The Lie on 100% KeyCAPTCHA’s Protection (Unbreakablity) from Bots: Debunking KeyCAPTCHA’s Myths
The myth about 100% protection from bots (or, rather, marketing slogan) is republished in thousands publications on the internet.
Those republishing it obviously did not minimally bother to search internet by keywords:
- jigsaw puzzles machine (computer) solving (assembling)
- visual recognition
to know that jigsaw puzzles were being successfully solved (assembled) by computer (machines, bots) long before CAPTCHA invention, image- video- or speech recognition.
Later, I shall update this article with references of concrete reports debunking this myth
Related article:
- Автоматическое распознавание KeyCaptcha
In Russian (use http://translate.google.com):
With video and code
Hacking jigsaw puzzle game KeyCaptcha used as anti-spam protection in sites powered by PHP web-CMS suchs WordPress, SMF (SimpleMachines Forums), IPB (IPS – InvisionPower Services), Drupal, Joomla, etc.vBulletin)
http://intsystem.org/448/vzlom-keycaptcha - Взлом интерактивной CAPTCHA (10 Febr 2011)
Automatic Recognition and Solving of Interactive CAPTCHA (KeyCAPTCHA pairs)
http://webbonews.ru/vzlom-interaktivnoj-captcha
Antispam KeyCAPTCHA.com Email Spam
.
This is funny.
.
It was an open secret for a very long time that its support@keycaptcha.com is in list of known spammers (difficult or impossible to unsubscribe from a service once subscribed) as well as there were reports that KeyCAPTCHA.com’s antispam protection collects Emails.. .
.
I’ve got a 3d-party Email confirming this (I leave contacts as they are publicly available on the internet)
From: | gloria<at>gloriarand.com |
to | Gennady <Censored@gmail.com> |
date | Thu, Sep 8, 2011 at 8:07 PM |
subject | Fwd: Changes in KeyCAPTCHA Terms of Service |
Check out this email I got today. I don’t recall signing up for their service.
Gloria
Gloria Rand
SEO Copywriter & Social Media Consultant
(786)942-8321
gloria@gloriarand.com
Turning Keywords into… Copy that Clicks!
Authorized 1&1 Hosting Affiliate
Follow me on Facebook
Follow me on LinkedIn
Follow me on Twitter
Read my blog
———- Original Message ———-
From: KeyCAPTCHA <support@keycaptcha.com>
To: gloria@gloriarand.com
Date: September 8, 2011 at 7:33 AM
Subject: Changes in KeyCAPTCHA Terms of Service
Please, get to know with the updated Terms of Service at www.keycaptcha.com
For more information on amount of your income, click here .
Ad displaying in KeyCAPTCHA at your website(s) will launch on September 12, 2011.
An advertisement in KeyCAPTCHA will be displayed if we have advertisers who are willing to advertise in KeyCAPTCHA at websites whose subject matter suits your website’s subject.
If for some reason you are reluctant to earn money by our service, and you are unwilling to display ads in KeyCAPTCHA at your website, you have to go to your website’s additional settings atwww.keycaptcha.com and turn off ad displaying in KeyCAPTCHA at your website.
We anticipate a long-term and fruitful collaboration.
Best regards,
KeyCAPTCHA
Related articles:
Antispam “KeyCAPTCHA is Under Attack” Forum Spam as an Example of “Best PR is Black PR” Technique
.
.“Life is not about waiting
for the storm to pass,
it’s about learning
to dance in the rain”
~Unknown Author
(sometimes attributed to
Viviane Greene)
.
.
.
KeyCAPTCHA.com antispam service created viral publicity of its service as absolutely free, having involved in this campaign many others unaware.
KeyCAPTCHA.com creators being professional spammers and blackhat profiteers routinely use Email and forum spam (See also: “Antispam KeyCAPTCHA.com Spam“) , spinning software, content farms to fill internet with spam promoting its antispam KeyCAPTCHA service.
One of the latest examples devoted to slandering me personally was botted by hundreds identical texts over the internet
Here are my answers to it:
.
“The person spreading a slander and a lie regarding the KeyCAPTCHA Service uses different nicknames on different web resources” [1-2]
My answer:
I have to use multiple accounts since they were deleted by the requests of KeyCAPTCHA.com without any check of facts.
By the way, most was created due to instructions of ex-employer KeyCAPTCHA.com, before the date of my dismissal (May, 2011) and if it insists, I can expose them publicly.
