How does CAPTCHA work?

To continue reading this blog click on the image that represents us. Just kidding! We welcome our entire viewer organic or robotic here at Kaknut. But back on topic odds are you probably seeing little tests like that, scattered around the internet when you are trying to post a comment, create an account or buy something. They are called “CAPTCHA” which stands for COMPLETELY AUTOMATED PUBLIC TURING TEST TO TELL COMPUTERS AND HUMAN APART. Proving once again that the computer science community continues to struggle with concept of acronyms. The irony of using computing technique to trick other computers isn’t really new. “LEETSPEAK” which goes all the way back to 1980s originated as a method of preventing content from being searchable and to work around obstacles like profanity filers, a use that is still common to this day.


Modern CAPTCHA didn’t come around until 1990s when the then popular search engine Alta Vista was trying to find a way to prevent bots or automated computer programs from adding tons of spam and malicious URLs to their link database. They wanted to put some kind of barrier in place and approach the problem by thinking that both humans and computers were good at. Namely optical character recognition (we will soon update a blog about this). Then introducing elements that made the task much more difficult for computers while keeping it fairly easy for humans, since computers of that day could only recognize clear easy to read text. Alta Vista’s engineer forced the user or the bots as it were to read a puzzle with distorted misaligned with stray marks in order to submit an URL to the database. Cool, right?

This form of CAPTCHA continues to be quite popular along with audio CAPTCHA for the visually impaired that in a similar way typically includes spoken letters that are somewhat garbled to defeat automated sound analysis. You will see it employed in situations, ranging from preventing bots from signing up some social media account to cut down on spam’s to verification on ticket buying websites. You might even see more CAPTCHA if you are using VPN service as many website administrators are aware that VPN is a popular tools that scammers can use to conceal their identity. There is a bit more to it that simply presenting the scheming bots with a confusing image. CAPTCHA scripts are also needed to be written securely so that the correct answer isn’t available to the bot through a backdoor. For example some CAPTCHA scripts especially many freely available one renders the text on the user’s computer instead of on the server and handles the answer in plain text. Meaning that a bot can be written in a way to seal the answer without ever solving the puzzle. But even if proper security is implemented, bots are also getting lot more sophisticated than they used to be and greater processing power has enabled them to use machine learning to get better at solving these kinds of CAPTCHA. So from image recognition puzzle to trivia questions have been employed to stay one step ahead of spam bots armed race.


What about those prompts I’ve been seeing these days that just say, “I’m not a robot” and I just check a box. Couldn’t a robot do that? How does that work?

This is a pretty cool mechanism from Google called “No CAPTCHA”. It actually tracks your mouse movements’ right before you check that box. Human tends to move their mouse in wiggly imperfect ways when they want to point at something, whereas this behavior is usually absent with a bot. “No CAPTCHA” also looks at your IP address and cookie activity to see if probably it’s consistent with a human instead of a bot and this automation has made it much faster and less frustrating to the user, i.e. increasing its popularity. It is generally regarded as reliable, which is cool. But considering how many people see an opportunity to make a quick bug by deploying spam bots as the internet influence continues to grow. It isn’t likely we’ll see human verification armed race cooled down any time soon. I just hope it doesn’t reach the point where we have to submit like a DNA sample just to download something.


2 Responses

Comments are closed.

Back to Top