Monday, November 7, 2011

Misconceptions about vappic 4d CAPTCHAs

It's hard to get attention if you write a blog. Sometimes a gimmick like "ranting" or trying to invoke some kind of "act now" response can help. Let me try to answer the alarmists out there since replying on their blogs just feeds their traffic and they can filter whatever messages they want.

First, this is a personal research project, not a company or a startup. If you're someone who works at Stanford or other educational institution, you should get what this means: "let's gather some data and learn some stuff". Sure, if you're against experiments to learn about ideas than rant away, it is the internet after all.

Second, the fact that this test looks at usability as part of the research should speak clearly how important it is. Many CAPTCHAs today have not undergone *any* usability tests. The survey even looks for people who may have some unique physical trait where these captchas don't work for them (it's one of the handful of questions asked).

I'm traveling with spotty internet connectivity, so my friend David have been helping me reply to people emailing in questions and opinions. However, we don't have hard data yet (thus the experiment) so we can't say too much.

If you have an opinion you want recorded as part of my research, please input it here:

To find out more, just read the homepage:

Thursday, November 3, 2011

Usability test 3 live

- Fixed bugs with IE and Firefox
- Larger sizes (from 120x160 -> 150x200)
- 4 color palettes for tests with different camera movements
- Some letters cast shadows, some don't. (will anyone notice?)
- More clear about beginning and end of captcha. Doesn't matter when solving, but people like having the visual marker.

 - The solve random captchas page serves older test captchas that use different framerates, sizes, etc.

If you have find any site bugs, please email

Tuesday, November 1, 2011

Quick usability study feedback (v2)

I've launched the usability study to a small group of smart friends and am getting some good feedback.

Too small
I'm working on increasing the site's font and scaling up the captchas.

Need a clear stop/end point.
Even though the input doesn't care where you stop/start. Hey, you can even retype a few characters and it works; however, users feel lost without the delimiter. I'm considering adding more space between characters or maybe even a dash; however, the overlapping characters is what makes edge detection so hard.

Conflicting "it's too fast", "it's too slow" feedback.
Not sure what to do about this. I've done so many that I can do them very quickly.  The animations in the basic test were 7.2s long. Once you realize you can start anywhere, they take slightly less time to solve.

 People want more color. I had some prettier early prototypes:
But there's too much color information. We were able to unroll and break it pretty easily. 

Unrolled version of the above Captcha where vertical strips are taken from each frame and laid side-by-side:
A4g5Ep2_ElE2BEhL9RmmV9cVQiYqbWbFrXhkDSBMYLIePBI50ly2pQo03tfXGp4P0pMjch5wKsgExt1NUO4 (300×960)
click to zoom

The current generation uses 15 colors or fewer. But I do miss the color.

What about Captcha Farms?
Captcha farms are an ongoing issue. Hopefully, the extra time it takes to read this captcha will make it a bit more expensive to farm out than the current $0.80 for 1000 entries. Once I get more usable numbers from the study, I'll know the success rate / times for both types of captcha.

There's a recent news cluster about decaptcha automated attacks being able to quickly break most captchas. When anyone can download a piece of software and crack them, then they've reached their end-of-life.

If you look at you'll see a mix of different attempts in there (you can just hit the skip button). Some are rather crazy with the camera others are "HD".


I started experimenting with animated captchas with David Jeske back in mid-2007 while at Google. Our hypothesis was based on two opportunities. First, because of how good humans are at understanding visual information, it may be possible to make 3d motion captchas which are both more mathematically challenging to break and easier for human users to answer. Second, a motion based captcha that takes time to view would increas the cost of 'human captcha farms', where users are paid to answer captchas. As sound as we felt our hypothesis was, at the time we were unable to come up with something better than existing static images. After multiple weeks of 20% time, the effort was shelved.

Fast forward to mid 2011. Current captcha techniques seem to be losing the battle between accessibility and protection. Users can attest that captchas are becoming so distorted it's often hard for legitimate users to answer them, yet advanced cracking techniques and captcha farms are continuing to compromise them. David and I still believed in our original hypothesis, and I wanted to take another shot at 3d animated captchas.

For us, the process of creating a better captcha is intertwined with breaking captchas. Each iteration, and our attempts to defeat our own ideas brings us closer to something possibly workable.

Our current prototypes are still very much a work in progesss, and you can help evaluate and refine the ideas! Visit the test site ( to participate in the usability study for accuracy and timing. Once I enough statistics, I'll release the data. If any hard core engineers are interested in trying to crack the designs, please let me know.