October, 2011

Everyone knows that Captchas are annoying, but according to a team of Stanford University researchers, they don’t even work.  In a test of major websites like Visa’s Authorize.net, Blizzard, eBay, and Wikipedia, the team managed to get past various Captcha security systems using a basic decoding technique from the field of machine vision.

Machine vision was developed mostly as a way to control robots, by allowing them to detect various shapes and remove visual noise from their surrounding environment.  However, these same techniques have now been used in the creation of Decaptcha, a tool which was able to decode 66 percent of Captchas from Visa’s Authorize.net and 70 percent from Blizzard.

According to the team, any result above 1 percent means that systems are not working and should be pulled down.  While the results of these tests varied widely, Google’s Captchas proved to be the most secure.  The researchers had a zero percent success rate when trying to decode the Google Captchas, including one system called ReCaptcha developed by Carnegie Mellon University and purchased by Google.

However, in an interview with Cnet, a representative for Blizzard said that Captchas are not used to secure systems, and are mostly in place to cut down on spam and other minor annoyances.

Shon Damron from Blizzard said “It’s common knowledge that Captchas are fundamentally unable to fully guarantee application security, but they do protect against certain threats. While we use Captchas as an initial layer of security, primarily to minimize spam with regard to new account creation, they represent one of many different security technologies that we employ to protect our infrastructure and customers.”

According to a recent report, “do not track” browser options may not work the way you think.  In many ways, these options are simply an ineffective suggestion to websites, with voluntary compliance and no power over third party ads.

Most websites these days are commercial in nature, meaning they display ads and generate income from them.  Every time that a website is loaded, content is also loaded from various ad networks and independent advertisers, who can still track your web activity despite having the “do not track” option enabled.

Internet users are able to block ads with certain tools, which will block a lot of tracking.  However, it is almost impossible to view online advertisements and avoid tracking at the same time.  Jonathan Mayer from the Center for Internet and Society (CIS) at Stanford has recently reviewed a number of antitracking tools, with these key results:

1. Most desktop browsers currently do not support effective self-help tools. Mobile users are almost completely out of luck.
2. Self-help tools vary substantially in performance.
3. The most effective self-help tools block third-party advertising.

Indeed, the situation is so confused that Google do not even have a “do not tracking” option, instead using something called “Keep My Opt-Outs” on their Chrome browser.

“The idea of ‘Do Not Track’ is interesting, but there doesn’t seem to be wide consensus on what ‘tracking’ really means, nor on how new proposals could be implemented in a way that respects people’s current privacy controls,” said a Google spokeswoman in an interview with Wired.com.

Internet Explorer, Firefox, and Safari do have a “do not track” option, although as Mayer shows, they are mostly ineffective without the use of third party tools and techniques.

SimpLESS is a web-based LESS.js compiler that effectively negates the need for including the JavaScript library.

SimpLESS is useful, because you don’t have to include the LESS library in your projects as the result is pure CSS3 code.

It can also help as a tool for “extracting” code from LESS-based websites (there are a few). Besides, the less external libraries, the better.

Hawk.io is a web app that allows publishing files on the web via Dropbox.

The application connects with Dropbox and parses text files available on your website as text files.

It’s a very convenient way of storing files, because you can edit your files from anywhere as long as you can connect to Dropbox (edit text, save file, and you’re published). The files are formatted with Markdown.

However, you’ll have to wait a while for the service to be out of “development” or wait until the developer creates another account for development as Dropbox doesn’t support tests while the app is in use.

Google has launched a new feature which takes Street View indoors, with a number of businesses included in the initial implementation.  While this service has been under development since April 2010, there is renewed interest lately due to wider involvement and the expansion of available imagery.

Google announced plans to introduce 360 degree business photos back in May, saying “This experience, using Street View technology, includes 360-degree imagery of the business interior and storefront. With this immersive imagery, potential customers can easily imagine themselves at the business and decide if they want to visit in person.”

The functionality of this service has only now reached a point where it is useful however, with a “renewed interest in the past few days because as promised, as more of the imagery becomes available, we’re getting more of it online.”

Businesses who want to be involved and photographed can apply online, with individual businesses able to request the removal of certain photos if they don’t like them.  While this entire project does raise some important security and privacy issues however, the fact it is restricted to businesses is likely to keep potential problems from getting out of control.

If individual people accidentally end up in photographs, Google has said “we’ll either run the 360-degree imagery through our state-of-the-art blurring technology to blur out faces of any employees and customers who appear in the imagery, or we won’t publish the still photos if people are in view. Remember, only people with the authority to make agreements on behalf of the business can submit an application for photography, and by submitting the application you’re confirming that you have that authority and that you will follow the steps set out here.”

Facebook has added a new ‘subscribe’ feature to its comments box plugin, allowing users to easily follow comments that are made by other users who have enabled subscribers.  This feature has been well received by most Facebook users, and is likely to grow in the future through the continual evolution of the Facebook subscribe button.

“Today we launched a ‘Subscribe’ link in the Comments Box plugin to give people the ability to subscribe to commenters in one click, and give commenters another way to grow their Subscriptions base,” read the official Facebook launch post.

According to InsideFacebook, this new feature will “encourage civil discussion”, with people able to attract more subscribers through the use of intelligent comments and community interaction.  In a sense, it will create a tighter link between individual comments and the reputation of the person who made them, in theory at least.

By allowing active commenters a greater opportunity to attract new subscribers, Facebook are hoping to create a healthier, more engaged, and more responsible community.

With these new changes, anyone who allows people to subscribe to them will have a subscribe button placed next to their name on their Comments Box.  A subscriber count is also displayed in some situations, with users able to select the volume and types of updates that they receive.