Stopping Spam with Kittens

An executive at Microsoft Corp. has an unusual idea for beating spammers. Powerful software tools and supercomputers aren't involved, but kittens are.

Or rather, photos of kittens. Kevin Larson, a researcher at Microsoft's advanced reading technologies group, has found that asking a user to identify the subject of a photo, like a kitten, could help block spam programs.

Currently, services like Microsoft's free e-mail service Hotmail require new users to type in a string of distorted letters as proof that it's a human signing up for the account and not a computer. Called Human Interactive Proofs (HIPs), Microsoft, Ticketmaster and a host of other companies have been using the system for around five years, Larson said. He spoke in Seattle on Friday at TypeCon 2007, an annual conference put on by the Society of Typographic Aficionados for type enthusiasts and designers.

When Hotmail first started using HIPs, the number of e-mail accounts generated on the first day dropped by 20 percent without an increase in support queries, Larson said. That was a sign that the HIPs were fooling the computer programs that spammers use to automate signing up for new Hotmail accounts from which spam is sent. However, spammers learned how to tweak their programs to better recognize the HIPs, he said.

Now, it's a race for Microsoft to continue to alter its HIP system to fool the computers, which ultimately seem to catch on. Larson's group at Microsoft experiments with different ways to distort the text used in HIPs in a way that is easy for humans to read but difficult for computers.

One twist on the HIP idea that they've worked on is to display 16 or more photos and ask for identification of the photos. In an example, he suggested using pictures of cats and dogs. The problem with the concept, however, is that Microsoft would have to create a massive catalog of photos, otherwise the programmers could match the correct response with each photo in the catalog and begin to spoof the system, he said.

Audience members had a variety of ideas for ways to expand on the idea in order to try to beat the spam programs. One suggested that Microsoft continually take videos of a kitten jumping around a room, as a way to generate a nearly endless string of photos for identification.

"It's possible that kittens are the wave of the future," Larson joked.

View: Full Story
News source: Yahoo!

Report a problem with article
Previous Story

Quake 3 Arena to XBLA, Quake Zero for Free

Next Story

Shift Linux Art Contest

26 Comments

Commenting is disabled on this article.

uhm...
1st already existing email accounts
2nd not every mail provider will use this
3rd there are some mail providers known for welcoming spammers
4th human registers, bot sends... how bout that?

Glassed Silver:mac

I've grown to hate having to fill out CAPTCHAs all day to get to information I need.

Furthermore, there are likely legitimate uses for script-based access to some resources. For example, a one-click script which opens an account with several services-- if you have to set up, for example, the accounts a new customer will need every time.

Surely there are better ways to do things.

It seems like they've decided to lock things down at the registration level, but I could see a much more activity-based filtering.

-If 90% of your email has an image attachment, something's wrong, you're probably a spammer.

-If the copy of your mail either consistently flunks a grammar test or can be easily found through Google, you're probably a spammer.

Added plus: Those would snag once-legitimate users who had compromised accounts.

Berserk87 said,
down with spam.

up with kittens :P

+1 Qft :P,

Do anything to get rid of the Spam, I'm sick of opening my email only to find hundreds of Retarded Spam emails by Retarded Spammers, when I'm waiting for emails from real people, friends about important things and have to sift through all the crap emails.

What about various languages? I mean, in French, a cat = chat (sounds like "shah"), which looks like the English word "chat". If it is a French site, wouldn't it make sense to have the answer be "chat" ? But then what about English speakers who type "cat" or even Spanish speakers who type "gato"? Even worse, what about different character sets that don't really consist of A, B, C, etc. or any variation of them, such as Japanese or Arabic? I think the idea has some design flaws. I think the idea posted by Relativity_17 in #2 was a better one. Of course, the same thing that I mentioned about language barriers could also be a problem with that idea. However, it is still a better one than the proposition presented in the article. Random strings aren't exactly a good way 100% of the time either, especially when things get weird with them, such as a 0 being bent and tilted such that it looks like an 'O'.

My idea: take the picture idea and use it, but instead of having a user type in words, why not have a user find the one that is the same, where the others are exactly the same, but with minor differences, perhaps in color variance or random (noticeable) blocks of pixels or something.

I ticked ninjas as I couldn't be sure they weren't present in the picture Turned out there weren't any, but better safe than sorry.

This is a better idea than depending on hard to read letters, or a video that won't play in many browsers.

But what if the user enters a description that makes sense to a human but the system doesn't account for -"baby cat"?

If you look at my post a few posts up (2.1) you'll find that the most likely implementation just involves clicking on the pictures of cats

How about...

nevermind, I don't want to tell you my idea I'm working on, because then someone will steal it and make a lot of money, and I still won't even if I finish my idea...

they should make GIFs of flash .swf files dynamically with an animation, 1 frame has what needs to be typed while the rest have random lines and things... that would defeat the autoers until they decompiled the swf, analysed it and so on.... which would take a long time

Yeah, I remember seeing that KittenAuth thing back in september last year. Really hope Microsoft hired those guys / paid them for their work, because what MS are suggesting is exactly what these guys have already done.

You can test it out in action here: http://www.thepcspy.com/contact

Pretty nifty