Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

Ads by Google

   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]Love them or hate them – CAPTCHAs have become ubiquitous on the Internet. What is CAPTCHA anyway, and where did it come from? Responsible for eye-strain the world over, the humble CAPTCHA has been the centre of much attention as the single most effective weapon in the fight against web spam. But are they effective? Are there any other kinds of CAPTCHA other than the basic “tilt your head, squint and read me”?

You Shall Not Pass (The Turing Test)!

Captcha’s were invented by a team of Carnegie Mellon professors and put into first use around the year 2000 by AltaVista and Yahoo, in an attempt to prevent automated chat bots and URL submissions. It is in fact an acronym for Completely Automated Public Turing test to tell Computer and Humans Apart.

For those of you who don’t know what that means, it may help to explain what the Turing test is. Named after British professor Alan Turing, the Turing test is the standard test of an Artificial Intelligence based machine, whereby if a machine can pass the test, it is considered to exhibit intelligent behaviour. Essentially the test involves conversing with a number of judges through a text interface – if the judges can’t tell they are chatting to a computer, it passes the test. Personally, I’m of the opinion that the Turing test is useless, on the basis that a dolphin couldn’t converse with a human either, yet we attribute them with a higher form of intelligent behaviour. But I digress.

Ads by Google

turing test   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

The CAPTCHA therefore, is an automated Turing test. There are a number of different ways of doing this, but the most common one that we seem to have settled on is to present the user with a scrambled form of text, assuming (often incorrectly) that any normal human will be able to decipher the text.

text captcha   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

The CAPTCHA has evolved over time, but has ultimately been defeated as we’ll find out later.

Text-Based CAPTCHAs & The Re-CAPTCHA Project

The reCAPTCHA project, now owned by Google, decided that instead of inanely deciphering cryptic text for no real good, it presented a fantastic opportunity to correct the shortcomings of computer-based Optical Character Recognition. For older books especially, computers find it very hard to recognise the words, whereas a human finds the tasks trivial. Combine the task of digitising old books with spam prevention, and you’re onto an absolute winner.

recaptcha   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

However, if the computer had trouble recognising the word in the first place, how can it tell if what you wrote in is nonsense? Simple – present the user with TWO words – one of which is known. The system assumes that if the user correctly types the known word, then the chances are that the unrecognisable word is also correct.

Another ingenious idea is to combine the CAPTCHA with some form of advertising.

Math Problem

math problem   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

OK, the picture is a joke, but essentially the user is presented with a basic math problem. We use a similar system on the Answers site right now. It needn’t be difficult, just some basic addition.

Image-Based CAPTCHAs

As difficult as some of the ReCAPTCHA codes can be for you and I sometimes, software has already been developed which can break the code with about a 30% success rate – which for a spam campaign with millions of tries is quite an acceptable rate. Images on the other hand are extremely difficult to process for computers semantically. Think about a simple cat picture – programming a computer to recognise a human face is hard enough, but to distinguish a cat from all the other animals and objects in the world is pretty much impossible at this point in time.

image captcha   Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

Logic-Based

These rely on logical and semantic intelligence about the world, or just basic common human sense. Some examples might be:

  • Identify the food in this list: asphalt, bacon, cloud, dagger.
  • Identify the weapon in this list: asphalt, bacon, cloud, dagger.
  • How many doors are on a four-door car?
  • What is the third word in this sentence?
  • What’s left if you remove the B from ABC?

A great plugin to integrate these kind of tests into your WordPress comment system is WP-Gatekeeper, by the way.

De-CAPTCHA Services

The sad fact is that while CAPTCHAs are a necessary evil, they are easily overcome by spammers nowadays. While some spammers have indeed developed sophisticated software that can mimic the human eye and brain to decode like a human does, the truth is far more simpler and more horrific. Why develop expensive software when you can pay someone pennies to do the CAPTCHA for you? The current cheapest going rate is $1.39 for 1000 CAPTCHAs, with a 98% accuracy rate, and services such as Death By Captcha have developed elaborate APIs for developers to use. The only person being slowed down by CAPTCHAs nowadays, is you!

