Do You Need CAPTCHA?

My client is a big institution with too many minds working on one website. So, one fine day another mind worked and threw out another suggestion. They now need a CAPTCHA for user login so they can keep the spam users away. My initial reaction was that if you go by this rate you will just not stop, you don’t need everything. This would not have helped my client and my reputation with them. So, I sat down to understand the complete picture behind CAPTCHA. I wanted to understand first whether they were right and they CAPTCHA or I was right in thinking that they don’t need one.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers. It was coined in 2000 by professors and scientists from Carnegie Mellon University and IBM. However, there was another team in the year 1997 who designed the same system but with a different name which didn’t get as much popularity as this one. As the name suggests it originated from the Turing test. A Turing test is a means with which to test a machine’s ability to exhibit intelligent behaviour equivalent to that of a human being. CAPTCHA is also known as reverse Turing test which will test whether the user exhibits the intelligence to that of humans thereby considering them as humans and only then allowing them to move ahead. In short, a CAPTCHA is what is called a challenge-response test. One party presents a question or challenge and the other party must provide a valid answer or response in order to be authenticated.

In the initial days, CAPTCHAs would work by offering up a series of jumbled text/numbers and intentionally warping these such that any OCR technology fails, and only a human eye can read and make sense.  However, we can notice that captcha is getting harder as time progresses. This is because, usage of latest advanced pattern recognition and machine learning algorithms are capable of solving simpler captcha, so the latter should be in a position to defeat the former.

However, an interesting aspect of CAPTCHA is that even when people start solving the CAPTCHAs using some program., not everyone is unhappy. This is because it means that technology has evolved and has reached new frontier which is good when we look at the overall picture and they feel inspired to do even better which they might not usually do because why fix something which is not broken. A defeat for CAPTCHA is a victory for technology.

To understand CAPTCHA even better we can take the example of a ticketing company. We are all aware of the waiting for the window to open when we can book a ticket to our destination. If the destination is very popular and if it is a peak season, we would sometime ask more than one person to book the same ticket because it always becomes unavailable within seconds of be available. A big reason for this happening earlier was that scalper would develop software to automatically buy multiple tickets and these softwares are so fast that we are unable to catch up to their speed and by the time we reach the checkout stage we have zero tickets to purchase. CAPTCHAs were introduced to solve this problem. Generally, softwares are not capable of solving a CAPTCHA.

Why is a CAPTCHA used?

  • Its primary objective is to be used a security check to ensure only human users can pass through and not some software or bots
  • This is used to keep away spam and automated extraction of data from websites
  • It is designed to stop hackers and especially their crawlers from entering un-permitted areas of the net or from cracking passwords of your accounts. Some bots try to hack your account by using all the words in dictionary. What CAPTCHA does is after some unsuccessful attempts it pops up and breaks the iterating loop of the bot and make is useless
  • Many companies today offer free account creation for using their service be it a social media platform, an email service or other services on the internet. The bots of software would signup for hundreds of these accounts and then create havoc in the internet by using those accounts to send spam emails to millions of users. Free services should be protected by CAPTCHA to prevent abuse via automated scripts.
  • Often people will use programs to stuff online polls in favour of a certain vote. Usually IP addresses are recorded to prevent people from voting more than once but with the use of bots one can circumvent this policy. This makes it hard to truly trust online polls if CAPTCHA codes are not involved.
  • It also prevents torrent sites from showing an elevated number of seed users. When the seed users are high, we tend to trust that file more and download it. However, it can be a virus and the elevation in the seed users is created by bots. Torrent sites uses CAPTCHAs to show only genuine seed users.
  • Google even uses CAPTCHA for their benefit. Earlier it was using CAPTCHA for digitizing the archives of New York Times and more recently it is using it to improve their driverless car dataset. You might have seen those CAPTCHAS with trees, cars, traffic signal, crosswalks and so on. It basically does is shows the same image to multiple users and then try to compare their responses and depending on how many people choose a particular response for an image, the software determines the correct response. A very innovative way for companies to hit two birds using one stone.
  • Ticketing company also uses CAPTCHAs when they are selling tickets especially when it is for something which is in huge demand. Ticket scalpers use programs to purchase these tickets within seconds. They are so fast that normal people are unable to purchase tickets and are forced to pay a steep price for the tickets from these scalpers. CAPTCHAs force these ticket scalpers to not use these computer programs from purchasing tickets in such a large quantity.

What are the advantages of CAPTCHA?

  • They are fully automated hence it requires little human intervention for upkeep thereby giving high Return on Investment (ROI)

Some types of CAPTCHAs:

  • Text CAPTCHA: It requires the users to view a distorted string of alphanumeric characters in an image and enter the characters in an attached form. They are also present in audio format for those who can’t see properly.
  • Picture recognition CAPTCHA: It asks users to select a subset of images. For example, users maybe asked to select a car or a tree or a traffic signal and so on
  • Math CAPTCHA: A Math problem is given which the user needs to solve
  • 3D Super CAPTCHA: Image is rendered in 3D and a form will be given wherein you need to fill what is required from the image
  • I am not a robot CAPTCHA: It required users to just check a box
  • Marketing CAPTCHA: Brand names need to be entered, their logo needs to be clicked or so on

CAPTCHA when used right has a host of benefits. A good CAPTCHA is one which has a success rate of more than 80% of humans and 0.01% of machines. Anything which is beyond this should be reconsidered. CAPTCHAs have also received its fair share of criticism like every new thing especially from disabled people such as those who cannot see or have visual impairment. Now CAPTCHAs have overcome those problems. Some people also don’t like CAPTCHAs because they feel that it slows down their work. However, a research conducted showed that it takes approximately 10 seconds to finish a CAPTCHA. These people should be shown this research or should just time themselves when doing the CAPTCHA.

CAPTCHA should be used as it is an integral part of most website to function with less worries of spam or threat to their websites. My client on the other hand does not have a free account creation feature, nor is it accepting any comments from anyone, you can’t purchase a ticket from there, maybe someone can hack individual users’ password but that would be a long shot and for data which can be accessed without logging in too because user’s login to only edit their page and the data once edited is freely available for all. My client does not need CAPTCHA. Does yours?

Leave a Comment