Just when you think you have heard every crackpot theory for fighting the spam menace, a new one comes along that makes you sit up and take notice. How does using pictures of kittens to foil spammers grab you?

Bear with me, because the concept has some merit. Indeed, it was proposed by a researcher at the Microsoft 'Advanced Reading Technologies' group no less. Kevin Larson, speaking at the TypeCon 2007 conference in Seattle, has proposed a new twist on the Human Interactive Proofs (HIP) system best known through the CAPTCHA interface. HIP works by requiring a real human, as opposed to a computer driven spambot, to be able to identify something on screen. The human can, more often than not, quickly decipher the jumbled text presented on a patterned background, whereas the bot cannot. Or at least that used to be the case. HIP is an old technology in anti-spam terms, Microsoft has been using it for five years for example. This gives the spammers an edge, they have had time to perfect methods of getting around the protection.

Although, for now, CAPTCHA and its ilk are holding out against the spammers, the chinks in the HIP armor are starting to show. HIP systems are forever being tweaked and changed to stay ahead of the computers that are fast catching on and catching up. The clever money is on them overtaking the twisted text concept real soon now.

Larson and his group spend most of their time tweaking the distorted text, looking for ways to make it easier on the human eye and harder for the bots to spot. Larson also wonders whether we could do away with the text altogether and replace it with pictures.

In tests he has found that by displaying a grid of 16 images, cats and dogs for example, and asking the user to identify what is where the spammers can be locked out. For a while at any rate. It doesn't take a genius to realize that the spammers, with the huge financial and technical resources they have at their disposal, would quickly enough be able to automatically identify the photos unless an almost infinite number were available. It does take a genius to suggest that 'kittens are the wave of the future' as Larson did at TypeCon.

So could we soon see images of kittens playing with string, ripped from numerous videos of kittens playing with string, appearing on websites and forums all over the Internet? As unlikely as it may sound, I can think of no real reason why not. After all, the CAPTCHA idea seemed equally unlikely to become widespread until it did just that. The acid test of any anti-spam solution is workability. If it works, it will get adopted. Until it stops working or annoys too many users.

And who could ever get annoyed by pictures of kittens?

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

9 Years
Discussion Span
Last Post by happygeek

I think that everyone is so focused on spam being the problem that we're not realizing that the real underlying issue is that nobody can fathom a single question that a human would know the answer to but a computer wouldn't be able to figure out. Is that a good or bad thing, or have I just seen one too many science fiction flicks?


I think Clicking kittens would start to irritate me after the first couple of clicks.

I think its just 1 to many Sci Fi movies. Although i love the fact that we still are trying to create AI despite all these movies where it goes wrong. In this case its not a matter of a question that humans could answer but not a computer because the information is being given to the computer and then humans are extracting it and then telling the computer how to extract it on its own.


All this looking at pictures, whether they are cats, random words or whatever, is a good idea but it has one serious limitation.

This is discrimination - those using screen readers cannot 'see' the image, and those with poor eye sight or badly designed where it is difficult to 'read'.

If a screen reader 'reads' the hidden words does this mean that all of security would be of no use? Has this even been considered?


The screen reader problem has been considered and many sites with a HIP/CAPTCHA filter now offer audio to read the letters aloud.

Of course, photos of kittens could prove more problematical in this regard.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.