The Future Of The Captcha

Like everything else in life, CAPTCHAs are not impenetrable to hacking or spamming. As new and more ingenious tests are devised, ever more sophisticated ways of breaking them will be developed – and the solution of paying someone else to do them for you can never be defeated. Even so, it’s our responsibility as web developers and admins to keep spammers away from our sites without degrading user experience.

Are you shocked to learn how cheaply a CAPTCHA can be defeated for? Have you seen any other kind of CAPTCHAs out in the wild that impressed you? Let us know in the comments! Also, be sure to check all the funny pictures tagged “captcha” over on Geeky Fun.

Image Credit : xkcd

Ads by Google
Check out more about:

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

26 Comments -

three20four

“CAPTCHA with some form of advertising” is the worst idea ever. You should immediately redact that statement for fear of giving some idiot advertiser an idea we really don’t want to see come true. I’ve already seen at least 1 or 2 CAPTCHAs that require you to watch a 30 second video and then describe something that was in the video. If this were ever to go main stream it would kill CAPTCHA. I’d argue that most users would rather not respond than deal with that kind of advertised spam.

James Bruce

Well, I didn’t say it was a good idea, I just said it was ingenious. I havent seen one of those in the wild to be honest – a simple picture with some writing in red letters or something “coke is tasty” would be acceptable – but a 30 second video? I would probably close the site, and block it from my google results!

Scutterman

As an aside, Captchas make it almost impossible for visually impaired users to use the web. Have you ever clicked the audio button? It’s even more indecipherable than the image itself, completely impossible to use.

James Bruce

Is there a better way? Captchas are hard to read of purpose, so I dont see why an audio of the same would be any easier. If it were that easy, you could just run it through speech recognition to get the result, an the whole purpose would be defeated. I thought visually impaired users had heightened sense of hearing anyway – perhaps it isn’t as hard for them as you or I? I dont know, but I think captcha’s are neccessary evil – and having the audio option is certainly better than not having anything, I’m sure you’ll agree. 

Scutterman

I used to make GreaseMonkey scripts aimed at helping visually impaired people, and from what they were saying they cannot use any site with a captcha, even if it does have an audio option.

I think the logic and linguistic options are far better than the mangled-image variety, since imaging technology is coming along at such a fast pace that the difference between what a human eye can make out and what a computer can interpret will soon be negligible. It’s not even too hard to imagine a point where there are captchas that computers can get right, but humans can’t.

Joseph0370

How many times have you correctly identified the CAPTCHA only to be told it is not correct !!!!

Rachaelannedonnelly

Or to put it another way, how many sites have you been unable to sign up for, comment on or even simply use because CAPTCHA is such a pile of dog doo?

UUUnicorn

Some of the lettering can be very hard to decipher.

The mathematics one was just plain CRUEL–I’m learning-disabled in mathematics (probably dyscalculia), and there’s just no way in H__l that I could ever figure this thing out.

Captcha Monster

If you find CAPTCHA deciphering difficult and annoying, just give Captcha Monster a try. It’s a new Firefox add-on which completely automatically solves all CAPTCHA tests. Seriously.

Rachaelannedonnelly

Captcha Monster is OK, but I’d rather not pay that price for a simple account… $20 a month?

Captcha Monster

Actually the price for a simple account is $19.99 for the whole year.

Marius Loots

Received on this morning that seems to have been outsourced to the middle east:
http://gallery.chaos.co.za/picture.php?/1339/category/86

Alma Dewberry

I liked the captcha used on http://www.logaway.com

Louis Pace

“…the Turing test is the standard test … whereby if a machine can pass the test, it is considered to exhibit intelligent behaviour.”

“Personally, I’m of the opinion that the Turing test is useless, on the
basis that a dolphin couldn’t converse with a human either, yet we
attribute them with a higher form of intelligent behaviour.”

It’s common, but also inaccurate, to define the Turing test as a test of intelligence or intelligent behavior in computers. While the search for intelligence in computers may have been the drive behind the development of the test, it is more accurate to say that the Turing test looks for HUMAN behavior in computers. Even Alan Turing pointed out that a computer could fail the test by solving too complex of a problem (because then the interrogator would detect that it was a computer), and attempts to create a program that could pass the test have included nuances such as occasional typos to avoid appearing too perfect. Conversely, it is sometimes said of people who are too shallow, disengaged, or simply dumb, that they have failed the Turing test.

