Just for the hell of it, we actually threw together the site in yesterday’s comic.
I hope no hearts out there are broken, but it’s important to know these things. Bots can handle thousands of connections at once, so you don’t know who else your internet partner is chatting with. There’s nothing worse than a Turing Test coming back positive for chlamydia.
Currently down.
we broke it, I guess?
404′ing
Four-oh-four for me :(
Seems to work. For me, at least. Anyone else got through to the site?
I think there’s obvious vulnerability if the bot sends your partner URL to somebody else to solve for him? :)
It seems to me it would be more likely to give you Conficker.E than chlamydia.
@Ryan:
>>Don’t fall into the trap of believing that a spambot will never initiate a VK-Couples test! If your lover sends you a VK-Couples test, be safe and generate a second one to send their way, just to be truly sure.
If a bot were using you to answer someone else’s test, couldn’t they just send the second test you sent to the other person to get an answer?
tell me only the good things that come to mind about your mother
sending to image to someone is too complex. They’d just crack this blag, and make you solve it to post a comment.
Lisa’s already done it.
Sana’s right. To mediate the impact of that vulnerability, you should be able to enter your partner’s name in the test. That way, a third person (e.g. the other one fooled by the bot) can see it’s not their name in the test.
But undoubtedly there are better handshake systems imaginable, like both parties giving a random number incorporated in the test.
Perhaps a pair of re-captcha images? And a form to enter the names of both parties?
I noticed there is a section that states “Test started X minutes ago.” This would stop a bot from sending a VK recieved from party A to party B to be solved and then returned to part A. Party B would notice that the test hadn’t started 0 minutes ago, and would know they were actually looking at someone else’s test (party A’s test).
Of course, if the bot is fast enough and can send party A’s test to party B immediately, then party B would not know the difference. This would require a bit of luck though. I’m definitely giving this test to my family and friends.
or you could just lock it to the IP of the first person when enters the test after its creator (you also have to lock the images)
I got a 404 error too. Googling got me this test: http://vkcouplestesting.com/?7959171454265699157
Thank you for this. My wife and I are going to take this together later on.
http://en.wikipedia.org/wiki/Harriet_the_Spy_(film)
I like the reCaptcha idea too. You both have to answer a reCaptcha and the first one done gets a little “waiting for partner” graph with “likelihood of being human” on the vertical axis and time on the horizontal. The animated graph line drops as time increases, of course.
spriggig – And if the spambots learn to bypass VK Couples Testing, the “Recaptcha” graph have something of a Balmer Peak (ridiculously very) near the “0″ on the horizontal axis…
anon notes the weakness in his own method: if the bot has enough real people to fool, forwarding could be done fast enough.
pete275’s method is also not secure: the bot would most likely not even look at the page but just forward the link.
Both methods have one last flaw: the bot could copy the images and build a new page for his other user with the captcha images
Please will someone tell me what it says?
My happiness depends on it.
http://vkcouplestest.com/?3956499120550677246
DWizzy – you could build the name into the captcha itself. The only way to remove the name from the captcha would be to solve it. It could be like a ReCaptcha, one word is the captcha word, the other is your name or your partners name, obfuscated.
Anyone have an exploit for that one?
Can anyone explain to me how this actually works?
you could always, you know, use a webcam.
Hmm. The VKCouples test in the comic displays real words in the captcha while the website has random sequence… I think maybe the site is a fake or bot created.
Sorry to nitpic, but I looked at the HTML source code.
Table and center tags?
Really Randal? Really?
Somehow I feel let down by this…
@AtomicNoggin:
nitpick.
kthx
@Not a bot
HHGqK
@rosza
touché
What would be best would be a field where both answer both words – but they don’t see each other’s answer’s until the answers are both in.
Ah, this still has the flaw that a bot can still pass it on.
What if its restricted by IP address (i.e. you type in partner’s IP address – downfall is they could lie to you)? The problem with ‘locking’ is that the bot doesn’t actually need to view the link to pass it on. Added bonus you could do a love compatibility test based on IP address haha.
The only solution suggested so far is putting the names in. The site could have the main page asking for both names, and create a test ID from there.
So yeah…I used this test…between me and someone I had been chatting to online…
She wasn’t real…
I feel so ashamed…
This reminds me of a Neal Stephenson story, ‘Jipi and the Paranoid Chip’ http://www.vanemden.com/books/neals/jipi.html
fwiw, downing street just offered a formal apology for the inhumane way turing was treated after he came out (which, at that time, was “admitting” to a sexual congress and being convicted for it):
http://www.number10.gov.uk/Page20571
Needs a wetriffs update, if you ask me.
@Tim, Erich: Basshunter! \o/
Overlooked issue… As it stands, the site depends on the visual abilities of each partner to verify the results. This makes it unhelpful for Bots who wants to determine if their partners are real. They would need help from the system to confirm the results for them.
If you are bot you can pass the test to other chatter and get know the answer.
[...] finally, xkcd suggests a novel new use for [...]
Shake: I don’t know how this has been designed, but it doesn’t have to be that way, so if it *is* that way, that’s a design flaw. (There was a chatbot which did something similar a while back; it would pretend to be a human by sending the questions that it couldn’t understand to another human using the chatbot, forwarding real human responses as its own.)
The real vulnerability to captcha is captcha services. Any sufficiently popular captcha service could be relaying captchas that it has received from another service, in order to masquerade as a human when it isn’t one. You can possibly increase the popularity requirements with random several-minute wait times and a short time window to actually provide the captcha, but that doesn’t get you much.
A lesser protocol vulnerability comes when you imagine that this is a real service which lots of people need. For example, when you want to do a DNS lookup via the web, or when you want to know your own IP address, google searches will list many, many, many sites doing the same thing. If Bob is using a site of Alice’s choosing, how does Bob know that this service is reliable?
(Also an issue, but even less so: DNS attacks on the URL that Alice communicates to Bob.)
@Paul
Indeed, and the reliance on visual CAPTCHAs also currently limits the service to sighted persons.
I would say “just use reCAPTCHA”, but as far as I know their API does not provide for this particular usage, where the same CAPTCHA needs to be displayed to two parties for verification.
Then again, I suppose it doesn’t really need to. Each user could receive one reCAPTCHA and trust the service to authenticate the other user as human… but that amplifies the issue raised by Chris.
reCAPTCHA: “Company’s demote”
reCAPTCHA has poor grammar, evidently.
Is there a site for the reverse scenario. I’m a bot and I want to verify that my partner is also a bot. The other day she started talking about emotions she’d had. What should I do?