Legacy ImageMagick Discussions Archive

Hello everyone!

I want removal vertical lines in image captcha...

Original Image:
http://imgur.com/nsoxzbk


I run this code:

convert /var/www/codigo.jpg -threshold 50%% -monochrome /var/www/codigo.jpg


New Image:

http://imgur.com/6rqoTmt


any idea to solve this... :/

I won't help. Search "captcha" in this forum for reasons.

I do not think anyone in this forum will help to break captchas.

I would help if I knew the answer. Captchas are unethical. It's wrong to put humans to work for machines -- should be the other way around. Captcha solving is no work for a human. And it fails the objective it was meant for. Abusers/spammers are hiring Indian labor to solve captchas for $0.01 per captcha, cheap enough to be worth it for a spammer, while creating the worst kind of non-rewarding menial job market possible.

Today's captchas mostly damage civil liberties by blocking Tor users. They also discriminate. Users with mother tongues not based on latin alphabets are considerably disabled when it comes to captchas. Many captchas *force* the visitor to run non-free software (unwelcome javascript).

We should be doing everything possible to break captchas, so website owners can move on to finding ethical and more effective methods to separate normal use from abuse. I've heard some captchas have been broken (where the machine solves them better than the man).

I also hate captcha. As a user, I don't mind the "what is four plus five" kind, but I really hate the noisy image type. I find these difficult to solve. Why are they difficult? Because robots are getting smarter.

So it isn't in my interest to help robots get smarter.

I also spend some time each day removing spam from this forum. I don't know if robots have been used but, again, it isn't in my interest to help robots get smarter.

It's clear you're approaching this from an image processing background, when the matter is really infosec-centric. When it comes to security, tools can be used for good and for evil, and attacks on tools can also be done for good for for evil. You don't get to choose whether good or evil is in play here. For example, encryption can be used by criminals to facilitate a criminal operation, or it can be used to protect doctor-patient communication. Breaking encryption also. Encryption can be compromised to prevent a physical attack, or it can be compromised to steal financial data.

When a security researcher tries to defeat a security tool, they may very well be trying to defeat their own tool (or a clients tool at the clients request), precisely to test the fitness of the tool. It does not make the least bit of sense to presume that someone asking a straight-forward question about breaking a security mechanism is doing something nefarious. If the user is trying to do "good", then blocking them is inherently evil. This includes captchas. How do you know if a safe is any good, if no one tries to breech it?

Attacking a security tool is /exactly/ how quality is assessed. By hindering a researcher from this effort, it actually undermines security by blocking acquisition of evidence used to appraise the fitness of the tool.

It's also not a good idea to answer the OP as if he is the only user in need of support. This thread will be indexed by search engines, and other security researchers will hit the same dead-end. Moreover, it disservices anyone who needs to remove vertical lines from an image. E.g. if the drum of someones laser printer has a defect typical of a drum that reaches the end of its life, it will produce documents with vertical lines. Those who scan documents from that printer could have benefited from this thread. But instead, someone presumed that someone else was doing something nefarious, based on an unsubstantiated wild guess, so everyone else is denied the answer.

I am just doing some research atariZen please can you let me have your credit card details.

Without knowing the actual intentions of the OP, then it is better to respond on the safe side and not help.

Even if I thought the OP had honourable intentions, I wouldn't help for reasons I've explained a few times. I won't contribute to the captcha arms race.

Of course, the assistance I provide in these forums and my web pages can be used for purposes I might like or dislike. That's obvious. But I won't assist when I know I disapprove of the purpose.

From an image-processing perspective, the original problem is trivial and the obvious solution has no relevance to old laser printers. A search on "remove vertical lines" returns many threads that provide various solutions to the general problem.

snibgo wrote:Even if I thought the OP had honourable intentions,

Which should be the assumption here.

snibgo wrote: I wouldn't help for reasons I've explained a few times. I won't contribute to the captcha arms race.

You've unwittingly taken a stance against humanity. The status quo is a loss for humans. Machines are putting man to work. Progress on the arms race is in fact the only way out of it.

Perhaps it would help you to know where progress in the arms race is heading. While it's fools who produce captchas, and also fools who solve them (manually), progress will be made toward a "proof of work" model, where the client tool must perform some computation before access is granted. It's similar to crypto-currency mining technology. In this model, machines are working for man, not the other way around (your status-quo stance promotes man working for machine). When a spammer tries to attack a service that uses the "proof of work" method, his machines must work too long to justify his goal. IOW, his volume becomes limited by computational power to the extent that it's not worthwhile. Compared to captchas, where it's already worth it to a spammer to pay an Indian sweat shop 1 penny per captcha.

snibgo wrote: But I won't assist when I know I disapprove of the purpose.

This presumes you know the purpose. Someone who uses imagemagick to create a captcha would be a fool not to also use imagemagick to reverse the process. Not testing ones own security tool would be like a firewall maker neglecting to pen-test their own product, and then hoping no one notices. You have no idea if the OP is defeating his own captcha, or someone else's.

snibgo wrote: From an image-processing perspective, the original problem is trivial and the obvious solution has no relevance to old laser printers.

How so? The vertical lines on the OPs image don't seem to differ significantly from the vertical lines on a document printed from a defective drum.

atariZen wrote:You have no idea if the OP is defeating his own captcha, or someone else's.

Even if that were true, it would make no difference. I won't help either side.

atariZen wrote:The status quo is a loss for humans.

Agreed. It is increasingly difficult for me to pass these inverse-Turing tests where I have to persuade a computer that I'm not a computer.

atariZen wrote:Progress on the arms race is in fact the only way out of it.

