How Does CAPTCHA Work?
Flipnode on Apr 13 2023
Finding someone who has never had to prove they're human to a computer is difficult. The process of solving unconventional puzzles involving fire hydrants may seem peculiar, but after reading this article, it won't appear as strange. Discovering how CAPTCHAs function and how solving them contributes to training Artificial Intelligence will illustrate their significance. Moreover, this article will explain the workings of reCAPTCHAs. Let's delve into it.Finding someone who has never had to prove they're human to a computer is difficult. The process of solving unconventional puzzles involving fire hydrants may seem peculiar, but after reading this article, it won't appear as strange. Discovering how CAPTCHAs function and how solving them contributes to training Artificial Intelligence will illustrate their significance. Moreover, this article will explain the workings of reCAPTCHAs. Let's delve into it.
What does CAPTCHA mean?
The term CAPTCHA stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart, and it's sometimes referred to as Human Interaction Proof (HIP). The purpose of the CAPTCHA test is to distinguish humans from bots . To achieve this, a traditional CAPTCHA presents distorted letters and/or numbers for users to identify, which may be easy for a human but difficult for a robot.
Alan Turing, who is widely regarded as the father of modern computing, developed the Turing Test in 1950. The test aimed to determine whether machines could think or imitate human thought processes. The test involves an interrogator posing questions to two participants, one human and one machine, without knowing which is which. The interrogator must guess based solely on their responses. If the interrogator fails to identify the machine, it passes the test.
The traditional CAPTCHA test is based on the Turing test, as the name suggests.
How do CAPTCHAs work?
The primary objective of CAPTCHAs is to distinguish between humans and bots. To accomplish this, various images are presented to different users, and the database of CAPTCHAs is extensive to provide as many unique variations as possible. If the solution was always the same or hidden in the image's metadata, computers could quickly solve the CAPTCHA.
Although CAPTCHAs are designed to be solvable only by humans, not everyone can succeed on their first attempt. Researchers suggest that humans can solve about 80% of CAPTCHAs, while machines have a success rate of only 0.01%.
Vision is the primary sense that traditional CAPTCHA tests rely on because computers are not as proficient as humans in processing visual data. Most people can detect patterns quickly or make connections between different objects. When our brains attempt to associate information with patterns, we can see familiar shapes in clouds; this ability is called pareidolia.
For individuals with visual impairments, CAPTCHAs are available in audio format, typically with some background noise to prevent bots from solving the tests.
Why are CAPTCHAs used?
To safeguard web pages from malicious activities, CAPTCHAs are widely used by websites. However, sometimes CAPTCHAs can hinder the collection of public data for research or business purposes. Here are a few examples of how CAPTCHAs are utilized:
- Without CAPTCHAs, a free email platform could be used to send spam advertisements from various email addresses. CAPTCHAs help detect bots and prevent them from causing harm.
- Ticket sellers often employ CAPTCHAs to stop resellers from using bots to buy tickets seconds after release and then selling them at a higher price.
- To prevent DDoS (Distributed Denial-of-Service) attacks, which aim to disrupt services by overwhelming a target with requests, websites employ CAPTCHAs.
- However, CAPTCHAs can also slow down work. For instance, researchers who need to access large amounts of public information, download documents, and collect data may find CAPTCHAs interfering with their work and becoming a burden.
Types of CAPTCHAs
There are three categories of CAPTCHAs based on their content: text-based, picture-based, and sound-based.
Text-based CAPTCHAs typically include a combination of letters, numbers, and words presented in a distorted and difficult-to-read manner. They may also include textured backgrounds to increase the difficulty of the task for non-humans. Different approaches to creating text-based CAPTCHAs include:
- Gimpy (a group of distorted words)
- EZ-Gimpy (a single distorted word)
- Gimpy-r (a collection of distorted letters)
- Simard's HIP (a collection of distorted letters and numbers overlaid with abstract figures).
Image-based CAPTCHAs typically consist of a set of photos of common objects presented in a grid, with users required to select the images that match a certain request. Google's Street View is an example of this type of CAPTCHA, which asks users to identify crosswalks or specific types of vehicles. Image-based CAPTCHAs are more difficult for bots to solve than text-based CAPTCHAs due to the need for complex image recognition algorithms.
Audio-based CAPTCHAs are often used in conjunction with text and image-based CAPTCHAs. They involve a voice recording spelling out featured symbols accompanied by background noise, such as static. Bots have difficulty distinguishing the featured symbols from the background clutter, making audio CAPTCHAs effective in stopping bots.
What is reCAPTCHA?
Google offers a web protection solution called ReCAPTCHA, which serves the same purpose as a typical CAPTCHA. Numerous websites use this service for free. Users may have come across reCAPTCHAs that only require them to check a box instead of solving a puzzle. These types of reCAPTCHAs are referred to as "noCAPTCHA reCAPTCHA". If the system remains uncertain after the user has checked the box, they will be prompted to confirm their human identity.
How do reCAPTCHAs work?
