{"id":315,"date":"2006-11-01T01:53:41","date_gmt":"2006-10-31T14:53:41","guid":{"rendered":"http:\/\/www.somethinkodd.com\/oddthinking\/2006\/11\/01\/an-economist-looks-at-captcha-and-porn\/"},"modified":"2006-11-01T01:53:41","modified_gmt":"2006-10-31T14:53:41","slug":"an-economist-looks-at-captcha-and-porn","status":"publish","type":"post","link":"https:\/\/www.somethinkodd.com\/oddthinking\/2006\/11\/01\/an-economist-looks-at-captcha-and-porn\/","title":{"rendered":"An Economist Looks at CAPTCHA and Porn"},"content":{"rendered":"

On Coding Horror, Jeff Atwood talks about the effectiveness of CAPTCHA<\/a>.<\/p>\n

CAPTCHA<\/a>? You know, those weird pictures of letters on popular web-sites you need to type in to prove you are human and not someone who interferes with elephants<\/a>.<\/div>\n

While Atwood was generally supportive of CAPTCHA, one of the issues he cited was the idea of using free porn to circumvent it. The idea is simple: when you try to use a web-site protected by CAPTCHA, you simply snaffle the image and display it on an adult web site – offering “free” pornography to any human willing to type in the text.<\/p>\n

I’ve heard of this (theoretical? urban legend?) attack before, and it got me pondering about the economics of the issue. I am not a trained economist, but let’s look at where thinking like an economist takes us.<\/p>\n

The spammers believe getting their messages posted has a certain utility to them – let’s call it a<\/code> cents per message.<\/p>\n

The web-masters think spam lowers the value of their site by b<\/code> cents each. Where b<\/code> is significantly less than a<\/code>, then there is a market for web-site advertisements.<\/p>\n

The web-masters think non-spam (“ham”) comments increase the value of their site by c<\/code> cents each. If c<\/code> is too small to bother with, they will turn off comments. Otherwise, they have a problem – spammers will post so many comments that the sum of all the b<\/code> values will outweigh the c<\/code> values.<\/p>\n

The solution is to charge each user d<\/code> cents to comment. The cost d<\/code> must be more than a<\/code>, but less than the value commenters see as having their comment published. <\/p>\n

This cost d<\/code> is implemented by requiring some of their human effort – i.e. to parse some text and type it in. The power of CAPTCHA is ensuring that the cost, d<\/code> cannot be undercut by using a computer.<\/p>\n

A digression: The weird part of this arrangement is that the payment costs the purchaser, but doesn’t actually benefit the web-master. So how can we make it so the computation required actually rewards the web-master? What simple (and easy to double-check) computation could be requested that benefits the web-master? Folding@CAPTCHA?<\/div>\n

So, now the difference between b<\/code> and c<\/code> is frustrating to the spammer, but the spammer has another asset. The spammer has pornography that has a fixed cost to acquire, but a negligible cost to distribute. Rather than selling that pornography to users for a fair price, they simply charge d<\/code> by making the user solve the original CAPTCHA for them. As long as the numbers are high enough, the amortization of the fixed cost to acquire the pornography makes this virtually free.<\/p>\n

So, how do we protect against this attack.<\/p>\n

Atwood suggests it isn’t a real problem we see in the field, and therefore doesn’t need to be protected against. Pragmatic, but too boring.<\/p>\n

Including the name (or some explanatory text) on the original site in the CAPTCHA image would help detection of the issue to occur faster. The porn viewer could see what was going on and report the web-site to the authorities. That would decrease the usability of the original site, and requires porn-seekers to come forward to authorities.<\/p>\n

I can see a better solution – a method of undermining the whole economy here.<\/p>\n

As long as d<\/code> is the cheapest cost for porn on the web, users will continue to “purchase” porn from spammers. But what if there was a cheaper source?<\/p>\n

Anti-spam campaigners need to host mammoth sites of free porn<\/strong> available to all users. As long as users can easily get porn for free, why would they bother to pay d<\/code> (i.e. fill in CAPTCHA forms) on spammers’ sites?<\/p>\n

When you look at free porn like an economist does, you can see this is truly the best way to prevent comment spam.<\/p>\n","protected":false},"excerpt":{"rendered":"

When you look at free porn like an economist does, you can see this is truly the best way to prevent comment spam.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"","footnotes":""},"categories":[31,30,21,27],"tags":[],"class_list":["post-315","post","type-post","status-publish","format-standard","hentry","category-geek","category-humour","category-observation","category-thoughts-from-the-shower"],"_links":{"self":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts\/315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/comments?post=315"}],"version-history":[{"count":0,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/posts\/315\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/media?parent=315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/categories?post=315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.somethinkodd.com\/oddthinking\/wp-json\/wp\/v2\/tags?post=315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}