Verifying a user is human

29 Nov 2007 - 10:18am
6 years ago
13 replies
712 reads
Chris Maissan -...
2007

I am in the process of designing a support forum for a software product. The
goal is to make it as easy as possible to ask a question. Ideally I'd like
to do away with the need to login all together, but it also needs to be Spam
resistant.

I've looked a little into the CAPTCHA (Completely Automated Public Turing
Test to Tell Computers and Humans Apart) method, better known as the
"distorted text method", but questions have been raised about both its
accessibility and effectiveness.

There is the option of sending an activation email. However, this adds
several steps for the user and is not without its own issues (Spam filters
etc.)

Does anyone have any thoughts on the best method to confirm a user is human?
Maybe a third option I haven't thought of?

Cheers,

Chris

Some links on CAPTCHA

http://en.wikipedia.org/wiki/Captcha

http://www.w3.org/TR/turingtest/

Comments

29 Nov 2007 - 4:10pm
Robert Hoekman, Jr.
2005

> I am in the process of designing a support forum for a software product.
> The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be
> Spam
> resistant.

First, I'm amazed you know what CAPTCHA stands for. :)

Second, this is a problem that really bugs me too, so I'm interested in
ideas. How about something like a "2+2 = ?" followed by a dropdown?
Dropdowns have low usability, so maybe entering the answer into an input
field would be better.

I've seen this type of solution used before, and while it requires more work
for the user, it's often less work than trying to interpret the letters in a
CAPTCHA system.

-r-

29 Nov 2007 - 4:25pm
Daniel Yang
2007

> How about something like a "2+2 = ?" followed by a dropdown?

2+2 in text would probably be easy to parse. Make the "2+2" an image
and it would probably do pretty well for next year or two. The
deterrent against the computer (image deciphering) is still being used
but it's more natural since it's a question format than a "copy this"
task. I have failed the CAPTCHA tests more than once or twice and it's
quite dehumanizing.

-Dan

29 Nov 2007 - 6:32pm
Jeff Howard
2004

Chris asked:
> Does anyone have any thoughts on the best method
> to confirm a user is human?

Seems like this made the rounds on the blog circuit a few weeks ago. Can't find the link but it was something like this:

"You're in a desert, walking along in the sand when all of a sudden
you look down and see a tortoise. You reach down and you flip the
tortoise over on its back. The tortoise lays on its back, its belly
baking in the hot sun, beating its legs trying to turn itself over
but it can't. Not without your help. Do you flip it back over? Type
your answer below."

IIRC there was an abbreviated test that simply asked:
"What color is an orange?"

On my own blog I've found it pretty effective to simply block any
comments with more than a certain number of URLs in the body. Also,
the Akismet spam filter on Wordpress has been remarkably efficient.
It's filtered out hundreds of spam comments with no false positives
and only one false negative since I started using it. I've never
looked in to how it works but it doesn't require anyone to "prove"
they're human.

// jeff

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Posted from the new ixda.org
http://www.ixda.org/discuss?post=23115

29 Nov 2007 - 6:35pm
Ari
2006

good question. on the internet (and with most desktop systems), no one would
know if a user was a monkey or a dog.
CAPTCHA, logins, etc. all have their drawbacks but they still work to some
extent. we're still far away from personal digital certificates and
unique identifiers of old such as SSN's (anyone who went to college in the
80s' will remember their SSN was also their college ID!) are prone to
forgery or theft.

have you looked into SMS messaging or verification? privacy issues aside -
it could at least be traced back to a human since last i heard dogs can't
use cell phones.

