Sign up to our newsletter
The latest security news direct to your inbox
A new start-up aims to keep spammers out of websites – without forcing human beings to undergo CAPTCHA tests.
Last month, We Live Security reported on an AI firm which showed off software which can reliably crack the wobbly text used to “block” automated programs.
Instead, Keypic uses an image – usually an advert, but it can be a single pixel, an animation, or anything the site’s administrator wants – and checks for typically “human” behavior. It’s already used on nearly 6,000 sites, and is available as a plug-in for WordPress and Drupal.
“Our service does a full cross check against all other requests (we receive hundreds or them every second) to determine if your user is a spammer or not,” the company says, claiming that its service is effective for free email service sign-up, and for blog comment spam.
The service works by an automated process that looks for typical spammer behavior – starting with the fact that most programs won’t download an image, whereas a human using a browser will. The data is cross-referenced with thousands of other form submissions.
“Whether the image is retrieved is just one of the ten or so data points Keypic checks,” says Mark Gibbs of Network World. “Other data points include how long it takes for the form to be submitted (which reveals software that tries to submit at a high rate), what order are the fields filled in, what the IP address is, what browser is being used, how many requests are received per minute from a single IP address, and the characteristics of any text entered into fields other than name and password.”
Keypic Web Service sends back a number – in percentage form – showing the likelihood a user is or is not a spammer. The company says it can radically improve response to interactive features such as polls – or blog comment channels.
“Most bloggers are familiar with programs that submit bogus comments, usually for the purpose of raising search engine ranks of some website (e.g., “buy penny stocks here”). This is called comment spam,” the company says. “With Keypic, only humans can post comments on a blog, and bot actions are really restricted. There is no need to make users sign up before they enter a comment, and no legitimate comments are ever lost.”
Last month, a new artificial intelligence startup, Vicarious, showed off software which could “crack” CAPTCHA tests.
A program designed by Vicarious is shown “breaking” CAPTCHA text in a video released by the company. The system, known as Vicarious AI, achieves a success rate of up to 90% against standard CAPTCHAs used by Google, Yahoo and PayPal, its creators claim – using machine learning, rather than massive amounts of computing power
Author Rob Waugh, We Live Security