Low-Tech to the Rescue

Posted: January 3, 2008 in Misc

Hello World,

It’s not everyday I stumble across what I like to call a “paper clip” idea. These are ideas that are so simple in design that it even surpasses the intellect of the “well educated” … like the paper clip. Props to the man or woman who invented the paper clip. Well I came upon what I think is another such idea.

For years web developers have been developing way to prevent spam bot from infiltrating their sites and submitting hundreds of form entries. Thus was born the Captcha, a dynamically generated warped image of a word or phrase. The user must enter the word or phrase in the text box before submitting the form. This technology helps prevent spam bot from automatically reading the word of phrase and successfully submitting the form. Unfortunately, many times it is difficult for even the human to read the word or phrase.

Captcha Sample

Can you tell what letter (or number) that is between the 5 and 3? Neither can I.

As I was registering at another forum site I was presented with a rather unique, what I like to call a low-tech way of validating human response. Ask the user to solve a simple expression.

New Captcha

You simply supply the answer to the expression. The expression is dynamically generated and can contain any combination or numbers and operators. Yes, a computer would be able to recognize and calculate such an expression much faster than any human but that’s assuming that the spam bot can read the expression. Could we not use a form of Captcha technology to provide the expression and allow the human to enter the answer? One number … not some word or phrase, uppercase or lowercase, just one number.

Just a thought.


  1. Joshua says:

    I have been thinking more and more about the expression option. My concern with one number is that many times the bots just keep trying. I have been monitoring the traffic and session on my blog and was surprised to see so many new sessions start at the add comment page. They comments are of two types. 1) a real user getting paid to comment. 2) bot submitting random stuff.

    Apparently there are actually sweatshops now where the bot prefills out the form then sends a ping to a real user to answer the captcha, that then gets submitted with the form. And others are so good at OCR they can actually submit forms faster than humans now.

    Not much you can do for number 1) but for number 2) you need something more than just one number it seems.

    Have you seen the photo matching option? It has some merit, but also is sadly easy for bots to break.

  2. John says:

    I have been experimenting with using arrays to hold numbers, and their written equivilant. So you’d have “1” and “one”. The prove you are human question then becomes, “If I have one apple, and bring 8 more into the pile, how many apples do I have?” “one” and its equivilant “1” being randomly pulled from the array, and 8 also being randomly pulled from the array. the 1 and 8 are calculated even though the user only sees “one” That way even if a spam bot can read it, it doesn’t know what to do with string and numbers.

    It wont take long before they figure out how to program a work around. The sweat shop idea is that work around I am sure, but I don’t see how kids in a third world country sweat shop are going to solve word and logic problems?

  3. JAlpino says:

    I modified a version of Lylacaptcha to show expressions vs. text… take a look,


  4. therush says:

    Hey JAlpino, Great idea! Let me throw this out to you.

    With the ever growing saturation of the Flash Player, I have entertained creating a type of Captcha using Flash. The number, words, or phrase can be pulled from a database, set to swirl and moved around in its space. The text would only become clear when the user hovers over the animation. That of course would not fool the sweat shop girls and boys but it would make it impossible for any machine to lock onto the text in the animation. The mouse hover would make it easier for us to read. One can still provide audio to those that need accessibility.

  5. doug boude says:

    I actually did implement the equation spam filter and STILL got automated spam! Not nearly as much as I did with Captcha, but any is too much. So what I did was come up with a randomly generated verbal question that involves me giving you a letter of the alphabet and you figuring out what letter is x number of places before or after that letter, then typing your answer Y times in the box provided. Most people seem to not have any problems figuring it out, though I have gotten a couple of gentle complaints. Here’s a link to where I shared the code to do this: http://www.dougboude.com/blog/1/2007/07/AntiSpam-snippet.cfm

    Hope it helps!

  6. JAlpino says:

    @therush – Using flash for a captcha sounds like a great idea, I don’t think that I’ve personally seen one implemented in flash yet but I would bet it would be nearly impossible for an automated bot to surpass it.

    With the equation based captcha and Akismet, I’ve been very lucky in not getting spam come through. ( It could also be attributed to the low visibility of my blogs and feedback forms )

  7. therush says:

    That’s pretty cool though. The administrative site we use at my office uses a different approach. We generate a random number that gets placed in the browser window title. Then the user must enter x numbers from the random number. The sequence of numbers is never together, eg; the first three and the next to the last two.

    I can’t wait for biometrics. Just scan my iris. Even the sweatshop boys and girls can’t fool that (as long as you validate the iris scan against a database list).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s