Quite a long ago, an unfriendly Mr. Spam exploited my blog system to put his (maybe her) unwanted advertising into my website. I resorted to a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), but also found that the test was harmless for the clever and determined spammer.In fact such a guy could forward the CAPTCHA test to another website so that clueless users could put their brainpower to unlock the test. Let’s rephrase that. A clever spammer could set up an high traffic website (such as something with pictures… you guess which) where users are requested to solve the CAPTCHA in order to access the content. This website doesn’t forge CAPTCHA tests, rather it forwards the tests from a target site that the spammer want to access. Once the CAPTCHA is solved by the unaware gif-watcher, the spammer’s system is able to spam the target site.
Fortunately this solution is limited by the number of people willing to solve CAPTCHA to access a content that has as a stringent requirement to be cheaply collectible. I guess that that constraint limits the application of this solution just to a few, high traffic, blogs or websites.
I read today on slashdot that not only spammers are that clever. At Carnegie Mellon University researchers have found a way to exploit CAPTCHA to data-entry large volume of ancient manuscripts. The CAPTCHA proposes two handwritten words. The first is already decoded and is the real locking system, the second is a word to decode. The result, if confirmed by other users of the system, is then turned into the manuscript digital translation.