Securing cyberspace by outwitting today's bots

Puzzlebot is inspired by the utterly frustrating user experience of the CAPTCHA.

alt text

Yes, we've all seen these things before. And they're horrible. It often takes us multiple tries to correctly solve a CAPTCHA, and we never know our characters are correct until we hit the "submit" button. And if we're wrong and hit "submit", it's too late: we get a new image and have to start over.

What's even more maddening is that we're going through all this trouble in solving CAPTCHAs for nothing! Their intended purpose is to distinguish humans from web bots created by hackers to maintain the integrity of web-based resources. However, hackers have used machine learning techniques to create optical character recognition (OCR) algorithms to determine what the distorted CAPTCHA images say. Their OCR algorithms are so accurate that they effectively solve CAPTCHAs more efficiently than humans, thereby rendering current CAPTCHA systems utterly useless.

For example, Ticketmaster has had to abandon Google's reCAPTCHA since hackers were able to buy up all the tickets to a show and resell them at higher prices to consumers. This should have been prevented by CAPTCHAs, so only human users (and not web bots created by hackers) could have a chance to purchase tickets for the show in time, but the OCR algorithms used by the bots made it so that the CAPTCHAs only served to put real human users at a disadvantage.

So what's the solution?


Puzzlebot is a much more secure service that replaces CAPTCHAs while providing a much better user experience. Instead of squinting at squiggly characters in an image, users put together a jigsaw puzzle with square pieces.

alt text

According to our current research in computer vision, this human authentication scheme is a lot more secure than traditional CAPTCHAs. Furthermore, over 70% of users who took a survey of our web-based client side prototype (found here) reported that Puzzlebot was more fun, easier, and more appealing than traditional CAPTCHAs. They also reported that Puzzlebot was less frustrating because when they solved the puzzle, they would have no doubt that their solution was correct before submitting.

Overall, Puzzlebot is a much better CAPTCHA system which we hope will completely replace CAPTCHAs in the future.

Great! Who's adopting first?

We believe that Puzzlebot provides the greatest value in authenticating mobile apps. That's because nobody wants to zoom in on a CAPTCHA on a small screen to squint at the characters, and then pull up the on-screen keyboard to type it all in. They want to be able to look at it without any eye-strain, in a relaxed posture. They want to be able to solve the puzzle with one hand, not two. They want something nice, something pretty. They want Puzzlebot.

So, we first hope to market Puzzlebot in the mobile app market. Great first adopters would include social media sites such as Snapchat (who has had a poor history with CAPTCHA authentication... see this news article), or other financial transaction apps such as Venmo. We will provide the most value to these companies and their users as Puzzlebot will be the best way to confirm a user's identity as a human in a phone's user interface.

I'm sold. How are you going to make it all happen?

We've made good progress in developing Puzzlebot so far. Obviously, we created the prototype (which we distributed in our survey) using client-side technologies such as HTML5 Canvas, Fabric.js, and others. We also devised an application architecture for the whole authentication system, and are starting to build the server side services using Node.js, MongoDB, and Redis.

Furthermore, we garnered a $10,000 seed grant from the Conrad Foundation for the Spirit of Innovation Challenge. We are putting our grant money to good use by applying for a patent, deploying Amazon web servers, buying website domains and certificates, and upgrading our Github accounts to make private repositories, etc. Our next step is to increase publicity for Puzzlebot and to continue to developer our whole authentication service so we can go into production.

Share this project: