How CAPTCHA4us came to be...
A few years back, when I first designed the Geek Cave Creations website, I received a lot of spam emails through the contact page that I had made, which at the time had no Human Verification protection. In short order, I started looking into CAPTCHA scripts, but couldn't find one that I was able to easily figure out (after all, if I can't read it, maybe other's can't either), so I wrote my own. This first script still used the same old tactic of randomly placed letters for the user to decipher, though it varied the number of characters, along with the font, angle, color and placement of each letter, adding randomly generated noise and a gradient background, to make it harder for the bot scripts to crack. It seemed like it was better than what I had seen out there at the time, and it did the job quite well.
The only problem was, I still had a hard time reading the characters in the output image from time to time. So I considered the idea a bit more, and came up with a different method.
The idea here was to get rid of all those difficult to read letters, and replace them with something that even a 5 year old could recognise, yet would be difficult for a bot script to figure out. The real "trick" to this isn't so much in defeating the bot script's Object Recognition, since Object Recognition is nearly as advanced as Character Recognition. The "trick" here is to give the bot scripts as little "free access" to the images as possible. Most bot scripts don't rely on cracking every single image that they come across. They rely on matching the current image with one that was previously cracked, and using the results from the previous image. Needless to say, this is the area where I've concentrated on improvement. After all, pretty pictures are nice, but they do no good at all if a bot script can crack them without any effort.
One of the most important security features that the CAPTCHA4us script offers with all versions is "Hotlink Protection". Simply put, these images are designed to be viewed within the confines of a form, and nowhere else. If a bot script (or you, for that matter) were to try to view a CAPTCHA4us CAPTCHA image without it being inside of it's intended form, you would see this:
The image above still "looks" like a CAPTCHA image, but all it really is is a randomly generated image, made to keep bot scripts happily working away on something that does absolutely nothing. This is something that's enabled in all versions of the CAPTCHA4us scripts, and the Deluxe package takes this a step further, with IP logging (so that you can note repeat offenders, and possibly report them), and other methods that I don't exactly think I want to be made public. As an added, extra security measure, the Deluxe CAPTCHA4us script package will come as a pre-compiled executable file that will run on *nix or Win32 systems (your choice; both files will be included), to prevent bot script owners from purchasing the package and reverse-engineering the code quite so easily. and since the Deluxe package uses a completely different code base, and different methods of security measures, getting the Free package won't help the bad guys deal with the Deluxe package at all.
I value my privacy very highly, and I strive to treat others as I wish to be treated,
so by default, I value your privacy just as much as I do my own. Because of this, I will
never give out any personal information that may be collected from you
to anyone. This is, of course, the short version. Here's the "Long Version":
(sorry about the ~Royal 'WE'~)
Personal identification information:
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information:
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies:
How we use collected information:
CAPTCHA4us collects and uses Users personal information for the following purposes:
- - To personalize user experience, We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- - To process transactions, We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- - To send periodic emails, The email address Users provide will only be used to respond to their inquiries, and/or other requests or questions. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
How we protect your information:
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Sharing your personal information:
We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.
Web Site Terms and Conditions of Use
By accessing this web site, you are agreeing to be bound by these web site Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trade mark law.
2. Use License
Permission is granted to temporarily download one copy of the materials
(information or software) on CAPTCHA4us.com's web site for personal,
non-commercial transitory viewing only. This is the grant of a license,
not a transfer of title, and under this license you may not:
- modify or copy the materials;
- use the materials for any commercial purpose, or for any public display (commercial or non-commercial);
- attempt to decompile or reverse engineer any software contained on CAPTCHA4us.com's web site;
- remove any copyright or other proprietary notations from the materials; or
- transfer the materials to another person or "mirror" the materials on any other server.
- This license shall automatically terminate if you violate any of these restrictions and may be terminated by CAPTCHA4us.com at any time. Upon terminating your viewing of these materials or upon the termination of this license, you must destroy any downloaded materials in your possession whether in electronic or printed format.
- The materials on CAPTCHA4us.com's web site are provided "as is". CAPTCHA4us.com makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, CAPTCHA4us.com does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet web site or otherwise relating to such materials or on any sites linked to this site.
In no event shall CAPTCHA4us.com or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption,) arising out of the use or inability to use the materials on CAPTCHA4us.com's Internet site, even if CAPTCHA4us.com or a CAPTCHA4us.com authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Revisions and Errata
The materials appearing on CAPTCHA4us.com's web site could include technical, typographical, or photographic errors. CAPTCHA4us.com does not warrant that any of the materials on its web site are accurate, complete, or current. CAPTCHA4us.com may make changes to the materials contained on its web site at any time without notice. CAPTCHA4us.com does not, however, make any commitment to update the materials.
CAPTCHA4us.com has not reviewed all of the sites linked to its Internet web site and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by CAPTCHA4us.com of the site. Use of any such linked web site is at the user's own risk.
8. Governing Law
Any claim relating to CAPTCHA4us.com's web site shall be governed by the laws of the State of Nevada without regard to its conflict of law provisions.
Geek Cave Creations
1300 Rabe Way
Carson City, NV 89701
This document was last updated on September 29, 2011