Defeating reddit’s CAPTCHA

cap

Here’s something we’re sure SEO specialists, PR reps, and other marketeers already know: how to write a script to game reddit.

The course of upvotes and downvotes controls which submission makes it to the front page of reddit. These submissions are voted on by users, and new accounts must log in and complete a CAPTCHA to vote. [Ian] discovered that reddit’s CAPTCHA is not really state-of-the-art, and figured out how to get a bot to solve it

The method exploits the 8-bit nature of the distorted grid in the CAPTCHA. Because this grid isn’t pure black or pure white, it’s at a lower intensity than the letters in the CAPTCHA. Putting the CAPTCHA through a threshold filter, deleting any blocks of pixels smaller than 20 pixels, and running it through a classifier (PDF there), a bot can guess what the letters of the CAPTCHA should be.

Out of the 489 CAPTCHAs [Ian] fed into his algorithm, only 28 – or 5.73% – were guessed correctly. However, because he knows which CAPTCHAs had failed segmentation, ignoring those can increase the success rate to 10%. Theoretically, by requesting new CAPTCHAs, [Ian] can get the accuracy of his CAPTCHA bot up to about 30%.

Combine this with a brilliant auto voting script that only requires someone to enter CAPTCHAs, and you’ve got the recipe for getting anything you want directly to the front page of reddit. Of course you could do the same with a few memes and pictures of cats, but you knew that already.

Comments

  1. Christopher says:

    Wow, that’s awesome!

  2. sneakypoo says:

    Yay, more reasons for websites to create captchas that are barely readable for humans but get cracked by computers easily. Can someone please figure out a way to make captchas die already?

    • juno says:

      On the upside, captcha created a game of cat and mouse that resulted in better OCR – lots of incremental improvements due to a challenge that grew steadily.

      The same mechanism is going to fuel the follow-up technique. Suppose you base it on natural language or context awareness … 3 years later you’re going to have impressive results in those fields.

      Anyone looking at replacing captchas: take a look at the computationally hard fields in computer science. Lots of those problems translate directly to real world examples. Let both sides benefit.

    • Dax says:

      “Can someone please figure out a way to make captchas die already?”

      Well, the ovbious solution would be to log in with your banking credentials and SSN…

    • Blue Footed Booby says:

      I think it’s more of a reason to abandon upvote/downvote systems for causing discussion to devolve into a popularity contest, or at least to abandon the pretense that such systems are somehow “democratic.”

  3. ejonesss says:

    looks like they fixed the video

  4. ejonesss says:

    the only reasons i can think of why you would want to vote up/down the posts is if you see a post whose headline contains a sexually or racially offensive word and you could get a bunch of accounts to vote up the other articles to get them to fill the recent news list or vote down the sexually or racially offensive posting to get it to fall of the recent news list.

    slyck.com uses a list like that on the front page

  5. Will Lyon says:

    Or you could do something more productive with your time than….well…reddit. Seriously.

  6. Rock Kennedy says:

    Great, thanks for creating the need for something even more annoying than CAPTCHA.

  7. jpa says:

    You probably still need a botnet so that all the requests don’t come from a single IP address..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,583 other followers