Everything You Ever Wanted To Know About CAPTCHAs But Were Afraid To Ask [Technology Explained]

Ads by Google

what is captchaLove them or hate them – CAPTCHAs have become ubiquitous on the Internet. What is CAPTCHA anyway, and where did it come from? Responsible for eye-strain the world over, the humble CAPTCHA has been the centre of much attention as the single most effective weapon in the fight against web spam. But are they effective? Are there any other kinds of CAPTCHA other than the basic “tilt your head, squint and read me”?

You Shall Not Pass (The Turing Test)!

Captcha’s were invented by a team of Carnegie Mellon professors and put into first use around the year 2000 by AltaVista and Yahoo, in an attempt to prevent automated chat bots and URL submissions. It is in fact an acronym for Completely Automated Public Turing test to tell Computer and Humans Apart.

For those of you who don’t know what that means, it may help to explain what the Turing test is. Named after British professor Alan Turing, the Turing test is the standard test of an Artificial Intelligence based machine, whereby if a machine can pass the test, it is considered to exhibit intelligent behaviour. Essentially the test involves conversing with a number of judges through a text interface – if the judges can’t tell they are chatting to a computer, it passes the test. Personally, I’m of the opinion that the Turing test is useless, on the basis that a dolphin couldn’t converse with a human either, yet we attribute them with a higher form of intelligent behaviour. But I digress.

what is captcha

The CAPTCHA therefore, is an automated Turing test. There are a number of different ways of doing this, but the most common one that we seem to have settled on is to present the user with a scrambled form of text, assuming (often incorrectly) that any normal human will be able to decipher the text.

how captcha works

The CAPTCHA has evolved over time, but has ultimately been defeated as we’ll find out later.

Ads by Google

Text-Based CAPTCHAs & The Re-CAPTCHA Project

The reCAPTCHA project, now owned by Google, decided that instead of inanely deciphering cryptic text for no real good, it presented a fantastic opportunity to correct the shortcomings of computer-based Optical Character Recognition. For older books especially, computers find it very hard to recognise the words, whereas a human finds the tasks trivial. Combine the task of digitising old books with spam prevention, and you’re onto an absolute winner.

how captcha works

However, if the computer had trouble recognising the word in the first place, how can it tell if what you wrote in is nonsense? Simple – present the user with TWO words – one of which is known. The system assumes that if the user correctly types the known word, then the chances are that the unrecognisable word is also correct.

Another ingenious idea is to combine the CAPTCHA with some form of advertising.

Math Problem

how captcha works

OK, the picture is a joke, but essentially the user is presented with a basic math problem. We use a similar system on the Answers site right now. It needn’t be difficult, just some basic addition.

Image-Based CAPTCHAs

As difficult as some of the ReCAPTCHA codes can be for you and I sometimes, software has already been developed which can break the code with about a 30% success rate – which for a spam campaign with millions of tries is quite an acceptable rate. Images on the other hand are extremely difficult to process for computers semantically. Think about a simple cat picture – programming a computer to recognise a human face is hard enough, but to distinguish a cat from all the other animals and objects in the world is pretty much impossible at this point in time.

what is captcha

Logic-Based

These rely on logical and semantic intelligence about the world, or just basic common human sense. Some examples might be:

  • Identify the food in this list: asphalt, bacon, cloud, dagger.
  • Identify the weapon in this list: asphalt, bacon, cloud, dagger.
  • How many doors are on a four-door car?
  • What is the third word in this sentence?
  • What’s left if you remove the B from ABC?

A great plugin to integrate these kind of tests into your WordPress comment system is WP-Gatekeeper, by the way.

De-CAPTCHA Services

The sad fact is that while CAPTCHAs are a necessary evil, they are easily overcome by spammers nowadays. While some spammers have indeed developed sophisticated software that can mimic the human eye and brain to decode like a human does, the truth is far more simpler and more horrific. Why develop expensive software when you can pay someone pennies to do the CAPTCHA for you? The current cheapest going rate is $1.39 for 1000 CAPTCHAs, with a 98% accuracy rate, and services such as Death By Captcha have developed elaborate APIs for developers to use. The only person being slowed down by CAPTCHAs nowadays, is you!

