Feeds

Campaigners roll out political-correctness Voight-Kampff CAPTCHAs

Works on (truthful) unrighteous - but not so well on bots

3 Big data security analytics techniques

Politically correct security experts have come up with a Voight-Kampff version of CAPTCHAs, the popular but sometimes irritating challenges designed to make sure that a human and not a bot is behind a request to sign-up for an online service or post a comment on an online forum.

The Civil Rights Defenders CAPTCHA asks respondents how they feel about gay people being beaten with sticks instead of simply asking punters to decipher the visually distorted letters in an image. Another challenge invites respondents to type in one of three options that best expresses their opinion about a proposed ban on "homosexual propaganda" in Russia.

Disappointingly respondents are not asked to examine their feelings about turning a tortoise on its shell in the middle of a desert, as depicted in a test using the Voight-Kampff machine in seminal Sci-Fi flick Blade Runner. The main similarity between the PC CAPTCHA systems and the polygraph-like machine as imagined by Philip K. Dick is the use of emotionally provocative questions. Both tests bill themselves as a test for human empathy.

The Swedish group behind the technology said that its CAPTCHA system "takes a stand for civil rights issues across the globe".

The Civil Rights CAPTCHA is as safe as traditional versions, but also informs users about human rights violations that occur daily around the world. The Civil Rights CAPTCHA also aims to be more user friendly than some of the impossible-to-read versions available today.

(Politically) incorrect responses mean that a user needs to wait five seconds before being prompted with a fresh challenge. The correct response to the multiple-choice question for one of three selections allows punters to gain access to an online service which relies on the technology, a Civil Rights Defenders group affiliate. The whole set-up means members of the Westboro Baptist Church - for example - are unlikely to want to access content their views are out of step with in the first place. For right-on sites that make use of the technology it can act as a filter, according to the Civil Rights Defenders.

The CAPTCHA was launched during Belgrade Pride, a week of festivities that culminated on 6 October. More on the technology can be found here.

The main issue with the technology, at least for the moment, is the challenge relies on a small set of questions, meaning it might not be especially hard for robots to defeat it.

"If I have any issue with the Civil Rights Defenders' CAPTCHA system it would be that at the moment there seems to be a very limited selection of questions - and all the ones I saw required a negative response," writes Graham Cluley, security consultant at Sophos.

"A wider gallimaufry of questions for web users to ponder - both negative and positive - would probably be a more effective challenge for automated bots."

The irony of application of politically correct technology to challenge-response systems is, as Cluley notes, that CAPTCHAs are frequently defeated by spammers and other low-lives by outsourcing the cracking of the technology to online sweatshops in India and elsewhere. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.