Owners of free e-mail account services really do not want spammers to acquire accounts for the purpose of sending spam.  So service owners use captchas to help ward off automated account registrations.  Of course we believe our captcha works better than all the others out there, but still there are some spammers who continue to acquire e-mail addresses despite security tactics.  How do they do so?

The answer, for some, is decidedly low tech.

Today’s NY Times has an article describing how some nefarious spammers simply hire others to answer captchas on their behalf.  In other words, outsourcing!

I certainly can’t imagine a more tedious job: most captchas are difficult to read, and typically not that interesting (although there are some humorous exceptions).  Indeed, one company who used to offer such outsourced captcha-solving services no longer does so as it is neither all that profitable nor interesting:

“We found that it’s not worth doing,” said Mr. Paveri, a manager in SBL’s business process outsourcing and graphics unit. Moreover, he added, “after some time, the productivity of people comes down because it’s a monotonous job. They lose their interest.” (source: NY Times).

So should you worry about it?  Perhaps, but your volume of new accounts should be on the order of MSN’s (thousands per day) to make it worth spammers’ time.

The real problem is the motive for such actions: acquiring an inventory of limited quantities (concert tickets) for resale on a gray market (i.e. Wiseguy’s ticket site) at a significant mark-up.  The motive (suspicious pundits also say) for the indictment: Ticketmaster has undue competition for its subsidiary (TicketsNow).  The end: Ticketmaster rids itself of a competitor.  The corollary: consumers still end up paying too much for their tickets.

That’s a lot of ‘wrongs’ — are we really getting the ‘right’ out of this?

The Worst CAPTCHA Ever?

What’s worse, it came on an announcement from the Baltimore Sun regarding the introduction of CAPTCHAs to protect one of their blogs from bot-initiated spam posts.  That I found the CAPTCHA above is completely coincidental: I received a notification they were using a CAPTCHA and I went to check out whose they were using and was given the above CAPTCHA to answer.  Methinks they need an easier-to-read, superior CAPTCHA!  I mean really — that’s horrible!

Why should you care?  If you are a publisher, you are probably aware that you sometimes get paid based on the number of times your site visitors click on the ads on your site (”Pay Per Click” or PPC).  It’s the advertisers that are actually paying for that click — and it’s their expectation that every click they pay for should be legitimate.  Of course click-fraud means that many of these clicks are not.   Fraudulent activity drives up costs for advertisers and drives down the available pool of money to pay to legitimate publishers.

Why is it done?  Easy money, of course.  Below is a sampling of two types of fraudsters:

Nefarious publishers may host banner ads on their website and then click on the ads themselves with the sole intent of garnering PPC revenue. Those site owners clicking on the ads have no intent on conducting legitimate transactions with the advertiser.

Another common motive is competition: competitor-A will click on as many of competitor-B’s ads as possible to deplete competitor-B’s marketing budget. Once depleted, legitimate users will only see competitor-A’s ad.

How bad is it?  According to the Click Forensics, roughly 15% of all clicks are fraudulent — or over three quarters of a billion dollars per year!

Why do we at BotProof bring this up?  With the same technology that is used to make our CAPTCHAs bot-proof, we can make ads click-fraud proof.

For instance, check out this mock up of an ad (here).  Bots can neither read (nor click on) those things they can’t see — and in this case both the CAPTCHA code and the ad are protected within our animation scheme.  Thus it doesn’t matter where you’ve been, what malware you’ve picked up along the way — your PC won’t be involved in any click-fraud on BotProof’s ads.  And advertisers utilizing our platform won’t be wasting money due to automated click-fraud activities.

Give our sales team a call if you want to learn more!

For those looking for our breakthrough IT security product that protects “in use” data, CamoKey, visit our sister site Cernious.

So please poke around the site, let us know what you think, and by all means: sign up!

Bots use Optical Character Recognition (OCR) to defeat CAPTCHAs.  Our competitors fight this by distorting their CAPTCHAs, making it harder for you and I to read.  And as bots evolve, our competitors have no choice but to distort their CAPTCHAs even further.

reCAPTCHA is no different — ever try to read their CAPTCHA while trying to buy a time-limited commodity (e.g. concert tickets)?  Grrrr…don’t get me started!

It’s simply an unsustainable approach to CAPTCHAs.

But here’s what’s even more interesting: the opposite is also true.  Google/reCAPTCHA just made changes so that their CAPTCHAs are easier to read (great for end users), but in doing so they instantly become less effective (bad for publishers and site admins).

To wit: as stated in an article entitled New Google CAPTCHAs Now Cracked, “Users now find the words easier to read – but so do machines.”  In fact, security expert Jonathon Wilkins was able to increase the effectiveness of OCR on these easier-to-read CAPTCHAs by a full order of magnitude.  Yikes.

Take a look at our animated CAPTCHAs: our approach does not sacrifice effectiveness for readability (and vice versa).  And heck, with our AdEmbed service, we’ll even pay you to use it!

In conjunction with a newly formed partnership with the Community Foundation of Utah (mission: “to harness Utah’s entrepreneurial spirit in service to the common good through smart philanthropy”), I was invited to join almost 140 like-minded entrepreneurs and senior leaders from Utah’s non-profits in 5-minute “speed mentoring” sessions on topics such as marketing, strategy, and operations.  The objective was to provide non-profits with meaningful, strategic advice to help them through their various challenges.

In three hours of intense work, I was amazed to hear of the various services offered to our state, and inspired by the dedication these leaders have to their respective missions.  I was pleased to be able to help so many organizations in a short time period.

And our contribution does not end there, we are also a donor — and, again, in a way that capitalizes on the scale of the Internet.  By contributing equity to the Community Foundation, our success will help fund their success.

Happy Holidays!

• on-going education about our technology, what makes it superior, and how we’re evolving it
• how best to utilize our solutions, whether you are a publisher or an advertiser
• provide context for bot-driven activity, why you might care, and what we are doing to protect you and your site
• occasional “behind-the-scenes” view as to who we are, why we are emphasizing certain marketing messages, and how we are reacting to industry trends
• foster a conversation about best practices for our user base, such as how publishers can maximize returns for themselves and participating advertisers

Our blogs will primarily be authored by the BotProof management team, including this one.  I’ve helped multiple startups grow and am honored to have been part of BotProof since late 2008.

I have been tasked with managing the product you see and use, and I think you’ll find that we’ve created a successful marriage between a superior CAPTCHA and a business model where everybody can enhance their revenue:

• publishers can turn existing site functionality (i.e. CAPTCHAs) into incremental, premium ad inventory
• advertisers can enjoy higher ad interactions
• we can fund continued technical development

We welcome your comments!

Regards,

Tim Brown
COO, BotProof.com