Please read my “KeyCAPTCHA, I’m a Liar – Pants on Fire – Was I Good or Bad?”
,
I do not post in the same site under different nicknames and accounts as it is routinely being done by KeyCAPTCHA.com continuing to spam forums under multiple nicknames (usernames, accounts) in the same topic.
For example, KeyCAPTCHA account and its clones (babnicks, Drew_007) were banned in http://forum.searchengines.ru for aggressive spamming, off-topic, flame (personal insulting of its concurrent business in Russia) in the same topic!
I do publish only part of truth which is is easily available for check in public access on the internet!
“You can find it out by googling “KeyCAPTCHA is under attack” (quoted)” [1-2]
My answer:
Well, you can’t find all because exact copies of the same text are blacklisted by search engines but I give the partial (that I could find) list of references (URLs) below [1].
KeyCAPTCHA.com:
“This person extorted money from our employee. And he had been caught by the police when he was taking the money” [1-2]
My answer:
I could not extort money from KeyCAPTCHA’s employee because I was informed by this “employer”, already after my dismissal that company that hired me (I am in Russia), was not registered legal company having changed its previous alleged locations (now it is US-based Mersane) and legally could not have employees
Also read:
KeyCAPTCHA.com:
“This person alleges that he had been our employee. But it is the lie.
We are not going to conceal that he assisted us in supporting our twitter account.
But after the numerous reprimands regarding the quality of his messages on our twitter, we had fulfilled all our obligations to this person and renounced his assistance” [1-2]
My answer:
This is already 7th variant of my story by KeyCAPTCHA.com I am reading about me.
The 1st one was that I had never worked in KeyCAPTCHA.com,
stole @KeyCAPTCHA twitter account with the help of which I extorted money
(Isn’t it reidiculous that someone can extort thousands UDSs by stealing a twitter account?)
Read my post: “How I Stole My Own KeyCAPTCHA Twitter Account”
I was employed as Software Developer in Test.
Getting job for supporting a twitter account with my qualifications and experience is ridiculous
Read also: “Who Stole @KeyCAPTCHA Twitter Account?”
KeyCAPTCHA.com:
“But he has never been an employee of our company.
We just had a verbal agreement with this person” [1-2]
My answer:
By Russian Labor Legislature and Employment Laws, the employment is being determined by the fact of working employer-employee relationships (working in office, fulfilling working instructions under daily timetable, etc.) but not by writing and signing agreements.
This is quite similar in EU labor legislature.
I was promised the formalization of written contract after 2-month probation which I successfully passed as well as I have thousands proves and witnesses of my work as employer.
KeyCAPTCHA.com: "The Twitter support team had blocked his 3 accounts of his slander and lie on the KeyCAPTCHA Service right after our request and his 2 accounts without our requests Scam.com support team has blocked his 2 accounts of the same lie" [1-2]
My answer:
And I believed that KeyCAPTCHA’s efficiency was, at least 80% while it is just 1-2/7=71%
I shall publish the list of banned for spamming KeyCAPTCHA accounts soon
Also, read my article: “Why Twitter Supports Criminals?”
.
KeyCAPTCHA.com:
“We are not going to reply to his future messages on this website. It is not our goal.
We just wanted to publish the facts regarding this person” [1-2]
My answer:
KeyCAPTCHA’s spambot has a bug.
It swears everywhere multiple times in the same threads that it is its last reply .
For example, there are the same promise in the same threads with continued self-talking thereafter:
- the last phrase of post on 08/19/2011:
“Уважаемые форумчане, отвечать на данном форуме на дальнейшие опусы Nedodurok’а мы не будем в виду отсутствия времени и исчерпанности темы обсуждения”
and in the same thread already in 2 langauages on 09/11/2011:
“Мы не планируем отвечать на его последующие сообщения на данном сайте”
“We are not going to reply to his future messages on this website. It is not our goal.
We just wanted to publish the facts regarding this person” - Ibid in
http://forum.searchengines.ru/showthread.php?p=9494514#post9494514 - etc.
KeyCAPTCHA.com:
“Our service and company are absolutely legal.Here are the variants of using KeyCAPTCHA:” [1-2]
My answer:
The facts are that KeyCAPTCHA.com continues to use intentionally deceptive, misleading, false and fraudulent marketing and advertising I published before and none of them has ever been addressed (if to ignore the attacks on my Multiple Nym Disorder Syndrome induced by my experience from working in and protecting from KeyCAPTCHA.com)
.
