[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Asrg] A response to the critique of my anti-spam system
Thank you for you time. I include responses to those queries of yours to which
a concrete response could be readily given. I also include a couple of new methods I've developed to deal with the flaws that have been pointed out.
> > This is the first and only CAPTCHA developed that is invulnerable
> to
> > technical circumvention. I have to admit that I am surprised that
> > this innovation in and of itself has not generated more discussion.
>
> Maybe it's because more people agree with me, that it can be and will
> be defeated technically, than with you, that it can't and won't?
> There's a lot of very good work being done by computer vision people,
> solving basically this very problem - and with difficult noisy
> real-world images, not the nice clean synthetic ones you use.
The traditional way in which a CAPTCHA would be used to transmit text would be to take an alphanumeric character and distort it enough so that an optical character recognition program could identify it, but you couldn't distort is so much so that a person would have trouble identifying it. These alphanumeric characters represent 36 simple 2 dimensional objects; not a very large universe of objects to pick from. CAPTCHA today still do a surprisingly impressive, if not quite sufficient, job of foiling OCR software.
I have replaced the task of identifying a never changing library of 36 two-dimensional objects with a constantly changing effectively infinite library of 3D images. It took me one day to whip up the three crude 3D objects in my example, and I am inexperienced with generating such objects. How long would it take any video game manufacturer or computer animation studio to whip up 2,000 easily identified and unique objects? How long would it take a spammer to design a program to recognize these objects? Remember, the spammer isn?t going to have access to the actual library of 3D images, he will only have access to the 2D output. How will the spammer deal with the fact that the objects in this library will constantly change?
Yes, this is vaporware, but the theory is sound. I am an optimist when it comes to technology and I believe that one day we will have computers that can recognize almost any object in the world, but that day isn?t today.
I have the contact information of authorities in the field of developing human interactive proofs and I plan on submitting my concept to them. I will defer to their opinion of my CAPTCHA. I decided, however, that my first step on this journey would be the ASRG.
> > I[']ll guess that every three or four months a TYPICAL user will
> > suffer a day or two of spam and will need to deactivate a single
> > sub-address. Otherwise this system is beyond any technical
> > subversion. Is there any other system existing or proposed that
> can
> > claim this?
>
> Sure. Any of them. And in most cases, with about as much truth.
I would accept one concrete example of a more effective anti-spam.
> > Bounces [-] The fact that my system employs bounces seems to
> greatly
> > disturb many people. The strongest objection concerns the
> additional
> > burden these bounces will put on the email system.
>
> Perhaps strongest to you. The strongest to me is that the
> challenge/bounce messages will spam anyone whose address gets forged
> into the from-line of spam to an early adopter. Committing abuse in
> the name of fighting abuse is hypocritical - and unacceptable.
I just figured out an excellent way to deal with the bounce issue. I wish I had thought of it earlier. It is as follows:
The problem with the bounces does not involve the small number of bounces sent in response to emails from legitimate senders who are not on the white list and who used a deactivated sub-address. The real problem will be with the bounces that are sent in response to the hoard of spam that is being sent using a deactivated sub-address (or with no sub-address at all).
All emails that would have generated bounces are first sent through a weak spam filter (meaning one that will almost never generate a false positive). Let?s say that this weak filter identifies 95% of these emails as unambiguously being spam. Bounces are now generated only to the remaining 5% of emails. Now my system will only increase a networks traffic by about 5%. This small increase in traffic should be quite tolerable. We have also dramatically decreased the number of innocent people who will be hit with these bounces because a spammer forged their email address.
There will still be some innocent victims, but the number is now far fewer. Frankly though if a spammer is able to forge your email address then you must really be receiving a lot of spam and you would probably be better off either switching to a less obvious address or by activating my system.
> > The theoretical maximum increase in email traffic that this system
> > could generate would be 100% if we consider an email account that
> > receives emails with invalid sub-addresses exclusively.
>
> Not quite. There is no real limit to the maximum increase when two
> implementations start challenging one another's challenges - it's a
> classic bounce laser.
In my system bounces will never be sent in response to a bounce.
> > Filters likely increase email traffic to much greater extent,
> albeit
> > indirectly, as spammers generate vast quantities of spam to get
> > around them.
>
> And why won't the same be true with your system?
Spammers can have some success against a filter by sending 10 times the email that
they normally would. Why would any spammer try to deal with an effectively
non-existent email address by sending 10 times more email to that address?
