[seqfan] Re: Email addresses Was: offset of A000254 wrong?

Wed Aug 5 19:33:53 CEST 2009

Thanks, this also looks like a very good option.

I've never seen "CAPTCHA's" used specifically in this way, but I've tried
this now and like the method.
I also like the fact that the responses are simultaneously helping to
digitize books.  I'm sure many people like the fact that this service
is free (at least for now, although I have no information that that would
change).

I do not share Joerg Arndt's apparent concern (or at least suggestion) that
this method is easy to break.
My understanding is that these distorted images are either never reused or
are only reused very infrequently, in which case someone would
programmatically have to trick people into solving a large number of them,
saving copies of each image and the corresponding solution in a database,
and then programmatically keep trying a very large number of times until a
previously-seen image is eventually recycled at the actual place of the real
challenge (such as finding Paul Raff's e-mail address) at which time it
would be matched somehow against the large database of saved images.
Meanwhile the provider of reCAPTCHA is monitoring and dealing with heavy,
repeated assaults from particular IP address(es).

Having said all that, if someone does figure out a quick, easy,
worth-the-bother way to beat reCAPTCHA, security is defeated for a lot of
people simultaneously (which the provider promises would be quick to fix
without having to reinstall anything) -- as opposed to people individually
providing their own normally-static-but-unique-and-updateable methods (say,
in an "e-file" as I mentioned elsewhere).  {This is actually a general
computer software philosophy question:  Is there really such a thing as
"standardized security"?  People's answers will vary.}

The main "con" I can think of, though, is the dependency upon another
organizations' servers (belonging to the reCAPTCHA provider itself) in order
to get through to the e-mail info.  If there are site or internet problems,
that information, would be (temporarily) unavailable.  (They do claim to
have a lot of redundancy though.).

Rick (not particularly trying to hide my e-mail addresses -- if I get tired
of reading spam from one account I can always do so from another)

On Tue, Aug 4, 2009 at 6:07 PM, Raff, Paul <praff at math.rutgers.edu> wrote:

> If we're forward-looking and thinking about the upcoming wiki, what about
> having email addresses inside a reCAPTCHA, for those that are concerned
> about them getting scraped?
>
> You can look on my website for an example, in case you don't know what a
> reCAPTCHA is:
>
> http://www.math.rutgers.edu/~praff/
>
> It would be more burdensome for the person trying to find the email
> address,
> I agree, but not so much as to prevent the user from abandoning his/her
> effort to get it.
>
>
> [paul]
>
> Paul Raff
> Graduate Assistant - Monitoring Message Streams
> Rutgers University
> http://math.rutgers.edu/~praff
>
>
> <previous quote removed by rls>
>