6 research outputs found
Making defeating CAPTCHAs harder for bots
For a number of years, many websites have used CAPTCHAs to filter out
interactions by bots. However, attackers have found ways to circumvent CAPTCHAs
by programming bots to solve or bypass them, or even relay them for humans to
solve. In order to reduce the chances of success of such attacks, CAPTCHAs can
be strengthened by the addition of certain safeguards. In this paper, we
discuss seven existing safeguards as well as five novel safeguards designed to
make circumventing CAPTCHAs harder. These safeguards are not mutually exclusive
and can add multiple layers of protection to a CAPTCHA. We further provide a
high-level comparison of their effectiveness in addressing the threat posed by
CAPTCHA-defeating techniques. In order to focus on safeguards that are usable,
we restrict our attention to those which have minimal adverse effect on the
user experience
One leak will sink a ship:WebRTC IP address leaks
The introduction of the WebRTC API to modern browsers has brought about a new
threat to user privacy. This API causes a range of client IP addresses to
become available to a visited website via JavaScript even if a VPN is in use.
This a potentially serious problem for users utilizing VPN services for
anonymity. In order to better understand the magnitude of this issue, we tested
widely used browsers and VPN services to discover which client IP addresses can
be revealed and in what circumstances. In most cases, at least one of the
client addresses is leaked. The number and type of leaked IP addresses are
affected by the choices of browser and VPN service, meaning that
privacy-sensitive users should choose their browser and their VPN provider with
care. We conclude by proposing countermeasures which can be used to help
mitigate this issue