Virtual sweatshops versus CAPTCHAs

KolotiBablo, a Russian service, pays workers in China, India, Pakistan, and Vietnam to crack CAPTCHAs -- it's a favorite of industrial scale spammers. This company's fortunes represent an interesting economic indicator of the relative cost of labor (plus Internet access and junk PCs) in the poorest countries in the world, versus skilled programmer labor to automate CAPTCHA-breaking (or automating a man-in-the-middle attack on CAPTCHAs, such as making people solve imported Gmail account-creation CAPTCHAs in order to look at free porn).

Paying clients interface with the service at antigate.com, a site hosted on the same server as kolotibablo.com. Antigate charges clients 70 cents to $1 for each batch of 1,000 CAPTCHAs solved, with the price influenced heavily by volume. KolotiBablo says employees can expect to earn between $0.35 to $1 for every thousand CAPTCHAs they solve. The twin operations say they do not condone the use of their services to promote spam, or “all those related things that generate butthurt for the ‘big guys,’” mostly likely a reference to big free Webmail providers like Google and Microsoft. Still, both services can be found heavily advertised and recommended in several underground forums that cater to spammers and scam artists.

Virtual Sweatshops Defeat Bot-or-Not Tests

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: labor • security • web theory

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

togi

I would suck at this job. Does anyone else find CAPTCHAs both rather difficult and quite stressful?

I mean, if I get it wrong, does that mean I’m a replicant and I was never told? Am I just another ‘Rachael’?! IS BLADE RUNNER TRUE?!
- Yacko
  
  Those adept at an Asian language may be far better at discerning symbols than eyes accustomed to Western characters.
  - tkdgns
    
    [citation needed]
Ripcord2

‘The twin operations say they do not condone the use of their services to promote spam, or “all those related things that generate butthurt for the ‘big guys,’”‘
I’m curious – is there ANY use for this service that wouldn’t be, at the very least, pretty shady?
- User 100
  
  If they would sell their services as a browser plugin, so I could use their manpower to solve those CAPTCHAs for me, I’d be a happily paying customer…
  - Aneurin Price
    
    Absolutely. It’s crazy how many things require a CAPTCHA these days. Last week I bought something from play.com (I don’t recommend them BTW) and noticed that, once you’ve logged into your account (which you *have* to create to buy something from them), if you want to edit any of your details you have to type in your password and solve a CAPTCHA. WTF? Were they worried about how often bots were logging in as registered users and changing their details? What were they thinking?
    
    I suspect they were just thinking that any page which includes a password prompt must also include a CAPTCHA, since that’s the fashion. Bonus points if you need to go through a dozen just to find one that’s plausibly solvable by a human being.
EH

I wish the Strafor-type crackers would turn their attention to this world.
ROSSINDETROIT

Solve 1,000 CAPTCHAS and make between $0.35 and $1? Seriously? The electricity to run a computer to solve 1,000 CAPTCHAS has to cost more than $0.35.
- jandrese
  
  I think that’s what they’re paying the third world wage slave workers. They probably resell the accounts created with the work of those people for a lot more.
  - ROSSINDETROIT
    
    This is pretty clear, but I’ll quote half of the clip here:
    “Antigate charges clients 70 cents to $1 for each batch of 1,000 CAPTCHAs solved, with the price influenced heavily by volume. KolotiBablo says employees can expect to earn between $0.35 to $1 for every thousand CAPTCHAs they solve.”
    