I'll be delighted when some alternative mechanism removes the problem. I don't share your faith that increasing the difficulty of captchas for both humans and computers will do so.

Why should we assume the actual intent is honorable? As snibgo has said, there are plenty of available resources out there that can be Googled. If this is honorable research, then those people would already be experts or very knowledgeable already and would not need our help or could use existing research and techniques to do the job. I do not think a public forum should take a chance on the actual intentions of the person posting. Better to err on the side of security. My opinion.

If someone you did not know came to your door and asked if he could have the key to your parents home or apartment to see if it fit, would you give it to them? I doubt it. But if you were approached by the known maintenance person or a relative, you probably would give him your key. Make the person validate himself, before risking security.

snibgo wrote:

atariZen wrote:You
have no idea if the OP is defeating his own captcha, or someone
else's.

Even if that were true, it would make no difference. I won't help either
side.

When you said "I won't assist when I know I disapprove of the purpose," it was ambiguous. I thought you meant to disapprove of the purpose of breaking captchas, when in fact you really meant to disapprove of advancement of the arms race on both sides, correct? Is this why you now say there's no moral difference between defeating ones own captcha and someone else's?

snibgo wrote:

atariZen wrote:The status quo is a loss for humans.

Agreed. It is increasingly difficult for me to pass these inverse-Turing
tests where I have to persuade a computer that I'm not a computer.

That's not agreement. I said the status quo is a loss for humans. You said you agree, but then immediately argued against the advancement of security -- IOW, in favor of the status quo.

snibgo wrote:

atariZen wrote:Progress on the arms race is in fact the only way out
of it.

I'll be delighted when some alternative mechanism removes the problem. I
don't share your faith that increasing the difficulty of captchas for
both humans and computers will do so.

No "faith" needed. It's already happened. The distorted text variety of captcha has already been superceded by images that are easier for the human and more difficult for machines. E.g. "click on all the images that contain street signs." More progress is still needed, but the mutual increase in difficulty for both humans and bots is already behind us.

fmw42 wrote:Why


should we assume the actual intent is honorable? As snibgo has said,
there are plenty of available resources out there that can be Googled.

The answer to your own question is right there in the next statement.

Malicious hackers do opsec and they also social engineer. They're far
more sophisticated than you realize. If a blackhat enters this forum to
obtain information to facilitate a malicious operation, you won't know
it. They are skillfully meticulous in how they mask what they're doing -
it's essential to their task. You won't have any idea that a captcha
is involved. You also won't be able to identify the OP simply by
searching their alias.

The 2nd part to "Why should we assume the actual intent is honorable?"
requires us to address the elephant in the room: this "Lord of the
Flies" idea that man is innately evil. Having a presumption of evil in
the absence of proof to the contrary diminishes the quality of a forum.
Withholding information reduces knowledge that can be acquired from a
forum. Someone searching for how to remove vertical lines from an image
isn't helped by posts containing (potentially false) accusations of
wrongdoing. Without trying
to turn around the "Lord of the Flies" philosophy, the value a forum
brings is what matters here.

fmw42 wrote: If this is honorable research, then those people would already be
experts

Security experts at best, not image processing experts. But it's also
wrong to presume a security researcher isn't a novice. They all start
somewhere, but unlike novice blackhats, they don't have to lurk, they
can just bluntly ask their question point blank.

fmw42 wrote: or very knowledgeable already and would not need our help or
could use existing research and techniques to do the job.

Not in the slightest. You describe a minority of cases. If any web
admin wants to create a captcha for their website and test it, they are
most likely substantially less knowledgeable about this topic than a
blackhat doing an attack operation. This is precisely the type of user
to call on this forum for help. Web admins generally would not need to
hide what they're doing. But as a practical matter, they would, because
they can see from this thread that they would be accused of wrongdoing,
by default.
So you're putting legitimate¹ users in a position of having to be
sneaky.

1) of course, "legitimate" implies that (unlike snibgo) you consider it
legitimate for a captcha creator to test their own tool.

fmw42 wrote: I do not think
a public forum should take a chance on the actual intentions of the
person posting.

You're taking a chance either way. Here you've opted to take a chance
on the assumption that man is innately evil, and that gamble has
consequences:
1) driving off a legit imagemagick user who prefers not to be nannied
2) causing legit users to create a false scenario to avoid the
presumption of malice trap
3) reducing the quality of information
4) blocking progress toward a humane replacement for distorted text
captchas
5) hindering creation of legit (non-spamming) humanitarian robots (e.g.
legally scraping Ryanair's website, as skyscanner.net does, or that of a search engine building an index)

fmw42 wrote: Better to err on the side of security. My opinion.

To be clear, it's anti-security to hinder discussion of creating or
breaking a security mechanism.

fmw42 wrote: If someone you did not know came to your door and asked if he could have
the key to your parents home or apartment to see if it fit, would you
give it to them?

What do you mean "see if it fit"? You mean to see if the key fits?
I've done that test already. What would the point be?

A more interesting question is if I would hire a locksmith to defeat my
lock. Yes I would, if the cost justified the assets I'm protecting. I
wouldn't just want a locksmith who can install locks (or a web admin who
only knows how to create captchas). I want a locksmith who can defeat
them too, so that I know what a criminal is up against.

Would the locksmith be a total stranger? Most likely. The locksmiths
that I know personally don't operate where I have assets.

fmw42 wrote: Make the person validate himself, before risking security.

The OP only needs to validate himself to his customer. And that's a
good thing. Infosec would take a global hit if security information
were blocked, and only available to those with no sense of privacy (a
fundamental basis of security itself).

You are just being a pain atariZen; people made a decision whether to help the OP and decided not to.

You have explained your thoughts on the subject why not give it a rest now?