating it appropriately later.<p>Also, how will this captcha system scale? They'll have to keep coming up with new sets of objects where some of them belong on a target and some don't.

From the video, the `AreYouHuman' captcha strikes me as quite culture-specific. `Put the tools in toolbox', `make pancakes' -- some people will know what and how to, others will not.<p>Meanwhile, a simple bot, as demonstrated, achieves high success rate. Could also be improved with automated learning , using suitable AI library; such libraries are freely available for making games.<p>With both false negatives and false positives high, the captcha's either done for, or at least needs some serious tweaks.

Why does the captcha allow infinite retries?<p>And why it lets you keep trying once you solved it?<p>Not that any of that would really fix the captcha, you'd just need to improve the code accordingly.

Image-based CAPTCHAs are already getting to the point where I can barely make out the letters. I'm guessing half the time and get annoyed when my guess was incorrect. The computers will only get better at solving them; what happens when there's no easy way for a computer to verify that it's talking to a person?

I have created Image Based CAPTCHA. which is combination of Normal CAPTCHA and advanced CAPTCHA.<p>You can find the research details here. If any CAPTCHA scientist want to further research on my CAPTCHA, I can OpenSource it completely.<p><a href="http://dndcaptcha.blogspot.in/2010/04/textareaid.html" rel="nofollow">http://dndcaptcha.blogspot.in/2010/04/textareaid.html</a>

How does the script move the mouse?

The whole CAPTHCA concept (while it is certainly clever) just seems backwards. Why are we trying to stop automation? It seems like we should be designing systems that accomodate automation, not try to stop it. If "automation is the problem", then something is wrong with the larger system. It would mean, e.g., that Googlebot is a problem because it is an automaton and not human.<p>We cannot just assume that everything that is automated is something we need to stop simply because it is automated.<p>Maybe the design of email is the problem?<p>Maybe the design of blog comment systems are the problem?<p>CAPTCHA's are aimed at stopping automation. That appears to be the only criteria they filter on. It just seems strange.<p>Of course CAPTCHA's will eventually be useless. Because most of us are working our tails off trying to push automation forward, not find ways to block it simply because it is automation.