The initial reCAPTCHAs were designed by converting books into digital form, utilizing street name images, and extracting text snippets from newspapers, which users would then be asked to decipher. While humans can easily read text on images, it is a challenging task for bots.
As technology advances, so do reCAPTCHAs. Newer versions include image recognition, checkboxes, and user behavior analysis that doesn't require any input from the user.
Different types of reCAPTCHA
Image recognition
reCAPTCHAs that use image recognition present the user with a grid of nine or sixteen square images, which may or may not be related. The user's task is to identify which images contain a particular object or feature, such as street signs, fire hydrants, or clouds. To determine whether the answer is correct, the system compares it to the answers provided by the majority of other users who have taken the same test.
Single checkbox
How do checkbox CAPTCHAs function? The checkbox that says "I'm not a robot" is not the real challenge. Instead, the true test is the user's behavior leading up to the checkbox.
During the test, the system analyzes mouse movements as they approach the checkbox. Humans are less predictable than bots, and even a straightforward mouse movement performed by a person is not entirely linear. Bots are unable to replicate the same movement pattern. Additionally, reCAPTCHAs may review HTTP cookies stored in the browser on the device. As previously mentioned, the system may present users with an extra challenge if it cannot determine whether they are a human or a bot.
No interaction
The latest version of reCAPTCHA can detect whether the user is human without requiring any puzzles or checkboxes. This is achieved by analyzing the user's behavior and their history of website interaction. Typically, the system can determine if the user is a bot based on these factors alone. However, if the system is uncertain, the user may still be presented with one of the reCAPTCHA tests mentioned earlier.The latest version of reCAPTCHA can detect whether the user is human without requiring any puzzles or checkboxes. This is achieved by analyzing the user's behavior and their history of website interaction. Typically, the system can determine if the user is a bot based on these factors alone. However, if the system is uncertain, the user may still be presented with one of the reCAPTCHA tests mentioned earlier.
reCAPTCHA v2 vs v3
ReCAPTCHA v3 is not simply a newer version of v2, as the two solutions serve different purposes. With v2, users typically only need to check a box that says "I am not a robot," and sometimes complete an additional test to confirm their authenticity. On the other hand, v3 operates in the background using machine learning and advanced risk analysis to provide webmasters with a score based on user behavior. This score helps determine whether the user is a human or a bot, and the webmaster can decide whether to block, test further, or allow passage.
Although both v2 and v3 can prevent a significant amount of bot traffic, they are not foolproof solutions and may be bypassed by advanced bots and CAPTCHA farms. Additionally, relying solely on reCAPTCHAs can lead to a diminished user experience, increased bounce rates, and decreased revenue.
The choice between v2 and v3 depends on the situation. v2 is more suitable for smaller sites looking to limit bot traffic, while v3 is better for larger sites with heavier traffic and dedicated personnel to maintain it. Adding v2 to a website only requires two lines of HTML code.
What triggers CAPTCHAs and reCAPTCHAs?
When the system detects suspicious activity that may be indicative of a bot, a CAPTCHA is displayed. This can happen when there are too many requests being sent to the same target, among other reasons.
ReCAPTCHAs appear to be even more advanced. Although the exact criteria for triggering a reCAPTCHA is not fully known, there are some potential factors that could be involved, such as:
- monitoring mouse movements
- tracking cookies
- browsing history.
CAPTCHAs and Artificial Intelligence
CAPTCHAs and reCAPTCHAs provide valuable examples of Artificial Intelligence (AI) training. As previously mentioned, when a system presents a task like selecting every image of a kitten, it determines the correctness of the response by comparing it to the answers submitted by other users. This information is also used to improve AI and assist computers in recognizing images more effectively.
Computers face significant challenges in image recognition. For example, unlike human eyes, machines struggle to make the same connections when images are captured from varying angles. However, thanks to the most recent technologies, computers are becoming increasingly sophisticated, and machine learning is helping to make machines more intelligent with each passing day.
Can CAPTCHA be bypassed?
Improving CAPTCHAs involves identifying their weak points, and bypassing them is one way to achieve this goal. When a bot successfully passes a CAPTCHA, it provides valuable information for creating more robust tests. However, bypassing CAPTCHAs is a difficult task.
Web scraping often encounters obstacles such as getting blocked or encountering CAPTCHAs. These obstacles can disrupt the collection of large-scale public data. Nevertheless, some companies have already found ways to bypass CAPTCHAs.
Conclusion
CAPTCHAs are designed to protect websites from spam and abuse by distinguishing between human users and bots. The concept behind CAPTCHAs is based on the Turing Test, and the goal is to present a test that only humans should be able to solve.
Google provides a CAPTCHA service called reCAPTCHAs, which offers different types of tests. Some of these tests do not require any human interaction, and the triggers for these tests are not entirely clear. However, factors such as cookie tracking, browser history, and real-time website interactions may contribute to triggering a reCAPTCHA.
Bypassing CAPTCHAs is difficult for computers, as their purpose is to be unsolvable for bots. Despite this, some solutions, such as the Web Scraper API, allow web scraping without the need for CAPTCHAs or IP bans.