Share Email Print
cover

Proceedings Paper

Implicit CAPTCHAs
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

We propose a design methodology for "implicit" CAPTCHAs to relieve drawbacks of present technology. CAPTCHAs are tests administered automatically over networks that can distinguish between people and machines and thus protect web services from abuse by programs masquerading as human users. All existing CAPTCHAs' challenges require a significant conscious effort by the person answering them -- e.g. reading and typing a nonsense word -- whereas implicit CAPTCHAs may require as little as a single click. Many CAPTCHAs distract and interrupt users, since the challenge is perceived as an irrelevant intrusion; implicit CAPTCHAs can be woven into the expected sequence of browsing using cues tailored to the site. Most existing CAPTCHAs are vulnerable to "farming-out" attacks in which challenges are passed to a networked community of human readers; by contrast, implicit CAPTCHAs are not "fungible" (in the sense of easily answerable in isolation) since they are meaningful only in the specific context of the website that is protected. Many existing CAPTCHAs irritate or threaten users since they are obviously tests of skill: implicit CAPTCHAs appear to be elementary and inevitable acts of browsing. It can often be difficult to detect when CAPTCHAs are under attack: implicit CAPTCHAs can be designed so that certain failure modes are correlated with failed bot attacks. We illustrate these design principles with examples.

Paper Details

Date Published: 17 January 2005
PDF: 6 pages
Proc. SPIE 5676, Document Recognition and Retrieval XII, (17 January 2005); doi: 10.1117/12.590944
Show Author Affiliations
Henry S. Baird, Lehigh Univ. (United States)
Jon L. Bentley, Avaya Labs Research (United States)


Published in SPIE Proceedings Vol. 5676:
Document Recognition and Retrieval XII
Elisa H. Barney Smith; Kazem Taghva, Editor(s)

© SPIE. Terms of Use
Back to Top