#NewsBytesExplainer: What are CAPTCHAs and how do they work?
In all the years you have spent browsing the internet, you have surely come across those annoying verification pop-ups that ask you to identify images, solve simple arithmetic problems, and re-type distorted text. Called CAPTCHAs, these human verification processes are particularly useful in select applications where humans and bots must be separated. Here's why websites need CAPTCHAs and how they work.
CAPTCHAs are used to tell computers and humans apart
CAPTCHA is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart." Computing pioneer Alan Turing conceptualized the tests in 1950 to gauge a machine's ability to exhibit intelligence indistinguishable from that of a human. Subsequently, CAPTCHAs were invented in the late 1990s. Turing tests have also been the subject of interesting sci-fi movies such as Ex Machina.
CAPTCHAs are used to prevent spam, restrict purchase quantities
CAPTCHAs are fairly easy for humans to do and take approximately less than a minute to complete while computers would find them challenging to solve. CAPTCHAs can be used for a variety of applications such as to maintain poll accuracy by preventing bots from skewing the results. On social media, the system is used to prevent bots from spamming forums with promotional content.
CAPTCHAs also prevent hackers from carrying out brute force attacks
Email service providers such as Gmail use CAPTCHAs to ensure hackers don't sign up for multiple email accounts in quick succession. The system also prevents hackers from trying brute force attacks on online accounts that try billions of character combinations in the password field.
Common text-based CAPTCHAs block bots capable of text-recognition
The system is also used to deter resellers from purchasing high-demand products and services en-masse (vaccination slots, movie tickets, computer graphic cards, etc.) thereby inflating the prices. There are different types of CAPTCHAs available. Text-based variants distort a random sequence of letters and numbers by scaling, rotating, and overlapping characters against background noise, lines, arcs, or dots. This deters bots equipped with text-recognition algorithms.
Image CAPTCHAs rely on humans' image recognition, semantic classification
While text-based CAPTCHAs require humans to interpret data the way machines cannot, image-based captions take it up a notch with the need for image recognition and semantic classification. Such CAPTCHAs usually ask humans to choose images similar to a displayed picture or identify all the parts of an image with a particular element such as cars or crosswalks.
Audio CAPTCHAs baffle speech-to-text bots with background noise
Designed by keeping visually impaired users in mind, audio CAPTCHAs play out a series of letters and numbers which the user must type out. Some CAPTCHAs ask users to solve simple arithmetic problems. Lastly, the reCAPTCHA service popularized by Google just requires you to simply click a checkbox saying "I'm not a robot." The test relies on tracking the user's interaction with the webpage.
Google's reCAPTCHA was originally developed by Carnegie Mellon University researchers
There are many CAPTCHA service providers, but Google's reCAPTCHA is arguably the least annoying and most widely-used. The technology was developed by researchers at Carnegie Mellon University and subsequently acquired by Google in 2009. The free-to-use service offers image recognition, checkbox-type, and behavior assessment-based CAPTCHAs.
No-task-necessary CAPTCHAs track your usage before you click the checkbox
Interestingly, reCAPTCHAs take into account the user's cursor movement that would have minute instances of randomness that bots wouldn't be able to mimic. Also, reCAPTCHAs access browser cookies and history to determine a user's legitimacy. Clicking the checkbox isn't the test. It's everything before that.
AI, ML can comfortably solve CAPTCHAs, but would hackers bother?
That said, CAPTCHAs are still difficult to understand, a waste of precious time, frustrating, and inaccessible to people with disabilities. You'll hardly be surprised to know that CAPTCHAs aren't exactly foolproof. Modern artificial intelligence (AI) and machine learning (ML) technologies are built to recognize patterns and solve problems, instantly defeating the idea of CAPTCHAs that count on a machine's inability to do so.
Annoyance of solving CAPTCHAs is exactly what deters manipulators
CAPTCHAs may not be a technologically impenetrable defense against bots, but they add an additional step to an otherwise straightforward process that deters rabble-rousers who would have to invest disproportionately more effort to crack the system. The annoyance that regular users face is what deters the manipulators. Interestingly, some websites dynamically deploy CAPTCHA tests if a user's activity appears to resemble a bot.