    Even if the labor was free, solving the CAPTCHAS manually requires some kind of technology and electricity. $0.35 doesn’t buy much even in the third world. I’m not comparing to first world expectations of earnings. I’m comparing to the minimum cost to provide the resources to do the work.
- kartwaffles
  
  Cost of electricity and cost of labor are not the same thing. The advantage to using humans is that they can adapt new CAPTCHAs easily.
  - ROSSINDETROIT
    
    It says that they pay the workers between $0.35 and $1 for 1000 hits. Then they charge the client the same range of prices. That sounds wrong for a profitable business. Unless most of the producers are earning $0.35 and most of the clients are paying $1.
    The electricity cost was a comment on the worker side. Could you afford to run a computer if you were making $0.50 for every 1000 operations? Labor is cheap, but it’s not the only factor. The people deciphering the CAPTCHAS still have to pay for the technology they use. I’m assuming that people don’t have free computers, electricity and connectivity.
    - wrybread
      
      Its a really good point, but maybe they’ve worked out an interface that’s so fast and efficient that 1000 captchas can be solved in an hour. Imagine hitting return on a solved captcha and being immediately presented with a new captcha. At that speed, I could imagine solving 1000 an hour. It would thoroughly suck to do, but might be possible.
      - extra88
        
        Of course it sucks, any transcription job sucks. I think 1000/hr. is doable. I don’t think the solvers are presented with one CAPTCHA at a time, I think they have a screenful of them so they write all their answers and hit Return once. Or the interface could use JavaScript to automatically submit their answer as soon as the tabbed out of the text field and present the next one immediately below the one they tabbed into.
    - http://www.jimdraws.com Thorzdad
      
      I suspect that the labor price range tends to stay firmly down on the low end while the client price range tends to stay toward the top end.
- extra88
  
  I think you’re overestimating the cost of electricity, the speed of CAPTCHA solving, or both. 1000 CAPTCHAs/hr would be ~17/min. 33 words/min. is an average transcription speed but you’d expect CAPTCHA transcription to be slower. Maybe 1000/hr. is only achieved by the more experienced or talented solvers.
  
  For electricity, say the average desktop plus display uses 200W (a laptop would be well under 100W), how much does its electricity cost? Wikipedia says $0.11/kWh in the US, $0.16/kWh in China, and $0.05/kWh in Pakistan. So in China that computer costs 3.2 cents (US) per hour to run (200/1000*.16). You’d have to be solving CAPTCHAs at only 100/hr. for electricity to eat up the fee.
  
  Also keep in mind theft of electricity is rampant in some parts of developing countries so the cost to the computer operator is nothing or the cost of bribes which are presumably less than legitimate service.
hadlockk

We used an SEO metrics program (almost 2 years ago) that took advantage of a service like this. Every 100 or so pages google would throw up a captcha to see if it was automated. Our software would screencap the captcha and send it off to a third party to do the captchas (instead of sitting at the computer and typing them in every 15 seconds or so). This allowed us to automate the whole process and get daily SEO metrics on both our site and nine of our top competitors.

What blew me away was that not only did they have an integrated google captcha response interface in the program, but that there was a 3rd party captcha API they used with one of their partners to help you out.
corydodt

This reminds me of Anda’s Game, and gives me a similar emotional reaction. People really NEED this work? That’s horrifying.

Of course, this can be used for acts much more heinous than getting a leg up in a virtual game.
- extra88
  
  At least the worst that can happen is terrible RSI. It’s better than the recycling/processing of hazardous waste, including electronics, where you can not only suffer injuries but are exposed to materials that will poison you. Then there’s the garbage pickers.
http://halfbakedmaker.org Robert Baruch

On the forum I run, I set it so that I had to manually approve each person. Without any automated delete, I had to deal with something like 50 spammers per day trying to register. With a CAPTCHA, I had to deal with… 50 spammers per day. CAPTCHAs are solved.

Then I added a timezone (where the first choice was invalid, and an automatic delete) and a random non-mathematical question like, what is the third word in this sentence. Then I only had to deal with 5 spammers per day.

To make it easy to find them, I also added a free-form question, why do you want to join this forum? And the default value I set to “Delete Me”. I get probably one spammer per day who wants me to delete them.

Other typical spammer answers:

For SEO. (really? The most honest spammer in the world!)
For posting purpose.
Information.
Knowledge.
I like this site.
I want to know.