>
> > Language [-] There was also a lot of concern over how the bounces
> > would be managed by recipients who use different languages. I
> would
> > respond that most people who correspond with each other do so in
> the
> > same language.
>
> Yes - but how is your system going to know what language that is?
>
> > Also many web-sites use the common technique of showing icons of
> > international flags to represent languages, and clicking on your
> > respective flag will bring up a page with your own language. This
> > same technique can apply to bounces.
>
> I'll believe it when I see it. You appear to have mistaken email,
> which is a static technology, for the Web, which is interactive to at
> least the minimal extent necessary to support the sort of user
> interface you describe.
I just realized the obvious answer to the language issue and it?s so simple that
I?m embarrassed that I did not think of it earlier. The answer to this problem is the following:
When you activate this system you select what languages you want the bounces to go out in. Someone who spoke English and Chinese would select both languages. The bounce will go out containing instructions in BOTH languages. If someone who only spoke Russian sent this Chinese and English speaker an email using a deactivated sub-address then yes, the Russian person would not be able to directly follow the instructions to decode the CAPTCHA. It will be a rare occurrence, however, for these two people to be corresponding. The inconvenience introduced between people who cannot communicate with each other in the first place will be a tolerable flaw in this system.
> > The typical user is not exposing their email address multiple times
> a
> > day to spammers.
>
> No; the typical user is exposing others' email addresses multiple
> times
> a day to spammers.
>
> Okay, that's a slight exaggeration. The proportion of zombied
> Windows
> boxen out there has not yet reached 50%, so "the typical user" still
> isn't zombied. But any zombied machine's address book is available
> to
> spammers in full, including any address using your system that may be
> in it.
The efficacy of automatically generated sub-addresses has already been proven, just look at services such as Zoemail and Reflexion. These services are very effective at stopping spam. My system would ideally encompass these proven technologies. My system addresses the flaws that exist with these technologies, namely these services cannot retroactively protect existing email accounts in any practical way and that legitimate senders who have their sub-addresses deactivated have no practical spammer-proof way of acquiring a new address.
> > Is there anyone who does not think that this system is profoundly
> > superior to every other challenge/response system?
>
> As I would hope is obviously by now: Yes. Me.
Can you be more specific as to why my system is not superior to every other challenge/response system? Is there any other challenge/response system that allows for the unimpeded receipt of third party emails? Is there any other challenge/response system that avoids challenging every unique correspondent? Is there any other challenge/response system that uses a challenge that is as resistant to automated attack as my system uses?
>
> > Seeing the CAPTCHA requires a system that either allows for a
> > graphics capable MUA or allows activation of a hyperlink [-] True.
> > You would need to access a system that would allow you to see
> > graphics.
>
> Which kills it right there, as far as I'm concerned. (As if it
> needed
> further killing for me.)
>
> > A graphics capable MUA is the most convenient, but all you would
> > really need is a computer with a web browser so you can paste the
> > link into the browser and view the CAPTCHA.
>
> No. A computer with a *graphics-capable* web browser.
>
> > Don[']t most people have access to web browsers?
>
> Most people? Certainly. And if you can arrange that only those
> people
> ever send mail to your system, you're fine - in that respect.
>
> > Typical users can see email graphics. I obviously travel in
> > different circles since I don[']t know a single person who uses an
> > email system that is not graphics capable.
>
> Your system needs more than graphics capable; it needs graphics
> convenient. I can, if I need to, extract an image frokm a webpage or
> email and look at it. It is not a convenient process, and I most
> certainly would not bother to do it to answer a C/R challenge.
>
> > I would argue that most typical users would not worry enough about
> > the minority of people who cannot access graphics via their mail
> > system. The incentive to use a system that effectively eliminates
> > spam would outweigh the need to cater to this minority.
Typical email users use systems that are graphics convenient. A smaller number use a system that is graphics capable if not convenient. A very small number of people use systems that are graphics incapable. The worst case scenario is that someone refuses to adjust to a graphics capable system. In such a case my system will revert back to the functionality of Zoemail or Reflexion; two pretty good if imperfect systems.
I don't know if this process is helping anyone else but it is helping me. I spent a lot of time thinking about what obstacles existed and ways to get around them but it wasn't until I came to this board that I understood that I paid insufficient attention to issues such as problems caused by errant bounces and language barriers. I already feel that my concept has been improved and I will update my website before pursuing this further at other venues. I admit that I am still baffled by some of the objections to my system but I will persevere.
Thanks,
Michael Kaplan
--
_______________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg