Captcha Example

Unfortunately, lately they’ve been failing to do their job.

Could ambigram captchas be the solution?

This is no small problem. Concert giant Ticketmaster claims that they have been battling hackers ‘like the dickens’. The hackers continually defeat Ticketmaster’s captcha, claim large blocks of tickets, and sell them on eBay, Craigslist and reseller site StubHub for very impressive profits.

This Wall Street Journal article states that the highest price for a ticket on TicketMaster for the recent Hannah Montana “Best of Both Worlds” concert ticket was $63, yet the average price for tickets to that show through ticket reseller site StubHub was $237, a profit of almost 400%.

Ticketmaster isn’t alone. Yahoo’s captcha was recently hacked, Microsoft’s captcha was hacked, even the highly regarded captcha for Google was hacked.

According to the Wikipedia entry on captchas, programs that defeat captchas usually contain the following functionality:

Pre-processing: Removal of background clutter and noise.

Segmentation: Splitting the image into regions which each contain a single character.

Classification: Identifying the character in each region.

Furthermore, the Wikipedia article states that the most difficult step to automate is usually #2: The segmentation of the captcha into its individual characters.

I propose that one possible solution would be an ambigram captcha.

An ambigram based captcha would make both the #2 and the #3 stages much more difficult. Stage #2 would be more difficult since any separation technology that works in one orientation would NOT work in the other orientation, due to the way that ambigram characters combine in a finished design.  A character in an ambigram will often span multiple letters, but usually only in one orientation. A human does not have a hard time with visually separating the letter forms, but a computer would have a very difficult time doing separation on an ambigram captcha.

For a computer to do the separation step on an ambigram, it would first need to do the Classification step (#3) to determine what characters are there, but if it could do that, it wouldn’t need to do the separation at all!  Classification is very easy for a human, and we do not require Separation to get there.

The Stage #3 Classification step itself would also be much more difficult, even if stage #2 could somehow be completed with an acceptable level of performance. After all, it is hard to OCR a word when the font itself has tens of thousands of characters, none of which are public, and all of which are different!

Also, the casing of letters automatically varies within a word, letterforms take on different characteristics based on their usage, and letters split and connected in unexpected and unpredictable ways (unexpected to an OCR system, anyway).

In fact, Stages #2 and #3 would be so hard to crack that Stage #1 (background noise and character warping) could be completely eliminated. Since this is the easiest part of the process to crack anyway, this won’t be a large loss from a security standpoint. Plus, the elimination of the swirls, random lines and noise from the background will make it easier for a human to read, which has become a big problem with highly deformed “regular” captchas.

Here is an example of what an ambigram captcha may look like:

Ambigram Captcha

As a side benefit, having 2 words in the captcha (one in each orientation) will make it even more difficult to develop an automated way to hack the system.

Of course, the other common complaint about captcha systems is that they can become too difficult for even some humans to read. Ambigram captchas would be no exception. Sometimes people do have a difficult time making out the letter forms, especially the first time they see one.

However, the human has the advantage here in that the generated words could be made to be “related” in a way that would be difficult for a computer to comprehend, but would help a human determine the two words from their context.

For instance, in the captcha above, the two words are “teach” and “learn”. This is easy for a person to determine based on context and the fact that those two words “must be the right answer” since they are related and they “match”, but this type of abstract, high-level thinking would be all but impossible for a computer to perform, especially if the database of interconnected word pairs was very large.

Ambigrams are also based on uniquely human psychological variables, including how we read letter forms. Furthermore, they are a form of optical illusion, making it even more difficult for a computer based OCR system to decipher. In the ambigram above, a human would “understand” that the extra leg on the bottom left of the “a” in teach is unnecessary and would simply ignore it. An automated system would easily trip up on small things like that.

Of course, its not to be underestimated that an ambigram captcha would likely be one of the most beautiful captcha systems in existence! Instead of dreading the deciphering of a warped piece of mangled text presented against a grainy, low-contract background, users may actually look forward to the small puzzle that an ambigram captcha represents.

Although not perfect in every way, ambigram captchas may be one solution to the current methods that automated system use to gain entry into systems that only humans should be able to access.

Comments? Feel free to share them below.