Skip to content flickr CAPTCHA test

Noticed on the web somewhere is using the flickr api to create a CAPTCHA test. Looks like they are using the flickr api to pull up a photo tagged with a convention that says “this is a photo of a single letter: r”.

Wouldn’t this be pretty easy to defeat? The JPG’s are being served from flickr – and a named like this: “114556884_45d6dd4ec4_s.jpg”. The first part of the filename is the photo id which you can pass to the flick API method Which returns all the tags (among other things) for the image – the “Rr” tag being the convention that says this is a photo of the letter R:

        <tag id="256536-114556884-484" author="95229107@N00" raw="Paris">paris</tag>
        <tag id="256536-114556884-6562" author="95229107@N00" raw="claudecf">claudecf</tag>
        <tag id="256536-114556884-17897" author="95229107@N00" raw="letter">letter</tag>
        <tag id="256536-114556884-67834" author="95229107@N00" raw="oneletter">oneletter</tag>
        <tag id="256536-114556884-6496" author="95229107@N00" raw="letters">letters</tag>
        <tag id="256536-114556884-8513" author="95229107@N00" raw="Rr">rr</tag>

They could prevent this by not revealing the image names in the HTML – by having their webserver read in the JPG and delivering it with a different filename.

Post a Comment

Your email is never published nor shared. Required fields are marked *