How CAPTCHA Works - GoTechTalk


Wednesday, August 29, 2018


To continue reading this blog prove you're a human by clicking on every box that contains the lightest.

We are kidding, we welcome all viewers organic or robotic, but back on topic odds are you've probably seen little tests like that, scattered around the internet when you're trying to post a comment create an account or buy something there called CAPTCHAs which stands for Completely Automated Public Turing Test to tell computers and humans apart, proving once again that the computer science community continues to struggle with the concept of acronyms, anyway the irony of using computing techniques to trick other computers isn't really new.

Leet Speak which goes all the way back to the early 1980s originated as a method of preventing content from being easily searchable and to work around obstacles like profanity filters, a youth that is still common to this day but modern CAPTCHA didn't come around until the late 1990s when the then popular search engine Alta Vista was trying to find a way to prevent BOTS or automated computer programs from adding tons of spam and malicious URLs to their linked database, they wanted to put some kind of barrier in place and approach the problem by thinking about something that both humans and computers were good at, namely optical character recognition.

Then introducing elements that made the task much more difficult for computers while keeping it fairly easy for humans and since computers of the day could only recognize clear easy to read text Alta vistas engineers forced the user or the bot as it were to read a puzzle with distorted misaligned text with stray marks in order to submit a URL to the database, cool right this form of CAPTCHA continues to be quite popular along with audio CAPTCHA for the visually impaired that in a similar vein typically includes spoken letters that are somewhat garbled to defeat automated sound analysis, you'll see it employed in situations ranging from preventing BOTS from signing up for  social media accounts to cut down on spam to verification on ticket buying websites to ensure that BOTS working for ticket scalpers can't snatch up all the tickets to popular events.

You might even see CAPTCHAs more frequently if you're using a VPN service as many website administrators are aware that VPNs are a popular tool that scammers can use to conceal their identities so a request from a known VPN IP address is more likely to trigger a CAPTCHA prompt, but there's a bit more to it than simply presenting the scheming bot with a confusing image capture scripts also need to be written securely so that the correct answer isn't available to the bot through a backdoor for example some CAPTCHA scripts especially many freely available ones render the text on the user's computer instead of on the server and handle the answer in plain text meaning that a bot can be written to steal the answer without ever solving the puzzle but even if proper security is implemented bots are also getting a lot more sophisticated than they used to be and greater processing power has enabled them to use machine learning to get better at solving these kinds of CAPTCHAs everything from image recognition puzzles to trivia questions have been employed to stay one step ahead of the spam bot arms race.

But what about those prompts that I've been seeing these days that just say I'm not a robot and then I just check a box couldn't a robot do that how does that work well this is a pretty cool mechanism from Google called no CAPTCHA it actually tracks your mouse movements right before you check the box humans tend to move their mice in Wiggly imperfect ways when they want to point at something whereas this behavior is usually absent with a bot no CAPTCHA also looks at your IP address and Ricki activity to see if it's probably consistent with a human instead of a bot and this automation has made it much faster and less frustrating for the user increasing its popularity, it's generally regarded as reliable which is cool but it has privacy advocates concerned about how much information it's sending to Google and how exactly is it being used oh that Google but considering how many people see an opportunity to make a quick buck by deploying spam bots as the Internet's influence continues to grow it isn't likely we'll see the human verification arms race cool down anytime soon I just hope that it doesn't reach the point where we have to submit like a DNA sample and like a stool sample just to down vote somebody on reedit.

Alright, guys, that's the end of the blog, thanks for reading the whole way through if you enjoyed this blog please share it with someone who would be interested and leave a comment, Thanks for reading guys.

No comments:

Post a Comment