ABSTRACT
This paper presents 'For Human Eyes Only' (FHEO), our Firefox extension that enables one to conveniently post online messages, such as short emails, comments, and tweets in a form that discourages automatic processing of these messages. Similar to CAPTCHA systems, FHEO distorts the text to various extents. We provide a security analysis of its four default distortion profiles as well as a usability analysis that shows how these profiles affect response time and accurate understanding. Our results illustrate the security/usability tradeoffs that arise in the face of adversaries that use current, off-the-shelf optical character recognition technology in order to launch a variety of attacks. Two profiles, in particular, achieve a level of protection that seems to justify their respective usability degradation in many situations. The 'strongest' distortion profile, however, does not seem to provide a large additional security margin against the adversaries we considered.
- The Digital Millennium Copyright Act. Pub. L. no 105-304, 112 Stat 2860, Oct. 1998.Google Scholar
- A. S. E. Ahmad, J. Yan, and M. Tayara. The robustness of google CAPTCHAs. Technical report, School of Computer Science, Newcastle University, UK, May 2011.Google Scholar
- F. Beato, M. Kohlweiss, and K. Wouters. Scramble! your social network data. In S. Fischer-Huebner and N. J. Hopper, editors, Privacy Enhancing Technologies - 2011st International Symposium, PETS 2011, volume 6794 of Lecture Notes in Computer Science, page 15, Waterloo,ON,CA, 2011. Springer-Verlag. Google ScholarDigital Library
- T. Besenyei, Ádám Máté Földes, G. G. Gulyás, and S. Imre. StegoWeb: Towards the ideal private web content publishing tool. In Proceedings of the fifth international conference on emerging security information, systems and technologies (SECURWARE 2011), pages 109--114. IARIA, 2011.Google Scholar
- C. M. Bishop. Pattern Recognition and Machine Learning (Information Science and Statistics). Springer-Verlag New York, Inc., Secaucus, NJ, USA, 2006. Google ScholarDigital Library
- E. Bursztein, M. Martin, and J. C. Mitchell. Text-based CAPTCHA strengths and weaknesses. In Y. Chen, G. Danezis, and V. Shmatikov, editors, Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, Chicago, Illinois, USA, October 17-21, 2011, pages 125--138. ACM, 2011. Google ScholarDigital Library
- K. Chellapilla, K. Larson, P. Y. Simard, and M. Czerwinski. Computers beat humans at single character recognition in reading based human interaction proofs (HIPs). In CEAS 2005 - Second Conference on Email and Anti-Spam, July 21-22, 2005, Stanford University, California, USA, 2005.Google Scholar
- T. Fawcett. An introduction to ROC analysis. Pattern Recognition Letters, 27(8):861--874, 2006. Google ScholarDigital Library
- P. Golle. Machine learning attacks against the Asirra CAPTCHA. In L. F. Cranor, editor, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15-17, 2009, ACM International Conference Proceeding Series. ACM, 2009. Google ScholarDigital Library
- S. Guha, K. Tang, and P. Francis. Noyb: privacy in online social networks. In Proceedings of the first workshop on Online social networks, WOSN '08, pages 49--54, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- M. Hollander and D. A. Wolfe. Nonparametric Statistical Methods, 2nd Edition. Wiley, Jan. 1999.Google Scholar
- P. Holtz and W. Wagner. Muslimische Lebenswelten im Kontext: muslimische Internetforen und Fokusgruppen mit jungen Muslimen (Chapter 4). http://www.bmi.bund.de/SharedDocs/Downloads/DE/Broschueren/2012/junge_muslime.pdf, last accessed on March 1st, 2012, Bundesministerium des Innern, Alt-Moabit 101 D, 10559 Berlin.Google Scholar
- C. W. J. Jennings. Speed-accuracy tradeoff functions in choice reaction time: Experimental designs and computational procedures. Attention, Perception, & Psychophysics, 19:92--102, 1976.Google Scholar
- M. Kay and M. A. Terry. Textured agreements: re-envisioning electronic consent. In L. F. Cranor, editor, Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS 2009, Mountain View, California, USA, July 15-17, 2009, ACM International Conference Proceeding Series. ACM, 2009. Google ScholarDigital Library
- R. J. Larsen and M. L. Marx. An introduction to mathematical statistics and its applications. Pearson, 2012.Google Scholar
- V. I. Levenshtein. Binary Codes Capable of Correcting Deletions, Insertions and Reversals. Soviet Physics Doklady, 10(8):707--710, 1966.Google Scholar
