Digg Meets KittenAuth

Well its been an interesting couple of days. I invented KittenAuth (the single cutest human-verification method ever), published a write up on it and within hours the server was swamped in what can only be described as "the internet".

Well its been an interesting couple of days. I invented KittenAuth (the single cutest human-verification method ever), published a write up on it and within hours the server was swamped in what can only be described as "the internet". Been getting lots of hits from Digg, Reddit and a billion other blog that've linked here from those stories.

People have expressed wishes for projects for this kind of thing for their blogs. All I can say is wait while I carefully push out a newer version which doesn't have any of the pitfalls of this version. When I've got the new specs out it should be pretty bot-proof.

There have also been a few people saying that this can be hacked just as the hardest CAPTCHA can by getting humans to enter it. Apparently the most common way of doing this is getting users of other sites (usually free-porn sites) to enter the correct combination and the bot goes back with this information. To those people, I say this: Who in the hell do you think is going to click kittens for porn? Ok. Glad we've sorted that one out.

Anyway the site was hit pretty hard by Digg but I think I'm **just** going the slip under my bandwidth limit this month. As I'm not allowed to explicitly say "click the adverts" (as to stay within the adsense contract) I'm going to say: If you like what I'm doing you might like what our sponsers are offering so at least read the adverts.

The site has passed the stress test though having handed out 4.2million requests from a total of 36,000 users using 10gigs of bandwidth over a 48 hour period. Thanks to my hosts, Hostek, for continuing to be brilliant and not pulling the plug when things got really insane.

If you have a spare $1 languishing in a long-forgotten (or otherwise) paypal account, please can I suggest you hit my donate button and toss it in my general direction. Might mean I can afford to put extra time into the project and feed my kittycat. Thanks to the few that have clicked donated so far.

Written by Oli on Saturday, 08 April 2006. Tagged with kittenauth, digg, news. Read 1349 times. If you liked it, please give it a digg.

#1 /* 3 years, 8 months ago */

This is a wonderful idea. I don't know if you have seen the system on http://questionville.com, it looks pretty interesting as well. There they have a picture and you have to match the description with the picture.

I am impressed by the kittens, but it was hard for me to figure out which ones were actually kittens since the resolution of the pictures are kinda low...

Lastly, are you planning on creating a plugin for wordpress?

Quote

Abhinav Kaiser Anonymous User

#2 — Author comment /* 3 years, 8 months ago */

Yeah Generic-ASP.net, WP and Drupal are going to be the first projects to get setup.

How fast they get finished depends on what help the projects get.

Just managing to keep the site online is proving to be a bit of a mission at the moment though.

QuoteSiteProfile

Oli Numero Uno

#3 /* 3 years, 8 months ago */

but with only a 3x3 grid, my ninth grade math skills conclude that there are only 27 combinations, which might not be enough to prevent a determined bot to get through.

Quote

Jeff Milner Anonymous User

#4 /* 3 years, 7 months ago */

I reckon there are 9C3 combinations, which if my math doesn't fail me is 9!/6!3! = 84. That still gives the bot a reasonable chance though. The bot has a 50% chance of succeeding after 58 random attempts:
(1-(1/84))^58 ~= .5

If there were randomly between 0 and 9 kittens in the page, there would be 512 combinations. However, it would be much harder for a human to process, since some of those fuzzy pictures arguably could be kittens; knowing that there are exactly three to be found means you just have to pick the three which look *most* like kittens, which is a lot easier.

Note that if there were either 4 or 5 kittens to be found, there would be 126 combinations, which is a bit more secure. 9C4 = 9C5 = 9!/4!5! = 126.

A 4*4 grid, where you had to pick 8 kittens, would have 12870 combinations.

Quote

Brian Candler Anonymous User

#5 /* 3 years, 7 months ago */

Oops, Oli already published all the math anyway:
http://www.thepcspy.com/articles/security/the_cutest_humantest_kittenauth

Quote

Brian Candler Anonymous User

#6 /* 3 years, 7 months ago */

hm.

good to see someone actually implement the idea, but, as pointed out, it can't block brute force attempts. The trick is to hide the pattern from the scripter/observer and, hence, you can change the pattern as you wish. So asking the user to describe the (slightly obscured) "object" in the photo (and having a list of few generally allowed answers held in some database) is far more efficient.

BTW, your sites CSS sucks in Konqueror. nor does your kitten capcha

Quote

Hans Anonymous User

#7 — Author comment /* 3 years, 7 months ago */

Yeah the current model is 9C3 as mentioned in the article. its not great but there are ways to improve it that I'll be considering for the next (and public) version that I'm working on right now.

Sorry about the Konq support. When I next get some free time I'll redesign the site and make sure I do a proper test in all browsers.

QuoteSiteProfile

Oli Numero Uno

#8 /* 3 years, 7 months ago */

Dude - how much bandwidth are you using? Good rails/php hosts offer 400Gb/month - HOW can you be pulling over 13Gb per DAY??

What does your host offer you?

Good app, though!

Quote

Jonathan Anonymous User

Don't just sit there like a lemon! Reply!

Got something to say? Now's the time to share it with the author and everybody else that reads this posting! Lemons need not apply.

Name (required)

E-mail (required but not displayed)

Send me an email when somebody replies

Message