On 11/29/07, Chris Maissan <chris at absolutenorth.com> wrote:
>
> I am in the process of designing a support forum for a software product.
> The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be
> Spam
> resistant.
>
>
>
> I've looked a little into the CAPTCHA (Completely Automated Public Turing
> Test to Tell Computers and Humans Apart) method, better known as the
> "distorted text method", but questions have been raised about both its
> accessibility and effectiveness.
>
>
>
> There is the option of sending an activation email. However, this adds
> several steps for the user and is not without its own issues (Spam filters
> etc.)
>
>
>
> Does anyone have any thoughts on the best method to confirm a user is
> human?
> Maybe a third option I haven't thought of?
>
>
>
> Cheers,
>
> Chris
>
>
>
> Some links on CAPTCHA
>
> http://en.wikipedia.org/wiki/Captcha
>
> http://www.w3.org/TR/turingtest/
>
>
>
>
>
>
>
>
>
> ________________________________________________________________
> *Come to IxDA Interaction08 | Savannah*
> February 8-10, 2008 in Savannah, GA, USA
> Register today: http://interaction08.ixda.org/
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help
>

--
--------------------------------------------------
www.flyingyogi.com
--------------------------------------------------

29 Nov 2007 - 7:18pm
Jennifer Berk
2007

Chris,

I'd suggest you create your own test instead of using a standard
CAPTCHA. The simplest way to resist spambots is to give them a
question they haven't seen on several thousand other sites - and you
can easily make it accessible for humans if you don't have to worry
about fooling the machines. Take a look at
http://almaer.com/blog/logic-based-captcha-to-beat-the-blog-spam-bots
for a discussion of some possible questions at the end of the post.

Jennifer Berk

On 11/29/07, Chris Maissan <chris at absolutenorth.com> wrote:
> I am in the process of designing a support forum for a software product. The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be Spam
> resistant.
> ...
> Does anyone have any thoughts on the best method to confirm a user is human?
> Maybe a third option I haven't thought of?

29 Nov 2007 - 7:34pm
Matt Nish-Lapidus
2007

Hi,

CAPTCHA done right is very effective, and can be accessible as well.
I suggest taking a look at the reCAPTCHA project
(http://recaptcha.net/), they have an audio version available as well,
and it contributes back to the Internet Archive project, always a
worthy cause.

There was just a great article on a blog about CAPTCHA's, but I can't
remember which one right now.. when I find it I'll make sure to send
it back to the list.

Matt.

On Nov 29, 2007 10:18 AM, Chris Maissan <chris at absolutenorth.com> wrote:
> I am in the process of designing a support forum for a software product. The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be Spam
> resistant.

--
Matt Nish-Lapidus
email/gtalk: mattnl at gmail.com
++
LinkedIn: http://www.linkedin.com/in/mattnl
Home: http://www.nishlapidus.com

29 Nov 2007 - 8:09pm
bminihan
2007

Also, if it's a support forum for a software application, you could provide
the "key" for submitting support requests inside the software, or the
ability to do so (in the form of a button or link). Folks who come to the
site outside the software may have to suffer a login, but those coming from
your software would have a free ride, so to speak.

Bryan
http://www.bryanminihan.com

-----Original Message-----
From: discuss-bounces at lists.interactiondesigners.com
[mailto:discuss-bounces at lists.interactiondesigners.com] On Behalf Of Matthew
Nish-Lapidus
Sent: Thursday, November 29, 2007 7:34 PM
To: Chris Maissan
Cc: discuss at ixda.org
Subject: Re: [IxDA Discuss] Verifying a user is human

Hi,

CAPTCHA done right is very effective, and can be accessible as well.
I suggest taking a look at the reCAPTCHA project
(http://recaptcha.net/), they have an audio version available as well,
and it contributes back to the Internet Archive project, always a
worthy cause.

There was just a great article on a blog about CAPTCHA's, but I can't
remember which one right now.. when I find it I'll make sure to send
it back to the list.

Matt.

On Nov 29, 2007 10:18 AM, Chris Maissan <chris at absolutenorth.com> wrote:
> I am in the process of designing a support forum for a software product.
The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be
Spam
> resistant.

