Categories Articles

Are you human or robot? How CAPTCHAs know

CAPTCHAs are the acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart.” They’re used on website forms as a way of stopping spam bots from submitting your information, which is a good thing because who wants to be invaded by spammers who may sell your email address on the black market? But what secrets lie behind these seemingly simple puzzles? How do they know that you’re not a bot? Let’s take a closer look!

Pixbay

History

The Turing Test is a kind of artificial intelligence test that has been around since 1950. Created by mathematician, cryptanalyst, and computer scientist Alan Turing, it was designed to see if machines can think or behave like humans. It is also known as the “Captcha disguise” because users are required to type their response into an input field containing captions and prove they are human before they’re allowed access further on any website protected with this security measure. According to Google, people see — and try to solve — about 200 million CAPTCHAs a day.

As machines grow more intelligent, humans will have to adapt for them not to become obsolete. We are doing this now by using CAPTCHAs — a type of test designed so only people can pass through it and gain access to something or someplace important like your website’s content, for example, an e-commerce store.

CAPTCHA was first used in 2000 by computer scientists at Carnegie Mellon University. The goal was not just to stop spam but also to provide an extra layer of protection for humans.

How does CAPTCHA work?

While CAPTCHAs are old technology, they are still used today on many web properties. The distorted text is designed so bots cannot recognize it, but humans must interpret the letters to solve the puzzle. If responses are incorrect, the user will have a time limit until their next attempt (usually one second to five minutes). In some CAPTCHAs, users must also highlight parts of speech such as nouns or verbs when prompted by pressing shift+enter simultaneously.

The bot might not read the distorted letters, but a human who is used to seeing and interpreting letters in all kinds of contexts — different fonts, handwritings — should still have little trouble recognizing them. And, so, most bots failed this test in the past.

But today, advanced bots can use machine learning and artificial intelligence to identify these distorted letters, so a new CAPTCHA test was needed. This was the impetus behind Google’s reCAPTCHA. In addition, Google’s reCAPTCHA has developed several other obstacles for human users vs. automated bots. There are now audio verification tasks or image recognition challenges that require more skillful responses from the user than just typing on their keyboard accurately without mistakes.

Artificial intelligence and CAPTCHA

Some computer programs have difficulty identifying letters and objects in different contexts. For instance, a stop sign is an octagonal red symbol containing white lettering that reads “STOP.” If the context changes, it might be more difficult for an algorithm to identify this exact shape and word combination.

An artificial intelligence program can get better at overcoming these limitations through machine learning. For the stop sign example, programmers feed it a bunch of data on what is and isn’t a valid stop sign to make this process more accurate for both humans and machines. If there are too many mistakes or errors in their input, they might not identify an image correctly without having sufficient examples from different sources, such as other vehicles stopping near them when approaching an intersection during traffic lights.

Human input is necessary for artificial intelligence to be successful, but it takes time and effort. That’s where reCAPTCHA comes in: By getting humans to identify objects or texts accurately, then data can be used to build robust AI programs.

What is reCAPTCHA?

reCAPTCHA is a free service that Google offers as an alternative to traditional CAPTCHAs. It was developed at Carnegie Mellon University. In 2009, the giant search engine acquired the reCAPTCHA technology. It now has over 11 years of experience and has gotten better over that time.

reCAPTCHA uses an advanced risk analysis engine and adaptive challenges to keep malicious software from engaging in abusive activities on your website. Meanwhile, legitimate users will be able to login, make purchases, view pages, or create accounts and fake users will be blocked. — Google

reCAPTCHA is an advancement of the traditional CAPTCHAs. However, unlike regular challenges, some reCAPTCHAs require users to input images from books or newspapers with accurate text such as addresses that computers find difficult to read correctly.

Image recognition reCAPTCHA

For image recognition reCAPTCHA tests, users typically see a number of images nestled in a grid. The images may all come from the same large picture. Still, they can also be different pictures that have been enlarged to look similar in size and shape when put up against one another for testing purposes. The goal is to pick out specific objects from the photos in the grid, such as traffic lights or cars.

Humans are great at picking out particular objects from blurry photos because humans have a way of relating the context in which a thing exists. For example, when I am driving down the highway and see another car exit into oncoming traffic, it registers as something necessary to be aware of for my safety. That is why identifying cars are often used in CAPTCHAs.

reCAPTCHA tests with a single checkbox

In this type of CAPTCHA, the user has to do more than simply check a box next time with the statement, “I’m not a robot.” They must first be prompted and then led through an action-filled path before reaching that point. Again, this is something humans can do easily, but machines cannot.

How does reCAPTCHA work without user interaction?

ReCAPTCHA also has a new algorithm that can tell if you’re human or not without asking for verification. The program considers your browsing history and how often it changes. reCAPTCHAs machine learning software decides whether you are an actual human based on those factors. If they think it’s safe to let this person proceed to the website, they will give no challenge.

Triggers for CAPTCHA test

Some web properties have CAPTCHAs as a proactive defense against bots. For example, suppose user behavior seems to resemble bot activity. In that case, an automatic test triggered for verification purposes will appear. It will be triggered when users are requesting pages and clicking hyperlinks at rates much higher than average. The system will ask users whether they’re human by projecting images onto their screens, which must be identified before content can be accessed on those websites.

How good are CAPTCHA and reCAPTCHA?

There are many ways to get past the text CAPTCHAs on their own. Researchers demonstrated how they could write a program that beats image recognition tests. CAPTCHAs can irritate users, who find themselves stuck on a webpage while waiting for the CAPTCHA test. In some cases, this leads them to feel discouraged and give up altogether.

And CAPTCHAs are a royal pain for people with poor vision because the letters or images can be challenging to distinguish. CAPTCHAs on small mobile devices are almost certain to create ill will for any potential visitor who will give up before getting to the website. If your site is an e-commerce one, you have lost a sale.

Featured image: Shutterstock

Ali Qamar

Ali Qamar is a privacy and cybersecurity enthusiast. His work has been featured in major tech and security blogs, including InfosecInstitute, Hackread, ValueWalk, Intego, and SecurityAffairs. He is the founder and editor of PrivacySavvy.com now. Follow Ali on Twitter @AliQammar57.

Share
Published by
Ali Qamar

Recent Posts

Enterprise considerations when purchasing laptops

You're tasked with purchasing and provisioning laptops for a bunch of users at your company.…

1 day ago

IKEA experiencing internal phishing attacks

IKEA is currently in a state of disarray thanks to an internal reply-chain email attack.

1 day ago

How to Fix Exchange Mailbox Corruption?

If transaction logs get corrupt, deleted or the server shuts down before the logs are…

2 days ago

2.4GHz or 5GHz WiFi: Which one to choose?

WiFi is not just for laptops and smartphones. It is also an essential part of…

2 days ago

Is cloud security an illusion?

Migrating your infrastructure into the cloud boosts your security and helps you avoid cyberattacks. Or…

3 days ago

How to delete a sprint when using Azure DevOps

The process of trying to delete a sprint in Azure DevOps is not straightforward. This…

3 days ago