Comments for The Cutest Human-Test: KittenAuth

This is an interesting idea for authentication. I especially hate when the captcha's give me something inde-friggin'-cipherable.

Image auth is definitely much better than those awful text captchas, but setup would require a pretty significant amount of time for each site or if packaged and resold, could be scripted somewhat easily. For this particular situation, I would:

Method 1: Manual DB
1) Manually create a checksum for all the kitty pictures. Even if you had 1000 pictures in the db and 500 of them were kittens, it wouldn't take too long with a little bit of automation to manually ID and catalogue the kitten images.
2) Write a script that locates the checksum in a database for images, if a hit, then a kitty cat.

Method 2: Brute force DB
1) With a bot armies (seems like all the spammers have one now...), or even a broadband connection (could prevent with a combined heuristic approach to kick off the IP that seems to have not been able to locate the 3 kittens in the past 5000 attempts), brute force attempts and checksum all images... Even with a very few chances, a "learning" script would eventually ID the kitties and the more it got right, the more it would continue to get right based on learned values from past successes.

Some ideas to prevent this:
1) Some users/suggestions point out multiple image catalogues, but dedicated bot armies or a spammer with enough time could catalog a very large image library in less time than it would take to create this library.
2) As stated above, combine this with a heuristic approach to catch bots or human calogue efforts.


Also, as with all captchas, we must not forget about our blind friends who don't have the luxury to identify such cuteness...

Another idea to prevent abuse... instead of the grid, image processing routines could combine the 9 thumbnails into a single image and store coordinates of the kittens... then use javascript click coordinates in the single image to tell whether the user clicked in the correct range of coordinates. Some overlap and making sure there are no easily ID'd borders could make this difficult... but the processing to dynamically create all this single images and track coordinates could start to become CPU intensive.

looks good, but I don't see any kittens, or

Will somebody please think of the CHILDREN???

I've noticed that each picture has a different file size. if you associate file size with picture then you could breeze right through.. So I agree with the idea from the guy who said convert them to one image and use java to pick the correct coordinates

I'm just posting a comment so I can click on three adorable kittens!!

@Jerry : If this method is to be packaged in a redistribuable plugin for popular blogging platforms, with maybe 1000 positives & negatives images, you're right that a spammer could easily index those images.

But if the plugin renames the images when it is installed, spammers can't use filenames. And if it slightly modifies a few random pixels, it deters simple file based image recognition.

Great idea, brilliant.

About the image recognition with file integrity, thats easily avoidable, perhaps the easiest way would be to feed it through your image parser and use some random jpg compression strength between 70 to 90. (in phpgd case anyhow)

Outstanding job. It's not perfect, but this will stimulate thought in the right direction. Give this guy a medal.

ROFL, LOL, and so forth.