--
Matt Nish-Lapidus
email/gtalk: mattnl at gmail.com
++
LinkedIn: http://www.linkedin.com/in/mattnl
Home: http://www.nishlapidus.com
________________________________________________________________
*Come to IxDA Interaction08 | Savannah*
February 8-10, 2008 in Savannah, GA, USA
Register today: http://interaction08.ixda.org/

________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... discuss at ixda.org
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help

29 Nov 2007 - 8:10pm
jason zietz
2007

> I've seen this type of solution used before, and while it requires more work
> for the user, it's often less work than trying to interpret the letters in a
> CAPTCHA system.
>

reCAPTCHA is a nice CAPTCHA implementation that uses (mostly) actual
words for verification. And it's a nice way to help with the digitizing
of books as well.

http://recaptcha.net/

It also has some accessibility features built in. But, as with all
CAPTCHAs, it can be circumvented in a manner as described here:

http://en.wikipedia.org/wiki/Captcha#Human_solvers

The math equation solution is subject to this "hack" as well. I think
the only way you can absolutely verify that there's a non-nefarious
human on the other end is via biometrics, and I'm guessing that that
won't be a feasible option.

jason

29 Nov 2007 - 9:20pm
Murli Nagasundaram
2007

Here's one called Asirra that Microsoft is working on:

http://research.microsoft.com/asirra/

Blurb: "* Asirra is a human interactive proof that asks users to identify
photos of cats and dogs. It's powered by over three million photos from our
unique partnership with Petfinder.com <http://www.petfinder.com/>. Protect
your web site with Asirra — free!"

Cheers,

murli | www.murli.com
*

29 Nov 2007 - 9:45pm
bminihan
2007

That's a neat idea...hopefully your visitors aren't crying by the time they
make it into the site. Clever, tho =]

-----Original Message-----
From: discuss-bounces at lists.interactiondesigners.com
[mailto:discuss-bounces at lists.interactiondesigners.com] On Behalf Of Murli
Nagasundaram
Sent: Thursday, November 29, 2007 9:20 PM
To: Chris Maissan
Cc: discuss at ixda.org
Subject: Re: [IxDA Discuss] Verifying a user is human

Here's one called Asirra that Microsoft is working on:

http://research.microsoft.com/asirra/

Blurb: "* Asirra is a human interactive proof that asks users to identify
photos of cats and dogs. It's powered by over three million photos from our
unique partnership with Petfinder.com <http://www.petfinder.com/>. Protect
your web site with Asirra - free!"

Cheers,

murli | www.murli.com
*
________________________________________________________________
*Come to IxDA Interaction08 | Savannah*
February 8-10, 2008 in Savannah, GA, USA
Register today: http://interaction08.ixda.org/

________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... discuss at ixda.org
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help

30 Nov 2007 - 9:31am
bminihan
2007

I thought of that, too...having to remember or copy/paste a license key
might be a PITA for folks, so maybe the software could provide a simpler
"key" just to serve as a simple passcode to support options. Something you
could embed for freeware users as well, like "Your license key is:
XYZ123456456789, Your support key is: Pink Twinkies"...

Just a thought...

-----Original Message-----
From: Chris Maissan [mailto:cmaissan at gmail.com] On Behalf Of Chris Maissan
Sent: Friday, November 30, 2007 9:16 AM
To: 'Bryan Minihan'; 'Matthew Nish-Lapidus'
Cc: discuss at ixda.org
Subject: RE: [IxDA Discuss] Verifying a user is human

I had thought about asking for the license key when posting, but don't want
to alienate users of the freeware version (a.k.a. potential paying
customers). I also imagine it being a pain having to look up your license
key each time you wanted to make a post.

This is something we may reconsider if there is such a volume of questions
from freeware users that we can't keep up.

Chris

-----Original Message-----
From: Bryan Minihan [mailto:bjminihan at nc.rr.com]
Sent: Thursday, November 29, 2007 8:10 PM
To: 'Matthew Nish-Lapidus'; 'Chris Maissan'
Cc: discuss at ixda.org
Subject: RE: [IxDA Discuss] Verifying a user is human

Also, if it's a support forum for a software application, you could provide
the "key" for submitting support requests inside the software, or the
ability to do so (in the form of a button or link). Folks who come to the
site outside the software may have to suffer a login, but those coming from
your software would have a free ride, so to speak.