.Cited above:
[1] Some of the links to “KeyCAPTCHA under attack” publications (posts, comments, etc.):
[1a] In English only
- http://drupal.org/node/1255790#comment-4973198
- http://scriptmafia.org/index.php?do=lastcomments&userid=50342
- http://pcvaluware.com/blocking-comment-spam-on-wordpress/comment-page-1/#comment-580
- http://wordpress.org/support/topic/anti-spam-plugin-keycaptcha-captcha#post-2332367
- http://wordpress.org/support/topic/plugin-keycaptcha-free-interactive-captcha-service-buddypress-support#post-2333352
- http://abelads.com/1526/keycaptcha-spam-service-joomla-plugin.html/comment-page-1#comment-6693
- etc.
- http://mywordpress.ru/support/viewtopic.php?pid=95367#p95367
- http://ipbskins.ru/forum/topic7159.html/page__view__findpost__p__54382
- http://masterpro.ws/forum/26-extensions-joomla/369—joomla?limit=10&start=10#2946
- http://www.web57.ru/index.php/rascshirenie/plagins/item/79-keycaptcha.html#comment35
- http://forum.searchengines.ru/showthread.php?p=9494514#post9494514
- etc.
[1c]
Ibid, In Russian:
[1d]
Ibid, deleted by webmasters as spam:
- http://www.wjunction.com/showthread.php?p=1006604
http://www.wjunction.com/showthread.php?p=1005826
http://www.wjunction.com/64-webmaster-resources/73521-keycaptcha-spambot-protection-2.htm#post1006589 - http://www.phpbb.com/customise/db/mod/keycaptcha/support/misinforming_descriptions_of_keycaptcha-t_94587
http://www.phpbb.com/customise/db/mod/keycaptcha/support/misinforming_descriptions_of_keycaptcha-t_94587-p_228509-sid_0b43072a24ad587660305a74bbe43dcb#p228509 - http://phpclub.ru/talk/posts/620417/
- etc.
Dear Visitors,
The person spreading a slander and a lie regarding the KeyCAPTCHA Service uses different nicknames on different web resources.
He thinks up his new slander and lie from time to time.You can find it out by googling “KeyCAPTCHA is under attack” (quoted).
======= Ooops, cut in order to avoid creating large chunk of duplicated content
.
Related articles:
New Trends in Spamming: Spam Fused into Antispam Protection with Spamming Visitors Instead of Web Sites
.
“There are only 2 ways of telling the complete truth –
anonymously and posthumously”
~Thomas Sowell
.
“Find out what the meaning of life is,
and see if we can monetize it”
@bizcartoons (Ted Goff)
.
Spamming web sites with links to fool search engines was always doomed game because it irritated both owners of web resources and visitors.
Also, even appearing of website in top of SERP (Search Engine Result Pages) did not mean having marketing success
So, the recent trend is to deliver unwarranted advertising, aka spam, directly to visitors without leaving spam on web resources (sites, blogs, etc.) as well as to bribe (sorry, share profits with) owners of web resources.
Looks like spamming through antispam solutions became more lucrative than previous spamming schemes.
The author exIV of an article
- Modern Spam Protection Systems by the Eyes of Ex-Spammer
Взгляд на современные системы защиты от спама веб-форм глазами бывшего спамера
.confesses in comments to this articles that:
- he is professional spammer and blackhat specialist
(“А спамер я был по-совмеместительству, я занимался черным СЕО…и было время когда на клик-клике да рупоиске по 500$ в день капало 🙂 “ - and now the owner of KeyCAPTCHA
(“ну то есть конечно я владелец кейкапчи”) - always approached the spamming and spambot development with imagination considering it to be an art and his botted comments were contextual and undetectable by antispam filters
“Я подходил к этому делу как к искусству и мои комменты были зачастую «прямо в тему»… Хоть делал их робот…”
. So, now he developed a new miraculous technique of unavoidable spamming through antispam protection KeyCAPTCHA.
Though, what’s the difference?
Earlier his bots entertained end-user with meaningful spam comments and now with meaningful entertaining spam (puzzle) pictures, leaving happy not only advertisers but now also owners of web resources.
.
Though, one profound problem remains with this antispam spam scam.
.
Spam or not spam is not determined by happiness of advertisers and advertising intermediaries, even when they are happy with spam owners of web resources, but by explicit consent of end-users, or visitors of web-resources.