- S. Li, S. A. H. Shah, M. A. U. Khan, S. A. Khayam, and A.-R. Sadeghi. Breaking e-Banking CAPTCHAs. In C. Gates, M. Franz, and J. P. McDermott, editors, Twenty-Sixth Annual Computer Security Applications Conference, ACSAC 2010, Austin, Texas, USA, 6-10 December 2010, pages 171--180. ACM, 2010. Google ScholarDigital Library
- Y. Li and B. Liu. A normalized Levenshtein distance metric. IEEE Trans. Pattern Anal. Mach. Intell., 29(6):1091--1095, 2007. Google ScholarDigital Library
- A. M. McDonald and L. F. Cranor. Americans' attitudes about internet behavioral advertising practices. In E. Al-Shaer and K. B. Frikken, editors, Proceedings of the 2010 ACM Workshop on Privacy in the Electronic Society, WPES 2010, Chicago, Illinois, USA, October 4, 2010, pages 63--72, 2010. Google ScholarDigital Library
- M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G. M. Voelker, and S. Savage. Re: CAPTCHAs-Understanding CAPTCHA-Solving Services in an Economic Context. In 19th USENIX Security Symposium, Washington, DC, USA, August 11-13, 2010, Proceedings, pages 435--462. USENIX Association, 2010. Google ScholarDigital Library
- A. Pashalidis, N. Mavrogiannopoulos, X. Ferrer, and B. Bermejo Olaizola. For Human Eyes Only: Security and Usability Evaluation. COSIC internal report 2258, KU Leuven, 2012.Google Scholar
- D. L. Schnipke and D. J. Scrams. Representing response-time information in item banks. Law School Admission Council, 1999.Google Scholar
- M. J. J. Scott, M. Niranjan, and R. W. Prager. Realisable classifiers: Improving operating performance on variable cost problems. In J. N. Carter and M. S. Nixon, editors, Proceedings of the British Machine Vision Conference 1998, BMVC 1998, Southampton, UK, 1998, pages 304--315. British Machine Vision Association, 1998.Google ScholarCross Ref
- L. J. Skitka and E. G. Sargis. The internet as psychological laboratory. Annual Review of Psychology, (57):529--555, 2006.Google ScholarCross Ref
- R. Smith. An overview of the Tesseract OCR engine. In 9th International Conference on Document Analysis and Recognition (ICDAR 2007), 23-26 September, Curitiba, Paraná, Brazil, pages 629--633. IEEE Computer Society, 2007. Google ScholarDigital Library
- R. Smith, D. Antonova, and D.-S. Lee. Adapting the Tesseract open source OCR engine for multilingual OCR. In Proceedings of the International Workshop on Multilingual OCR, MOCR '09, pages 1:1--1:8, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- H. Suh. A Study of Bayesian Estimation and Comparison of Response Time Models in Item Response Theory. PhD thesis, University of Kansas, April 2010.Google Scholar
- W. J. van der Linden. A lognormal model for response times on test items. Journal of Educational and Behavioral Statistics, 31(2):181--204, 2006.Google ScholarCross Ref
- W. J. van der Linden and R. K. Hambleton. Handbook of modern item response theory. Springer, 1997.Google ScholarCross Ref
- J. Yan and A. S. E. Ahmad. A low-cost attack on a Microsoft CAPTCHA. In P. Ning, P. F. Syverson, and S. Jha, editors, Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, Alexandria, Virginia, USA, October 27-31, 2008, pages 543--554. ACM, 2008. Google ScholarDigital Library
Index Terms
- For human eyes only: security and usability evaluation
Recommendations
Your digital image: factors behind demographic and psychometric predictions from social network profiles
AAMAS '14: Proceedings of the 2014 international conference on Autonomous agents and multi-agent systemsWe demonstrate how information gathered from social network profiles can be used to predict personal attributes such as gender and age, religious and political views, intelligence, happiness and personality traits. Our approach is based on applying ...
Identifying the influential bloggers in a community
WSDM '08: Proceedings of the 2008 International Conference on Web Search and Data MiningBlogging becomes a popular way for a Web user to publish information on the Web. Bloggers write blog posts, share their likes and dislikes, voice their opinions, provide suggestions, report news, and form groups in Blogosphere. Bloggers form their ...
Predicting Dark Triad Personality Traits from Twitter Usage and a Linguistic Analysis of Tweets
ICMLA '12: Proceedings of the 2012 11th International Conference on Machine Learning and Applications - Volume 02Social media sites are now the most popular destination for Internet users, providing social scientists with a great opportunity to understand online behaviour. There are a growing number of research papers related to social media, a small number of ...
Comments