Bryan
http://www.bryanminihan.com

-----Original Message-----
From: discuss-bounces at lists.interactiondesigners.com
[mailto:discuss-bounces at lists.interactiondesigners.com] On Behalf Of Matthew
Nish-Lapidus
Sent: Thursday, November 29, 2007 7:34 PM
To: Chris Maissan
Cc: discuss at ixda.org
Subject: Re: [IxDA Discuss] Verifying a user is human

Hi,

CAPTCHA done right is very effective, and can be accessible as well.
I suggest taking a look at the reCAPTCHA project
(http://recaptcha.net/), they have an audio version available as well,
and it contributes back to the Internet Archive project, always a
worthy cause.

There was just a great article on a blog about CAPTCHA's, but I can't
remember which one right now.. when I find it I'll make sure to send
it back to the list.

Matt.

On Nov 29, 2007 10:18 AM, Chris Maissan <chris at absolutenorth.com> wrote:
> I am in the process of designing a support forum for a software product.
The
> goal is to make it as easy as possible to ask a question. Ideally I'd like
> to do away with the need to login all together, but it also needs to be
Spam
> resistant.

--
Matt Nish-Lapidus
email/gtalk: mattnl at gmail.com
++
LinkedIn: http://www.linkedin.com/in/mattnl
Home: http://www.nishlapidus.com
________________________________________________________________
*Come to IxDA Interaction08 | Savannah*
February 8-10, 2008 in Savannah, GA, USA
Register today: http://interaction08.ixda.org/

________________________________________________________________
Welcome to the Interaction Design Association (IxDA)!
To post to this list ....... discuss at ixda.org
Unsubscribe ................ http://www.ixda.org/unsubscribe
List Guidelines ............ http://www.ixda.org/guidelines
List Help .................. http://www.ixda.org/help

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.10/1159 - Release Date: 11/29/2007
11:10 AM

30 Nov 2007 - 9:48am
Patrick G
2006

ReCAPTCHA is an interesting innovation on traditional CAPTCHA
technology:

http://recaptcha.net/

"reCAPTCHA improves the process of digitizing books by sending words
that cannot be read by computers to the Web in the form of CAPTCHAs
for humans to decipher. More specifically, each word that cannot be
read correctly by OCR is placed on an image and used as a CAPTCHA.
This is possible because most OCR programs alert you when a word
cannot be read correctly."

On Nov 29, 2007, at 10:18 AM, Chris Maissan wrote:

> I am in the process of designing a support forum for a software
> product. The
> goal is to make it as easy as possible to ask a question. Ideally
> I'd like
> to do away with the need to login all together, but it also needs
> to be Spam
> resistant.
>
>
>
> I've looked a little into the CAPTCHA (Completely Automated Public
> Turing
> Test to Tell Computers and Humans Apart) method, better known as the
> "distorted text method", but questions have been raised about both its
> accessibility and effectiveness.
>
>
>
> There is the option of sending an activation email. However, this adds
> several steps for the user and is not without its own issues (Spam
> filters
> etc.)
>
>
>
> Does anyone have any thoughts on the best method to confirm a user
> is human?
> Maybe a third option I haven't thought of?
>
>
>
> Cheers,
>
> Chris
>
>
>
> Some links on CAPTCHA
>
> http://en.wikipedia.org/wiki/Captcha
>
> http://www.w3.org/TR/turingtest/
>
>
>
>
>
>
>
>
>
> ________________________________________________________________
> *Come to IxDA Interaction08 | Savannah*
> February 8-10, 2008 in Savannah, GA, USA
> Register today: http://interaction08.ixda.org/
>
> ________________________________________________________________
> Welcome to the Interaction Design Association (IxDA)!
> To post to this list ....... discuss at ixda.org
> Unsubscribe ................ http://www.ixda.org/unsubscribe
> List Guidelines ............ http://www.ixda.org/guidelines
> List Help .................. http://www.ixda.org/help

30 Nov 2007 - 9:22am
Chris Maissan -...
2007

Thanks for all the input guys. You've given me some great ideas - which is
exactly what I was hoping to get.

Cheers,
Chris

Syndicate content Get the feed