CAPTCHA-solving sweatshops

I get pretty bristly when I think about people being paid to make annoying stupid and illiterate comments on blogs. They do this in the hope you will approve their comments, which will give them a link from your site to theirs.

Most comments are not sent to your site by individuals, however. They arrive as a result of automated spambots. A company selling Viagra, for example, might write a general comment that can be sent to any site, such as, “I love your site so much, you are the best writer”. Somewhere in the comment there will also be a link to a site selling Viagra. If you approve the comment, which many people do because they are flattered and don’t notice the link, they now have a link from your site to theirs, which helps increase their page rank in Google. (Many people don’t even approve their comments. Their WordPress sites are left open to accept unapproved comments from anyone.)

However, before that comment can be submitted to you, the sender of the comment has to read and re-type the CAPTCHA code – that series of squiggly letters and numbers just above the “Submit” button. Since most comment spam is automated, and since automated spambots cannot read or re-type CAPTCHA codes, these companies use the services of other companies who hire real humans to decipher CAPTCHA codes. Once they have deciphered the code on your site, your site becomes one of thousands that can be re-sold in packets.

All over the world, especially in India, Malaysia, China and Russia, there are tens of thousands of non-English speaking workers hired for a pennies a day to decipher the CAPTCHA codes on WordPress comment forms.

With the going rate ranging from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAs, a really fast worker can make $2 to $3 a day. Imagine deciphering 1,000 CAPTCHAs in one day, then doing it again for the next 365 days. International CAPTCHA-solving teams are effectively sweatshop labor, where people — especially young children — will just sit and be given these images to solve and will type them in all day.

In India, major CAPTCHA-solving companies openly advertise that they can crack CAPTCHA codes. They sell their services in turn to companies selling not only drugs like Viagra but search engine optimization (SEO) sites, sites selling vitamins, cosmetics and shoes, and hundreds of other types of businesses who can profit from getting their web link on your site.

Typical newspaper ads in India read:

I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality

Hello Sir, I will kindly introduce myself.. This is Shivakumar. We have a team to type capcthas 24/7 and we can type more than 200k captchas per day

WE ARE PROFESSIONAL CAPCHA ENTRY OPEATORS AND WE CAN DO EVEN 25000 ENTRIES PER DAY AS MY COMPANY IS A 25 SEATER FIRM SPEALISED IN DATA ENTRY

In Bangladesh at this very minute, a team of international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook’s CAPTCHA scripts, promising to deliver 250k solved CAPTCHAs per day on a “$2 for a 1000 solved CAPTCHAs” basis.

It’s a losing battle for the well-intentioned WordPress sites of the world. The only protection is to ensure you have checked off “Administrator must always approve comments” under Discussion in your General Settings. Then check your Comments regularly and immediately delete any spam comments that appear.

Sources:

http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835

http://www.nytimes.com/2010/04/26/technology/26captcha.html?src=me&ref=technology

http://www.npr.org/templates/story/story.php?storyId=130594039

Share