Feeds

Campaigners roll out political-correctness Voight-Kampff CAPTCHAs

Works on (truthful) unrighteous - but not so well on bots

High performance access to file storage

Politically correct security experts have come up with a Voight-Kampff version of CAPTCHAs, the popular but sometimes irritating challenges designed to make sure that a human and not a bot is behind a request to sign-up for an online service or post a comment on an online forum.

The Civil Rights Defenders CAPTCHA asks respondents how they feel about gay people being beaten with sticks instead of simply asking punters to decipher the visually distorted letters in an image. Another challenge invites respondents to type in one of three options that best expresses their opinion about a proposed ban on "homosexual propaganda" in Russia.

Disappointingly respondents are not asked to examine their feelings about turning a tortoise on its shell in the middle of a desert, as depicted in a test using the Voight-Kampff machine in seminal Sci-Fi flick Blade Runner. The main similarity between the PC CAPTCHA systems and the polygraph-like machine as imagined by Philip K. Dick is the use of emotionally provocative questions. Both tests bill themselves as a test for human empathy.

The Swedish group behind the technology said that its CAPTCHA system "takes a stand for civil rights issues across the globe".

The Civil Rights CAPTCHA is as safe as traditional versions, but also informs users about human rights violations that occur daily around the world. The Civil Rights CAPTCHA also aims to be more user friendly than some of the impossible-to-read versions available today.

(Politically) incorrect responses mean that a user needs to wait five seconds before being prompted with a fresh challenge. The correct response to the multiple-choice question for one of three selections allows punters to gain access to an online service which relies on the technology, a Civil Rights Defenders group affiliate. The whole set-up means members of the Westboro Baptist Church - for example - are unlikely to want to access content their views are out of step with in the first place. For right-on sites that make use of the technology it can act as a filter, according to the Civil Rights Defenders.

The CAPTCHA was launched during Belgrade Pride, a week of festivities that culminated on 6 October. More on the technology can be found here.

The main issue with the technology, at least for the moment, is the challenge relies on a small set of questions, meaning it might not be especially hard for robots to defeat it.

"If I have any issue with the Civil Rights Defenders' CAPTCHA system it would be that at the moment there seems to be a very limited selection of questions - and all the ones I saw required a negative response," writes Graham Cluley, security consultant at Sophos.

"A wider gallimaufry of questions for web users to ponder - both negative and positive - would probably be a more effective challenge for automated bots."

The irony of application of politically correct technology to challenge-response systems is, as Cluley notes, that CAPTCHAs are frequently defeated by spammers and other low-lives by outsourcing the cracking of the technology to online sweatshops in India and elsewhere. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.