Home
Documentation
Motivation
System Overview
Configuration
Publications
Downloads
Examples
Easy link
Moderate link
Hard link
Spam-resistant Guestbook

Motivation

Automated attacks remain a significant problem on the web.

Many websites employ Turing tests known as CAPTCHAs (such as the one shown in Figure #1) to combat automated agents. A CAPTCHA is a small, computer-generated image that contains skewed representations of letters and numbers. Before a user may submit information, they must correctly interpret the text, a task that is typically difficult for automated algorithms to do.

Fig #1: A CAPTCHA encountered at GMail.

Besides the hassle and inaccessibility that CAPTCHAs sometimes cause for legitimate users, recently CAPTCHA systems have been failing to thwart automated attacks. In a number of cases, sophisticated adversaries have developed automated solvers for simple CAPTCHAs. One such example is the PWNtcha library that can break many commonly used CAPTCHAs with high probability.

The largest problem for CAPTCHA systems is that their difficulty is fixed at roughly 10 seconds of human time. Enterprising adversaries have avoided the character recognition problem altogether and have simply out-sourced the solution of CAPTCHAs on sites like GetAFreeLancer where data-entry specialists offer to solve CAPTCHAs in bulk for less than $0.01 each. This has lead to the notorious attack on TicketMaster where Hannah Montana tickets were completely sold out within minutes of becoming available -- purchased mostly by ticket-scalping organizations.

Proof-of-Work in network protocols requires client-downloaded software or a change to how those protocols operate.