About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« NFC, privacy and identity infrastructure | Main | Metro-politan »

Supply and demand always win

By Dave Birch posted Jun 5 2008 at 6:43 AM

[Dave Birch] You know those wobbly writing boxes that you have to read when responding to blog posts, signing up for Hotmail, that kind of thing? I've always found them really annoying, and so have hackers, spammers and various other ne'erdowells. As a consequence, there's a substantial demand for software that can read the wobbly writing so that computers can pretend to be people...


All of these developments clearly indicate the demand and supply for CAPTCHA breaking services, as well as the potential for abusing the clean domain reputation of the most popular email providers whose continuous emphasis on usability, namely coming up with more user friendly CAPTCHAs, often results in the easy of which the process can be automated.

[From Microsoft’s CAPTCHA successfully broken | Zero Day | ZDNet.com]

But look at the second comment on the story, which makes a point that occurred to me as I was reading the story. I was thinking "hey, can I get some of that software to make life easier for me when I'm posting blog comments?". More than once I've had a quick thought while reading someone's blog post, clicked on "comment", typed in a quick note and then given up when I've typed in the wobbly writing incorrectly a couple of times. As the commenter points out, if the cracking software can read the codes better than many people can, so there will be a demand for that software from people who want to use it for legitimate access!

And, by the way, if you authenticate yourself with OpenID, as I just did on Faster Future, why should you need to read the wobbly writing at all? Surely one of the most important attributes that OpenID could share is "is_a_real_person" or something similar.

You can't help wondering if the "test" line of thinking isn't going down a "Turing test" blind alley. As systems get smarter, it will become increasingly difficult to tell that they are systems by setting them challenges that are presumed to be too difficult for computers to meet, such as reading wobbly writing or playing chess.

The only way that a system will be able to tell whether it is being accessed by a person or by another system will be by seeing some form of secure credential to attest to the fact: I might set this blog, for example, to only accept 2FA OpenID logins, and only accept 2FA credentials issued by major banks, whose "know your customer" obligations presumably include determining whether the customer is a person or a bot.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Supply and demand always win:


I can never read the damn things... I think I have some kind of cognitive disorder (or hyper-order...). Maybe it should be added to those job interview psychological evaluations:

- Do you work best in a structured or unstructured environment?

- Are you comfortable with ambiguity?

- Can you read those damn wobbly box thingies?

The comments to this entry are closed.