Share on Facebook Tweet on Twitter Share on LinkedIn Share by email


ASIRRA - Frequently Asked Questions

What is Asirra?

A human interactive proof (HIP) that web sites can use to ensure their users are humans, not bots (automated scripts). Asirra asks users to identify photographs as either cats or dogs.

Who developed it?

John Douceur, Jeremy Elson, and Jon Howell, from Microsoft Research's Distributed Systems Research Group, in collaboration with Jared Saul, founder of

Who can I contact for more information?

For inquiries, please contact .

Why would I want to use it on my web site?

We think it's easier and more fun for users than trying to identify warped characters. Our user studies suggest that most users can expect to solve the HIP in 20 to 30 seconds. Many solve it more quickly.

How can I use Asirra on my web site?

I'm afraid you can't. Asirra closed in 2014.

How much did Asirra cost?

Nothing. It was free.

Is it secure?

Not any more. Please see our security discussion.

Is it accessible?

Aisrra is not meant to be an alternative to all HIPs, only visual HIPs. Accessible websites, such as Microsoft's Hotmail signup page, typically have both a visual and audio HIP. Asirra is only meant as an alternative to the warped letters, but is orthogonal to accessible alternatives such as Hotmail's audio version of dictated digits.

Will it work for my users with slow Internet connections? That's a lot of images to download.

The average size of the images in our database is about 3,100 bytes. Our challenges currently use 12 images, or an average of about 37,000 bytes for the entire challenge. That's not too big compared to other objects found on typical web pages, and should be downloadable by a 56k modem user in about 10 seconds.

Asirra uses a lot of screen real estate compared to a text-recognition HIP.

Yes, unfortunately, it does. That's one weakness of Asirra. But, look at all the cute kittens!

We are sensitive to this concern, so we performed an extensive user study, showing more than 35,000 Petfinder images to 357 users. This experiment, in part, was designed to determine the smallest possible image size that did not compromise accuracy or response time. The sweet spot on the curve was images with an area of 10,000 pixels, so that's the size to which all our images are scaled.

If you're good at HTML and have a suggestion as to how to make our 12-image table more attractive or smaller, feel free to contact us with your idea.

This looks just like KittenAuth!

Unfortunately, KittenAuth is not secure. It only uses a few dozen images, so it's very easy for an attacker to manually solve the CAPTCHA a few times and build a dictionary mapping each image to a species. It's then possible to write an automated script using that dictionary to solve the CAPTCHA as many times as desired. Perturbing the image (e.g., by adding random noise) is not an effective defense, since there are many extremely robust ways of comparing an image to a dictionary of known images, such as using color histograms.

Asirra's main innovation is in discovering an alignment of interests between the security community and a community that has a large dictionary of manually classified images. Petfinder provided us with more than three million images, with an additional 10,000 or so arriving every day. We provide exposure of adoptable animals to every Asirra user, which supports Petfinder's primary mission.

Hey, your example does client-side validation! That's dumb, you can't trust the client!

Asirra does client-side validation and server-side validation. Client-side validation is useful to let a well-behaved user know that they've failed the challenge before navigating away from the form (and possibly losing their form data). However, server-side validation is required to ensure that cheaters aren't directly accessing the web service and falsely claiming to have solved the HIP. We explain this process in more detail in our installation page. A realistic example, using server-side validation, can be found here.

Doesn't clicking on "Adopt Me" tell the client if that picture is a cat or a dog, allowing a bot to cheat?

Clicking on "adopt me" invalidates that challenge. In addition to popping up a window with adoption information, the original challenge is replaced by a new set of cat and dog images. The server will reject any attempt to solve an invalidated challenge.

What's the point of displaying a pet that's up for adoption 3,000 miles away?

Asirra is currently in beta-testing. The production version will do geolocation based on client IP address, showing users pets that are nearby. (If more than a few challenges are failed per day by the same IP address, we will fall back to using the entire image database, as a security precaution.)

A lot of the "adopt me" links I click show pets that have already been adopted.

The current beta-test version of Asirra selects images from our entire database, which includes both pets actively looking for homes and pets that are no longer available. The production version will initially show only pets that are actively looking for homes. (If more than a few challenges are failed per day by the same IP address, we will fall back to using the entire image database, as a security precaution.)

Has anyone actually adopted a pet because of Asirra?

Asirra hasn't been out for very long, but one of our beta testers told us he's in the process of adopting a beagle he found during a test session. If you adopt a pet, let us know!