6

I do the web page for my local library, and I was thinking it might be kind of appealing to have a "custom" captcha based on book covers. So serve up one of several dozen book covers, and have the patron filling out the form type the book title to prove they're human. Assuming I stripped the title/author info from the image and filename, would that be enough? Would the fact that it was a unique system on a fairly small website be enough to make it effective? Just how tricky are the spam bots these days? Would having the image name be the ISBN # be too obvious?

Here is a sample cover:

Prove You Are Human
(source: mfrl.org)

Glorfindel
  • 21,988
  • 13
  • 81
  • 109
aslum
  • 11,774
  • 16
  • 49
  • 70
  • 2
    Why do you want this instead of (RE)CAPTCHA? – Nitrodist May 02 '10 at 19:13
  • 2
    Do those covers look appealing without titels and author? Can they all be recognized? – Gabriel Ščerbák May 02 '10 at 19:16
  • You mean, that they would have to recall book title by picture of its cover? Wouldn't it be too hard for them? – Chris May 02 '10 at 19:18
  • 1
    @chris kind of defeats the purpose of a library doesn't it? Fortunately, i *think* he's planning to only use books with the title **on** the cover – Rob Fonseca-Ensor May 02 '10 at 19:27
  • I was planning on picking books with the title on the cover (and possibly some with the author) in a legible font. I was kind of thinking that since each cover would be in different font, color and positions in the image, and generally there is both title and author on the cover, that might be sufficient to befuddle OCR. – aslum May 02 '10 at 19:38
  • @Nitrodist: Some of our patrons are eldlery and not very technology proficient and have difficulty with the captcha. Plus having a book cover would be more thematically appropriate for a library. We do already have RECAPTCHA, at this point I'm basically gathering info before I discuss the idea with my boss... if it turns out to be a bad idea from a technical standpoint, I don't want to get him excited over it from a design standpoint. – aslum May 02 '10 at 19:58
  • No captcha system which requires that you put in the data _manually_ is ever going to be secure. The bad guys have at least the resources you have. I suggest using a honey-pot system for small sites, for larger ones you won't get around using a common captcha. – Georg Schölly May 02 '10 at 20:19
  • 1
    Is anyone going to spam a library site? I would show some books as is and then get the user to type in the title. The OCR would be challenging enough not for anyone to bother imho. – James Westgate May 02 '10 at 22:00
  • @James Westgate: The amount of spam we got before we put in CAPTCHA wasn't huge, but it was enough to make the CAPTCHA pretty much a requirement ... However the relatively small amount, and fact that only a few people would ever be the recipients is part of my reasoning for thinking this might be a reasonable solution. Hopefully it would take more effort to break the captcha then to just fill out the form by hand. – aslum May 03 '10 at 22:46
  • Sounds cool to me, after all a captcha is just some text obfuscated on some background - and a book cover isnt far from that. So quick and easy as well, as long as you have jacket images and titles of course. – James Westgate May 04 '10 at 21:53

2 Answers2

3

You need to make it difficult for an OCR system to read the text. Otherwise the spam bot will easily get through your captcha, without any customisation from a human spammer.

That's why you see funny XORing, noise and distortion on most captchas these days.

As a matter of principle, it makes sense to NOT base the image name on something that can be looked up, although in the case of a local library, chances are low that any spammers will be writing custom scripts to defeat your captcha...

Rob Fonseca-Ensor
  • 15,510
  • 44
  • 57
  • Is there a fairly simple way I could test OCR on some covers? I've added a sample cover into the original post since I can't seem to get it to show up in a comment. – aslum May 02 '10 at 19:48
1

Try, jQuery and html version from this: Practical non-image based CAPTCHA approaches?

Community
  • 1
  • 1
Chris
  • 3,405
  • 4
  • 29
  • 34
  • Thanks, but we do already have CAPTCHA ... I was just curious if it might be possible to do something that was a little more thematically appropriate for a library, and easier for our technophobe patrons, while still being fairly secure. – aslum May 02 '10 at 21:55