Re: [tlug] CAPTCHA on keitai

["Stephen J. Turnbull" <stephen@example.com>]

Curt Sampson writes:

 > Indeed, very true. To restate my point, given that they certainly have
 > the capability to write software that will get around your particular
 > form of protection, what makes you belive that they will take even a
 > minimal amount of effort to do this for your site rather than just aim
 > their automated systems at plenty of other sites out there that use more
 > standard systems?

(1) As (dark-side) hackers, they take pride in their dirty deeds done
dirt cheap.  They'll do this for hate, not money.

(2) My main point is that it's unlikely that the standard is all that
standard that deviating from it in a "significant" way is all that
easy.  Remember our side is fairly constrained in how we can hide
stuff, because our users have to be able to see it.

To give an optimistic example, remember the Frethem worm and its
predecessor (common name also started with "F" I think)?  Well, I
caught the very first instance of that sucker because the predecessor
used a "no-see-um" relaying frame, too, and I simply quarantined
anything with a "no-see-um" relaying frame.

I think the same thing is likely to happen to most variations on the
theme of "captcha, captcha, where's the link to the captcha".

 > > We need big cheap wins.
 > 
 > Well, if the spam problem is any indication, you're not likely to get one.

The spam problem is harder because neither postage nor authentication
is acceptable to most spam-fighters.

I think either audio: "Type D O G B E R T in the box", or Josh's "what
is this image a picture of: cat dog car rabbit spammer-in-a-blender??" 
are big (fairly) cheap wins.  Of course it's not going to win any
accessibility prizes.