We argue that the CAPTCHA in its current incarnation may be near the end of its useful life, and propose an alternative throttling mechanism to control access to web resources. We analyze our proposed solution against a collection of realistic adversaries and conclude that it is a viable approach. As a result of potential independent value, we describe heuristic tools to identify cookie theft, machine cloning attacks, and DNS poisoning attacks.
Jakobsson, M. CAPTCHA-free throttling. Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence (AISec 09); 2009 November 9; Chicago, IL. NY: ACM; 2009; 15-22.