The acronym CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
In terms of its functionality, CAPTCHA is an online security mechanism deployed to ensure that a user is human, and not a bot. Many types of organizations rely on CAPTCHA. For example, organizations that sell tickets to events use CAPTCHA to block bots working for ticket scalpers, who intend to snatch up a large portion of the tickets to an event. Websites also commonly use CAPTCHA to avoid bot-based messages in their comment sections or forums. A myriad of other use-cases exist as well.
How does it work, exactly?
The CAPTCHA system may present users with a series of images to examine, and asks users to identify a particular type of item within the images. For example, a user may be asked to click on all of the images containing a crosswalk, or all of the images showing stop signs.
Alternatively, the CAPTCHA system may present users with a sequence of distorted numbers or letters that they must correctly identify. In some cases, after completing the task, users must check a box, verifying that they are not a robot.
The system may prove mildly inconvenient for users, but ultimately prevents ‘cyber graffiti’ and/or account credential theft.
Can CAPTCHA block all bots?
Cyber criminals have devised means of circumnavigating captcha. In addition, Google research shows that artificial intelligence has advanced to the point where it is able to correctly identify distorted numbers and letters with 99.8% accuracy. This renders the distorted letters and numbers tests unreliable. Nonetheless, other forms of CAPTCHA and reCAPTCHA are still widely used.
What is reCAPTCHA?
ReCAPTCHA is a free CAPTCHA service from Google. Using an advanced risk analysis engine, “reCAPTCHA is always at the forefront of spam and abuse fighting trends so it can provide you an unparalleled view into abusive traffic on your site,” writes Google.
The information collected by Google’s reCAPTCHA system is used to develop machine learning data sets, which are then applied to the recalibration of maps and other AI challenges.
In 2014, Google introduced No CAPTCHA reCAPTCHA. It’s designed to observe user data and behavior to determine whether or not a potential entrant can visit a given site.
One technique that it employs to distinguish humans from bots involves briefly tracking mouse movements. Right before you check the “I am not a robot” box, the CAPTCHA tool observes whether your cursor moves in a squiggly way, or in a linear way. The former indicates that you’re likely human, while the later strongly suggests the presence of a bot.
Recent changes to Google’s cookie-based reCAPTCHA data collection system have led to security gains, but have also brought up noteworthy privacy concerns. You can find more information about that here.
What does the future of bot-prevention look like?
We’ve reached a crossroads. Bots and AI now complete the same sorts of tasks as humans. If we overcomplicate CAPTCHA and No CAPTCHA reCAPTCHA, humans will not be able to pass the tests.
“…it’s not that humans are dumb; it’s that humans are wildly diverse in language, culture and experience. Once you get rid of all that stuff to make a test that any human can pass, without prior training or much thought, you’re left with brute tasks like image processing,” states one publication.
Some experts predict that CAPTCHA challenges may not be viable in the future. Alternatives are under development.. Other experts still remain optimistic regarding the evolution and future use of CAPTCHA.
Blocking bots begs that we answer the question ‘what does it mean to be human?’ What unique measures can we employ to discriminate between machine capabilities and human ones?