Chances are that while browsing the internet, you've come across a box like this many times:
This little test is known as a CAPTCHA. But what exactly is this, and why do so many websites require you to complete it? Let's find out.
What Is a CAPTCHA?
CAPTCHA is an acronym that stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."
If you're not familiar, the Turing test is a method of testing whether a machine has such advanced artificial intelligence to the point that it's impossible to distinguish the computer from a human. It was developed by famous mathematician Alan Turing in 1950.
A CAPTCHA, then, is a basic puzzle that can quickly figure out whether the entity working on it is a human or a computer.
Why Are CAPTCHAs Used?
CAPTCHAs are used anywhere that a website wants to prevent automated scripts from abusing its services. For someone with programming knowledge, it's trivial to set up automated programs ("bots") that perform tasks much faster than humans can. CAPTCHAs are designed to filter out these computer-generated requests.
Some examples of negative behavior that CAPTCHAs can prevent include:
- Creating lots of email accounts for spamming purposes
- Buying out limited-supply goods, like concert tickets, to later scalp them
- Signing up for forums or using contact forms to send spam
- Overwhelming a website with requests in order to run a denial-of-service attack
These and similar situations are where you'll typically see CAPTCHAs in place. Many services use them every time you create a new account.
How Do CAPTCHAs Work?
Old-school CAPTCHAs, like the one featured above, were typically made up of a few random distorted words that you had to type in correctly. For most people, it's a pretty simply task to enter these words.
However, this is difficult for computers, which are not good at recognizing images of text. Add in various color gradients, backgrounds, and strange fonts, and you have an image that's relatively easy for a human to decipher but difficult for a computer.
Of course, malicious users have come up with advanced ways to beat CAPTCHAs. In turn, CAPTCHAs have become more difficult to solve over time.
CAPTCHAs are handy, but they're not perfect. They're annoying for humans to solve, and can be difficult or impossible to decipher for those with disabilities. Today, most of the CAPTCHAs you see online are a specific type, called reCAPTCHA.
This version of the CAPTCHA was developed by researchers at Carnegie Mellon University and purchased by Google in 2009. Originally, it used the same distorted words as previous CAPTCHAs, but with one major difference. Instead of random words, it used snippets of text to help digitize books from Google Books and The New York Times.
Over time, reCAPTCHAs expanded to include images of street signs and other text from Google Street View. This allows every solved CAPTCHA to help improve Google's machine learning.
As of 2019, image selection challenges are the only kinds of tests offered by reCAPTCHA. However, Google has made strides to make CAPTCHAs less annoying for human users.
In many cases, you simply have to check a box that says I'm not a robot (Google calls this a noCAPTCHA). When you do, the CAPTCHA performs an analysis of your activity on the site to determine if you're a human or a robot. For instance, it analyzes your mouse movements and cookies to figure out if you're a legitimate user.
If you fail the automated test, you'll see a prompt that asks you to select all the images that match a certain description. This improves Google Maps while seeing if you can correctly identify images, which is something computers struggle with.
What's more, the latest version of reCAPTCHA even performs analysis in the background without alerting the user. It can predict automated behavior and take action automatically.
CAPTCHAs Filter Out Most Automated Traffic
As we've seen, CAPTCHAs are an important part of the online ecosystem. Without them, malicious actors would be able to create thousands of accounts for spam, foul play, and other nasty behaviors. CAPTCHA creators have done a lot to make them as non-intrusive as possible for normal people, so you shouldn't get stopped by them too often.
For more like this, have a look at some common security terms you should know.