Yu Blog

Latest Thinking

Captcha Tests (1/2): Less Effective Every Time
31
Jul 2009

Captcha Tests (1/2): Less Effective Every Time

If you’re a regular Web surfer, you’ve probably signed up for online services like email, e-commerce or social networks…
You’ve probably also noticed that when you sign up you have to provide some personal information and pass a captcha “test”.

The captcha system (Completely Automated Public Turing test to tell Computers and Humans Apart) was devised by the infamous Alan Turing. The purpose is to prevent “non-humans” from signing up. It’s easy to understand why website administrators wouldn’t want to have a bunch of fictional users filling up their space.

The captcha test requires a human audio or visual input. It looks like the image below. Audio captcha tests are most often designed for the visually impaired, but I will be focusing on the visual test.

Unfortunately, this security system is becoming less and less effective and robots are managing to pass the test more and more easily. For example, Yahoo and Google’s sign-up pages are breached by robots more than one out of every five times.

One of the most common responses to the evolution of these robots has been increasing the complexity of captcha tests. The numbers and letters are ever more distorted and the noise, that is to say the irrelevant information surrounding the letters, also increases making this step more complex for users. This might not prevent people from passing the security check, but it does require greater effort to decode the text. The error rate and the time spent filling out the form also increase. There will therefore be a delay before the user can even use the service for which he’s signing up. In the follow-up to this blog, we will review several variations on the standard captcha test, which might make things harder for robots and easier for users.

References:

http://www.w3.org/tr/turingtest/
http://en.wikipedia.org/wiki/Turing_test
http://arstechnica.com/security/news/2008/02/gotcha-captcha-gmail-bot-detector-system-cracked.ars

Tags are not defined.

2 Comment(s)

Harry

I’m interested to see your follow-up posts.

By the way CAPTCHA wasn’t invented by Alan Turing -though it was based on his work (in the Philosophy of Artificial Intelligence). Quoting from captcha.net: “The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.”

Yannick Roy

Thanks for the detail Harry.  I did not intend to say that Alan Turing was responsible for CAPTCHA, he was active a little too early for that!  Don’t worry, the follow-up article is coming soon, as I just returned from a vacation! 🙂

Leave a Reply