blur text, context and conclusion
This commit is contained in:
parent
c4952942f1
commit
aa42a34764
GPG Key ID:
AD9F0F08E855ED88
|
|
@ -0,0 +1,31 @@
|
|||
\subsection{Noisy Text}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Excellent\\
|
||||
The method doesn't employ any tracking elements and works when used in anonymous
|
||||
networks like TOR\@.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Bad\\
|
||||
The method relies on Optical Character Recognition (OCR) capabilities of human
|
||||
users. OCR technology is becoming increasingly sophisticated which would render
|
||||
this method ineffective in the future.
|
||||
|
||||
Without OCR, this method can be bypassed using human-powered CAPTCHA farms with
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Bad\\
|
||||
Since the method relies on OCR, it is inaccessible to users with visual
|
||||
disabilities and the added noise poses challenges to users with cognitive
|
||||
disabilities. The noise sometimes makes the challenge unsolvable which results
|
||||
in failures for even users without any disabilities,
|
||||
\subsubsection{Accuracy}
|
||||
Good\\
|
||||
Success and failure are absolute states in this method. A solution that doesn't
|
||||
match the challenge text results in failure while a match is considered a
|
||||
success. But when using employing CAPTCHA farms for circumvention, the method
|
||||
fails absolutely.
|
||||
|
||||
The method uses only text matches in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
\subsection{Context-based}
|
||||
|
||||
\subsubsection{Privacy}
|
||||
Excellent\\
|
||||
The method doesn't employ any tracking elements and works when used in anonymous
|
||||
networks like TOR\@.
|
||||
|
||||
\subsubsection{Effectiveness}
|
||||
Bad\\
|
||||
|
||||
Domain context is limited in nature. An attacker could either become familiar
|
||||
with the service and then mount an attack, or they could mount brute force attack
|
||||
to aggregate all possible challenges that the service presents.
|
||||
|
||||
Both of these attacks are practical.
|
||||
|
||||
% TODO cite CAPTCHA farm cost analysis paper
|
||||
ease.
|
||||
\subsubsection{Accessibility}
|
||||
Bad\\
|
||||
|
||||
This method poses challenges to users with cognitive disabilities as it requires
|
||||
them to retain information and recollect in a timely manner. Also, this method
|
||||
makes poses challenges to new visitors to service. The familiarization period to
|
||||
solve CAPTCHAs in a timely fashion might be too high for someone new.
|
||||
|
||||
\subsubsection{Accuracy}
|
||||
Bad\\
|
||||
Success and failure are absolute states in this method. A solution that doesn't
|
||||
match the challenge text results in failure while a match is considered a
|
||||
success. But when above-mentioned circumvention methods are used, there will be
|
||||
results will be completely inaccurate and as the system lacks any adaptational
|
||||
capabilities, the failure will be long-lasting.
|
||||
|
||||
The method uses only challenge answers in its decision process. No other
|
||||
external factors are involved.
|
||||
|
|
@ -1,2 +1,4 @@
|
|||
\section{Analysis}
|
||||
\input{analysis/align-obj.tex}
|
||||
\input{analysis/blur-text.tex}
|
||||
\input{analysis/context.tex}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,13 @@
|
|||
\section{Conclusion}
|
||||
|
||||
In today's web, CAPTCHA systems are the deciding factor in weather a user should
|
||||
be able to access a service or not. Every false positive makes the web less
|
||||
accessible and even a single challenge posed to persons with disabilities makes
|
||||
the web inaccessible entire to groups of users. Also, the
|
||||
ubiquitous presence of privacy-invasive systems like reCAPTCHA post serious
|
||||
threats to the internet and its users as right to access to information is
|
||||
now determined by single entity using an opaque process.
|
||||
|
||||
So it is imperative that future system designers take these factors into
|
||||
consideration. We believe mCaptcha is an attempt at making the web more
|
||||
accessible while securing it with a decentralised command structure.
|
||||
|
|
@ -6,14 +6,14 @@ parameters. These are popular methods are currently in deployment.
|
|||
\subsubsection{Align object}
|
||||
Objects in various degrees of misalignments are displayed to the user and are
|
||||
asked to choose the one that is perfectly aligned.
|
||||
% Example GitHub/Kik inverted Hipop
|
||||
% Example GitHub/Kik inverted Hippo
|
||||
|
||||
\subsubsection{Blurred Text}
|
||||
A sequence of randomly generated letters and digits are
|
||||
presented to the user with added noise, scattered distribution and
|
||||
rotations. Sometimes, they are also presented in 3D form.
|
||||
\subsubsection{Noisy Text}
|
||||
A sequence of randomly generated letters and digits are presented to the user
|
||||
with added noise, scattered distribution and rotations. Sometimes, they are also
|
||||
presented in 3D form.
|
||||
|
||||
\subsubsection{Context based}
|
||||
\subsubsection{Context-based}
|
||||
This method is personalised to the platforms they are displayed on. They usually
|
||||
pose challenges which can only be solved if the user is familiar with the
|
||||
platforms. Some examples are:
|
||||
|
|
|
|||
Loading…
Reference in New Issue