Dan Hilton

You’ve all seen what happens when script kiddies and bots can automatically sign-up for some Internet based services. Comment spam, forum spam and splogs are all examples of such blights on the web landscape. However many websites make use of text to image functions (captchas) that thwart the scripting of such spam, causing the user to perform the easy task of reading the alphanumerical string and typing it into a little box and submitting the registration form to no avail. However, in the truest sense of accessibility, this breaks all screen readers. A friend of mine who is visually impaired had to have help back along setting up a Hotmail because his screen reader (Jaws) didn’t have a clue. What defeats a script also defeats a person with a vision problem.

However, if we could present another way of alerting a user to a passphrase that would allow valid registrations and defeat scripted attacks we could bridge this digital divide. In short we need the reverse of a Turing Test.

Turing Test?

The Turing Test is an experiment suggested by Alan Turing to find out if an Artificial intelligent machine was truly intelligent. You would place a person in one room with a terminal and a computer and a person in another. The person at the terminal would speak to each and based on their responses to questions decide which was the computer and which was the human. For more information see here: http://en.wikipedia.org/wiki/Turing_test

We want not to prove that our computer is a human but for it to be able to differentiate between a human and a computer. This is in computer science speak, a hard problem. However we can give our computer some advantages. We can set the questions and set the correct answers. We, as humans setting the question and answer can understand the semantics of each. Ask a computer to pick the odd one out of apples, pears, oranges and lights and with only that information it is quite hard. A computer has no concept of what a light is or how it differs from an Orange. If you produce a large enough set of such question and answers, which are picked at random with each pick being independent of each other, then you have the beginning of a very sophisticated abuse stopping system. Unless spammers start building some of the most advanced AI into their spambots, with a complete database of all possible such questions and answers the system works. The key is to ensure that each installation contains enough website specific question and answer pairs that are different to the general database given below.

We need a vast source of information that is well-know by humans but hard to build into a computer program. Simple questions such as “What is the capital of France?” can be easily broken down into their component parts with ease by a talented computer programmer. Computers are good with numbers and mathematical problems, so we should avoid such Q&A pairs. We need problems that utilises the human ability to derive information from facts that don’t seem logical.

1) Riddles

Some work has been done on using riddles in alt text of image based captchas, however we are faced with a limited set of riddles and an infinite ability of spammers to collect such riddles and produce databases of such puzzles. Plus what if a user was unable to understand the problem?

2) Type what we say

This option is based on a game called “Say what you see”, where you have to describe an item without using it’s name. So for example:

four legs, you sit on it = Chair.
Your bottom is on a ______ = Chair.

We need for our method to be successful, a many-to-one relationship problem, that can be easily generated by a computer but it doesn’t need to be NP-Hard, just hard enough to take a computer too long to work it out.

In part 2 we will look at some functions that can give us this many-to-one relationship.

The w3c have also done similar research here: http://www.w3.org/TR/turingtest/