Protected: Lies, Big Lies and Statistics of KeyCAPTCHA Service Part 1 On the Amount of Protected Sites
If Interested in a Free Service, then Don’t Promote it?
Half the work that is done in this world
is to make things appear what they are not
~Beadle, E. R.
Any sufficiently advanced technology is
indistinguishable from magic
~Arthur C. Clarke’s 3d Law of Prediction)
But magic can sometimes just be an illusion
~Javan
Belief in the absence of illusions is itself an illusion
~Barbara Harrison
A hallucination is a fact, not an error;
what is erroneous is a judgment based upon it
~Bertrand Russell
So, after a storm of angry publications by unhappy webmasters and uninstalls of KeyCAPTCHA plugings, on August 14, 2011, KeyCAPTCHA.com “announced” (by posting a few replies, for example here and there) that the free of charge option of its service was restored from August 8, 2011 (probably because the last post of KeyCAPTCHA defending its removal was from August 7, 2011, see the same links upward). Novosibirsk time (GMT +6:00) everywhere in this article.
The most funny thing was that there were no changes in ToS or any descriptions on keycaptcha.com webite whatsoever! But wait, there’s more
How to Lie without being Caught-22 (Lessons Learned from Communicating with KeyCAPTCHA.com)
Wisdom says that a liar should have a good memory. Not true on the internet, it is enough to manage to change or remove your previous publications.
I and others caught KeyCAPTCHA.com, my former employer, to publicly lie hundreds times and you will not find any such publications.
From my observations, the posts on the forums based on WCMSs (Web Content Management System) like
- vBulletin – permits changes
- phpBB – – permits changes
- SMF (SimpleMachines Forums) – permits delete
- Drupal
- Twitter (well, it is probably not WCMS and permits only to delete tweets but I hate Twitter no less for having permitted to slander and scam me by this feature)
usually let to change posts later, even after replies, whenever an author likes.
While on
- WordPress
- Joomla (after being replied?)
- IPB (aka IP.Board, InvsionPower Board) Services, how one should tag it in Social Media, I wonder?
do not (but only in a few minutes time immediately after posting) .
CSS Tutorials
What’s the point of permitting life-time changing (or deleting) what some has written, even after having dozens replies, I wonder?
One can check the forum’s CMS at the bottom of a web page and double-check it at webpage souce finding a string “generator”. Here is an example of HTML element from WordPress forum HTML-element:
- <meta name=”generator” content=”WordPress 3.2″ />
What about comments in blogs and posts that cannot be edited/deleted?
That’s also simple. KeyCAPTCHA Team has done it many times. It is enough post personal attacks on a participant the more and uglier the “better” until any sense is lost, then ask moderators, administrators/owner of the blog to delete the whole topic or branch for a flame and/or off-topic.
100% results of topic ensured to delete a thread, branch or a whole topic!
If the results are not immediate, just return and do it again and again.
08/19/2011 Update:
Hilarious confirmation of this shit-technique employed by KeyCAPTCHA itself.
Read all thread!
“We have detected spam activity, your actions are blocked”
In Soviet Russia, spam activity of spam-captchas block human’s access
Another technique is to block writers (blog commenters) through its KeyCAPTCHA by IP-address.
This is very clever to self-advertise you, only fans of KeyCAPTCHA and advertising will be able to use internet soon.
Catch-22: How to Annoyingly Block New Users on a Web Site
Recently I tried to register in http://www.aspenandvolare.com/forum.php
Even with the help of internet, I could not answer anti-spam registration question, it is always one and the same:
- What was the most common engine used in the Dodge Aspen & Plymouth Volare?
KeyCAPTCHA Spam Platform – Rebutting KeyCAPTCHA.com’s Claims that Spamming is Legal
In my previous article
I wrote about the dispute between the owner of http://ipbskins.ru, caught unawares by KeyCAPTCHA.com anti-spam service started to serve spam (ads picture puzzles + ads link) and disappearance of previous non-ads free captcha options.
