Por los pelos…
Hace un par de años, estrenaba el blog de wintercore explicando una técnica para romper captchas de audio, y la demostraba rompiendo la de GMail. Tuvo cierta repercusión saliendo en portada de slashdot.org y eso.
El caso es que tiempo después, me contactó alguien en nombre de una empresa ‘legal'(registrada) de Nevada(EEUU), usando para ello un email «puente» de un dominio registrado en Canada.
Me proponÃan una cosa curiosa…
Hello,
I am interested in a solution to breaking reCaptcha’s audio captcha as
found on Ticketmaster.com I want to get 30% accuracy with 1 second or
less processing time. A programmer I have worked with previously has
achieved 10% accuracy and under 1 second processing time. If you
provide consulting services that is also something we would be
interested in. Please contact me if you can do this project.With Respect,
—-
Mi respuesta fue la siguiente
Hello —–,
We have no reference about your company. We do not support any kind of illegal activies. Unless you can demonstrate that your company is a trusted entity we cannot going forward into this issue.
Regards.
A lo que me respondió
Hello,
My company is an established LLC in Nevada. You should be able to verify that, but if not, I can help you figure out how to search the state records. It is not illegal to have an automated way to decipher a captcha. I hope we can discuss this matter further.
With Respect,
«Quizá soy demasiado paranoico» pensé, asi que intenté ser más educado y ver qué habÃa realmente detrás del tema.
Hello,
Sorry if we were too rude but we receive, on a regular basis, requests to develop projects which are either barely legal or simply illegal.
You are right, there is nothing illegal in breaking a captcha, in fact as you probably know we released a method to do so. However, breaking captchas in an automated way is usually exploited to send unwanted emails and that kind of activities.
We do not want to be involved, neither directly nor indirectly, in those issues. We have no doubt that your company is legally registered, but our concerns are on the final usage of the technology we develop. Obviously, you are not required to disclose the purpose of your project but we need to verify that our work is not going to be used to harm users.
Regards.
Esta fue su respuesta:
No your work would not be used to harm users. As you may know, the
reCaptcha solution is one of the strongest available. In particular,
Ticketmaster’s is modified to be even stronger. Our business is testing
the strength of the captcha before implementing reCaptcha. Your ability
to break the captcha would lead us to try different methods. This is
all I can say on this matter. I hope that is sufficient.With Respect,
Os confieso que estuve tentado de aceptar el reto, pero como este último mail cantaba mucho y no me inspiraba ninguna confianza decidà zanjar el tema.
Hello —-,
We have decided not to go further with this matter. Anyway thanks for writing.
Regards.
Curiosamente mencioné esta «anécdota» en una entrevista recientemente. Pues bien, hace escasos minutos a través de twitter me llegó esta noticia.
http://www.nj.com/news/index.ssf/2010/03/wiseguy_tickets_is_accused_of.html
Reconozco que me dió un pequeño vuelco el corazón,eran los mismos fulanos. Y se han comido todo el tinglado.
Si hubiera aceptado ahora mismo estarÃa camino de dormir con el polilla, finálmente.
Pase lo que pase, no hay que dejarse tentar por el dinero «fácil». No se suele acabar bien.