Imagine a scenario: it is late at night; you are browsing the web looking for an answer to “why are polar bears so cute” and you stumble upon a trustworthy site. You are sure of finding a significant part of the information there, so you quickly click on the link and wait.
And here it is.
In sheer horror you find yourself in a situation that makes you shiver even right now, just thinking about it.
No matter how hard you try, how much time you spend, how carefully you are trying to distinguish little buses from the road, you just cannot do it. Are you having a stroke? Are you too stupid to complete a seemingly simple test? What is going on?
The very ca(p)tchy acronym, CAPTCHA, stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. It was invented by researchers at Carnegie Mellon University of Pittsburgh, and because it is administered by a computer (as opposed to the standard Turing test - administered by a human) CAPTCHA is described as a reverse Turing test.
One cannot argue that these kinds of tests were much simpler back in the early 2000s and the reason behind it is the evolution of Artificial Intelligence. CAPTCHA can only be implemented temporarily – as AI keeps getting more advanced, the barriers must constantly improve to catch up with the changing technology.
What is even more frightening is the fact that those artificial intelligence systems seem to be able to outsmart us in the ‘verify that you are a human’ aspect. In a recent study done by Google* they took the most difficult variant of CAPTCHA and showed it to humans who were only able to solve it at 33% accuracy. Machines, however, did it 99.8% of the times. It is speculated that this is due to the fact that computers are not affected by annoyance or impatience.
A computer science professor at the University of Illinois at Chicago, Jason Polakis says:
We’re at a point where making it harder for software ends up making it too hard for many people. We need some alternative, but there’s not a concrete plan yet.
Polakis takes credit for the rising difficulty of CAPTCHA. In 2016, he published a paper in which he explains how he solved Google’s image CAPTCHAs with 70% accuracy using, inter alia, Google’s own reverse image search.
Why are the images blurry though?
While Google does not explain this phenomenon clearly, it is known that bots can read text, not images. Because of that, spammers use software that converts documents into text – CAPTCHA programs are trying to prevent bots from getting into the page and that is why there are visible colours, lines, and general blurriness on the words. Meriam Guerar, a researcher from Italy, at the University of Genoa comes with a statement that noisy and blurry images are harder to recognize for bots using state-of-the-art image recognition technologies.
The journey to find one and working type of CAPTCHA test, that would not be too hard nor too simple has been going on for a while now. Researchers have been trying to create a verification not based on text or image recognition but a facial expression, gender, and ethnicity, or even nursery rhymes (!). The research has been even touching on the ancient petroglyphs or identifying animals (not ordinary ones – imagine a cow with a hat and sunglasses on).
The whole consideration is based on finding an aspect that would differentiate us humans from machines. Certainly there must be something that we artificial intelligence cannot compete with. Right?
We make mistakes. We are imperfect. We get tired. We cannot do the same tasks the same way repeatedly for an extended period of time and that does not apply to machines. A bot does not understand what time is and cannot decide if an action is worth “wasting” it.
There is no definitive test for humanity – we can tell a person and a robot apart because of our sensory perception. CAPTCHA tests are implemented and automated by computers – cracking them means figuring out the algorithms and then it is just a matter of repeating the same pattern – which we know computers are much better at. Are we essentially trying to beat AI at their own game?
Google does provide a solution in this field because it is, in fact, deeply connected with CAPTCHA tests. They invented a free service called reCAPTCHA which stands behind “I’m not a robot” checkboxes. It takes into consideration user data and behaviour – so it is not always necessary to look for traffic lights or listen to an audio file. In 2018 Google introduced reCAPTCHA v3, the newest version of the test that helps to detect bots on websites without user interaction.
How does it work?
ReCAPTCHA does not require interactive testing and provides owners with a “risk flow” score. It analyses the interaction and predicts the probability that the request was generated by a robot. The owner of the website checks the score on their server and rejects the bot.
When asked about the difficulty of captcha, google answers “Don’t worry. Some captchas are hard. Just click the reload button next to the image to get another one.”
It is not always so bright though. Earlier this year, researcher Nikolai Tschacher used an old unCAPTCHA trick and had a 97% success rate. Tschacher explained the attack in the simplest manner: you take the Audio MP3 file of reCAPTCHA, and you send it to Google’s own speech-to-text API. Google will return the correct answer.
Nikolai added that the attack also works on the latest version of CAPTCHA, reCAPTCHA v3.
Because of Tschacher, we are aware that Google’s version is not perfect. So, what can we do? Is there a way to differentiate humans from robots?
Maybe we can use the human error to our advantage! When a robot interacts with a page, it does not use a mouse or moves the mouse very precisely, says Shuman Ghosemajumder, Canadian technologist, and entrepreneur. That is why observing the behaviour of user is crucial in reCAPTCHA.
What should you do if you are having an especially hard time with the “I am not a robot” verification?
Guerar also suggests logging into a Gmail account before buying tickets or making appointments and allowing cookies, because they work as invisible captchas while analysing your browsing history. If you want to quickly access a website after removing cookies and clearing the history, you should use a browser for some time before, in order for Google to know you are a human.
If CAPTCHA is making you frustrated to the point you keep repeating the test over and over again, try using the audio version, which is made for visually impaired. There is no shame in wanting to help yourself and surely you are not the only one. Maybe creators of Black Mirror should think about making a special episode concerning everyday problems connected with surfing the Web? ☺
Keep in mind that the Internet has changed drastically in 10 years’ time. There is, in fact, less spam now than then and it is easier for sites owners to keep their possession transparent and easy to read – which influences how much time you wait for (for example) a reply to your feedback. Even though CAPTCHA will probably not work while being under professional attack, you can be sure that your data is safe from casual hackers.
We are sure that after reading this text you will be able to take it easy on the CAPTCHA test. It is here to provide protection for users, to provide protection for you. Researchers are still working on developing a test that would satisfy everyone and, in the meantime, keep everyone safe from the bots’ attacks.
Artificial Intelligence is growing stronger and wiser every day. In the globalized and always-connected world we, people, allow non-humans to study us study our routine, how we talk, how we use the Internet, and how we connect. AI is the future, but so are we.
Oops! Something went wrong while submitting the form