Anyway, as this applies to CAPTCHAs, the Turing test is indeed very useful. The Turing test, in this case, is used to determine if it is a human or a computer at the controls. Ideally, a human will pass the test, and be allowed to progress, while a computer will fail the test and be blocked.

I realize that work has been done to defeat CAPTCHAs, but this is the circle of life for criminals and security. A padlock no longer can secure your house? Get an electronic monitoring system. A new computer virus is developed? Norton, McAfee, et al will create new virus definitions to update your anti-virus software. The criminals get smarter? Then so do the security tools. And the CAPTCHA form of the Turing test will be no exception.

James Bruce

Thanks Louis, that has to be the most interesting comment I’ve had yet. While I technically agree with your statements about the Turing Test, I feel that it should be redefined as a measure of how much human stupidity makes a believable human (too much and it will be suspected as errors, too few and it will be too perfect), rather than how much intelligence makes a machine human. 

CAPTCHA-R-Stupid

few years later “if ALIVE” we’d find out most of this current CAPTCHA’s are very very stupid manner to prof that the one on the endpoint is a human!!
never-the-less for audio’s..

about 10 years ago i asked a friend of his impression and explanation of the CAPTCHA.
he said: dunno, it might be like an EYE TEST or something!! :) he was new to the internet at that time.. but may be later from his comments “the audio” was an EAR TEST as well, for sure..

cartoon attached (dunno thou if can be seen!) is not mine, but the comment is!

Bz

I had a captcha on Comcast’s site asking me to type in the Omega symbol ?. Really? You want people to type in alt-code characters? That was just stupid. In general, I agree that captchas are needed on web sites, but they are often too hard to read and, for someone who is disabled, it is ruining the internet for them. So we need to see captcha 2.0. The image puzzle is a good start.

James Bruce

Agreed. I wonder if the audio captchas also have random symbols and sounds you can’t type, like high pitched squeeks?

Julie

If the spammers continue to use cheap labour to defeat captcha, then it doesn’t really matter what we design, as it will always be humans deciphering them either way!

I have poor eyesight AND bad hearing, so I very often fail both visual and audio captcha tests.

James Bruce

Sorry to hear that Julie. You’re right about captchas being useless if we just hire cheap labor ofcourse, but imagine if there were NO line of defenses? the web would be even more full of spam than it is now. Perhaps the solution will be some form of forced identity verification – like each comment MUST be linked to a phoe-verified facebook account or something. I’m sure that would stem the tide of idiots and abusive comments too!~

Scutterman

Facebook is one of the popular ways of using social engineering to propagate spam, and pre-paid phones can be bought dirt cheap if you know the right place to get them. I think linguistic tests are the way to go, though I don’t know whether captchas are successful enough to merit their existence to be honest. Maybe time should be put into making spamming less profitable, though that would require a large investment to achieve anything.

James Bruce

Google is doing quite well at that with their algorithm updates to be honest. If we can get all the spam sites de-listed, then spammers will work on creating genuinely useful sites. Then if they spam links to genuinely good sites… well. …. mission accomplished. 

Scutterman

I’m all for that kind of thing, but I’m kind of cynical. Though I’m correct over 50% of the time, so maybe it’s realism.

rachel

I am terrible at solving captchas. Inevitably after I’ve typed in the whole comment and the captcha I find that I messed up. Occasionally even my comment gets cleared when my answer is rejected, whereupon I just leave the site altogether.

Despite everything, for us blog owners captchas are a necessity. Can you recommend one of the better ones?

James Bruce

Honestly, I just use Akismet on most of my sites. It seems to keep out the bad boys better than anything. 

Rachaelannedonnelly

I’m for Logic style. It is text based and therefore screen reader users, such as myself, can access it. I also think that image style is grate for people with cognetive disabilities and find problem solving difficult or who loose concentration easily. I’m against the origional style – it’s rediculous, difficult and inaccessible, even to sighted users.