The Future Of The Captcha

Like everything else in life, CAPTCHAs are not impenetrable to hacking or spamming. As new and more ingenious tests are devised, ever more sophisticated ways of breaking them will be developed – and the solution of paying someone else to do them for you can never be defeated. Even so, it’s our responsibility as web developers and admins to keep spammers away from our sites without degrading user experience.

Are you shocked to learn how cheaply a CAPTCHA can be defeated for? Have you seen any other kind of CAPTCHAs out in the wild that impressed you? Let us know in the comments! Also, be sure to check all the funny pictures tagged “captcha” over on Geeky Fun.

Image Credit : xkcd

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Technology Explained
Technology Explained
19 Members
Ads by Google
Comments (26)
  • Rachaelannedonnelly

    I’m for Logic style. It is text based and therefore screen reader users, such as myself, can access it. I also think that image style is grate for people with cognetive disabilities and find problem solving difficult or who loose concentration easily. I’m against the origional style – it’s rediculous, difficult and inaccessible, even to sighted users.

  • rachel

    I am terrible at solving captchas. Inevitably after I’ve typed in the whole comment and the captcha I find that I messed up. Occasionally even my comment gets cleared when my answer is rejected, whereupon I just leave the site altogether.

    Despite everything, for us blog owners captchas are a necessity. Can you recommend one of the better ones?

    • James Bruce

      Honestly, I just use Akismet on most of my sites. It seems to keep out the bad boys better than anything. 

  • Julie

    If the spammers continue to use cheap labour to defeat captcha, then it doesn’t really matter what we design, as it will always be humans deciphering them either way!

    I have poor eyesight AND bad hearing, so I very often fail both visual and audio captcha tests.

    • James Bruce

      Sorry to hear that Julie. You’re right about captchas being useless if we just hire cheap labor ofcourse, but imagine if there were NO line of defenses? the web would be even more full of spam than it is now. Perhaps the solution will be some form of forced identity verification – like each comment MUST be linked to a phoe-verified facebook account or something. I’m sure that would stem the tide of idiots and abusive comments too!~

    • Scutterman

      Facebook is one of the popular ways of using social engineering to propagate spam, and pre-paid phones can be bought dirt cheap if you know the right place to get them. I think linguistic tests are the way to go, though I don’t know whether captchas are successful enough to merit their existence to be honest. Maybe time should be put into making spamming less profitable, though that would require a large investment to achieve anything.

    • James Bruce

      Google is doing quite well at that with their algorithm updates to be honest. If we can get all the spam sites de-listed, then spammers will work on creating genuinely useful sites. Then if they spam links to genuinely good sites… well. …. mission accomplished. 

    • Scutterman

      I’m all for that kind of thing, but I’m kind of cynical. Though I’m correct over 50% of the time, so maybe it’s realism.

  • Bz

    I had a captcha on Comcast’s site asking me to type in the Omega symbol ?. Really? You want people to type in alt-code characters? That was just stupid. In general, I agree that captchas are needed on web sites, but they are often too hard to read and, for someone who is disabled, it is ruining the internet for them. So we need to see captcha 2.0. The image puzzle is a good start.

    • James Bruce

      Agreed. I wonder if the audio captchas also have random symbols and sounds you can’t type, like high pitched squeeks?

  • CAPTCHA-R-Stupid

    few years later “if ALIVE” we’d find out most of this current CAPTCHA’s are very very stupid manner to prof that the one on the endpoint is a human!!
    never-the-less for audio’s..

    about 10 years ago i asked a friend of his impression and explanation of the CAPTCHA.
    he said: dunno, it might be like an EYE TEST or something!! :) he was new to the internet at that time.. but may be later from his comments “the audio” was an EAR TEST as well, for sure..

    cartoon attached (dunno thou if can be seen!) is not mine, but the comment is!

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.