In the followed afterwards discussion, in comments to Fisana’s blog and in ipbskins.ru forum post. KeyCAPTCHA Team re-stated that, according to changes of rules on August 2, 2011, webmasters have no free no-ads options any more. Now, there are 2 options to use (3d one to stop using) KeyCAPTCHA service ONLY:
- to buy “Personalized CAPTCHA” service (and serve whatever you want, including your own captchas without ads)
- to create advertising campaign permitting 3d-party ads to earn money. Hacking to remove ads picture (puzzles) and ads links will lbe punished by ban
- to uninstall KeyCAPTCHA plug-in and install alternative measure of anti-spam protection
So, recapitulating the “new” KeyCAPTCHA’s policies and rules:
- no opt-in to refuse (unsubsribe) from ads by addressee
In Russia, it is illegal under Part 2 of article 10 of Федеральный Закон Российской Федерации 149-ФЗ от 27 июля 2006 г. “ОБ ИНФОРМАЦИИ, ИНФОРМАЦИОННЫХ ТЕХНОЛОГИЯХ И О ЗАЩИТЕ ИНФОРМАЦИИ” - the ads are being provided without prior obligatory consent by addressee
In Russia, it is is illegal according to article 18.1 of Федеральный закон Российской Федерации от 13 марта 2006 г. 38-ФЗ “О рекламе” - no option of free of charge service without external/3d-party ads
This seems to be available in any other CAPTCHA service, including those promoted as ads platforms - impossible to identify of a person distributing ads:
KeyCAPTCHA Team is in Russia,
now presents itself as US-based Mersane Ltd.,
having presented itself untill the March, 2011 as Joint Stock ITNP (ЗАО ИТНП)
under the jurisdiction (see item 10.6) “of the Republic of Seychelles, without regard to conflict-of-laws provisions”
In Russia, it is illegal under Part 2 of article 10 of Федеральный Закон Российской Федерации 149-ФЗ от 27 июля 2006 г. “ОБ ИНФОРМАЦИИ, ИНФОРМАЦИОННЫХ ТЕХНОЛОГИЯХ И О ЗАЩИТЕ ИНФОРМАЦИИ” - No guarantees or liabilities by KeyCAPTCHA.com , see item 4 of KeyCAPTCHA’s ToS
In Russia, it is illegal under article 12 , article 38 of Федеральный закон Российской Федерации от 13 марта 2006 г. 38-ФЗ “О рекламе”
I cited the laws of Russian Federaration though there are similar statements in the laws of most countries stating that unavoidable advertising (or intrusive or inescapable or indivertible or unpreventable or encroaching or meddlesome or invasive advertising) is illegal.
Read for example: “Unavoidable Advertising – Is It Legal in the U.S.?”
I skipped EU legislation since US one is the most relaxed.
The KeyCAPTCHa.com Team argues then that:
- unwarranted advertising is omnipresent in TV, printed press, cinema, etc.
Well, this is demagoguery – I can always opt to skip watching or reading unwarranted ads and by this will not block deprive me from access other resources. - that spamming is legal as far as online service informs about it in its ToS (Terms of Service)
No comments: commit any crime, just don’t forget write your rules for this, even afterwards, as KeyCAPTCHA.com did.
- KeyCAPTCHA Scam – How to Make Spam Unavoidable
- KeyCAPTCHA Spam Platform – Rebutting KeyCAPTCHA.com’s Claims that Spamming is Legal (this one)
- KeyCAPTCHA “Genius” Demagoguery – Antispam Spamming Platform: Why to Buy a Spambot, Buy the Spam-thru-CAPTCHAs Share
- What Is the “first” in KeyCAPTCHA and Why to Have it Externally, i.e. Out of Control?
KeyCAPTCHA Email protecting service: One More Little Lie For The Sake of The Big True Lie
Having a big employment experience in various countries, before my “employment” in KeyCAPTCHA.com, I’ve never encountered the situation when employer and colleagues are always misinforming you, even on unimportant trifles.
.
One more such petty lie I recalled after reading the question by Trevor Matthews:
What a great idea.
Will the service always be available if I use it on some of my websites?”
http://www.vbulletin.org/forum/showthread.php?p=2295152#post2295152
and the answer there by KeyCAPTCHA:
http://www.vbulletin.org/forum/showthread.php?p=2295645#post2295645
Well, thу correct answer is that KeyCAPTCHA developers are or were never using this service to protect their own Email addresses.
When I asked “Why?”, the answer was:
Note that a service can be up but unreachable from certain destinations from/to which DDOS attacks come, kinda frequent situation in modern internet
I did feel me awkward by this answer because I advised this service not used by its own provider KeyCAPTCHA.com to my friends as well as I could not understand why I was misinformed about this before.
.
Business is business. In order to be deceptive one does not need to lie directly, just to omit some details.
At least, I could have full correct answer long before I made a clown from me before my acquaintances and friends.
.