The End of CAPTCHA?
Aside: It’s good to be back at the wheel after a short interlude — having gained a baby daughter but minus a little surplus sleep ;)
Most of us have used a ‘CAPTCHA’ at some point, even if we didn’t know that’s what it was called. According to WikiPedia, ‘CAPTCHA‘ is the acronym for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’ — ok, they’ve flouted the ‘rules of acronym’, but you have to admit it’s probably more catchy than the more technically-correct ‘CAPTTTTCAHA’ .
CAPTCHAs are used to filter ‘flesh and blood’ users from the various bots, crawlers and spiders designed to exploit web-based feedback channels. They’re particularly common in areas like email and comment spam filtering systems.
The idea is to set the sort of test that a human will pass easily, but bots will struggle with. Although there are alternatives, if you’re a web developer looking to implement a site with an unmoderated comments, ‘CAPTCHA’ are usually your first option — but for how much longer?
The reason I’m thinking about ‘CAPTCHA’ this morning is that last Friday I sent the Design View, which always means I spend the following morning responding to comments, questions and most commonly antispam verification systems. While some are still mindlessly easy — hit reply — others are getting so difficult that I find myself taking three or four attempts to pass.
UOL.com.br’s ‘challenge/response’ system seems to be the worst offender I’ve seen. Here are some examples of the ‘simple tests’ I failed.
You aren’t even afforded the chance to learn from your wrong answers. Often your mistake is simply choosing an uppercase letter over it’s lower case equivalent, but it’s ‘back to the drawing board’, with a new test set each time you get it wrong.
I would imagine that if I’m having to work hard to make the system work, many others would lose confidence much more quickly — in fact, I’d tip that both my parents would assume they were doing something wrong after the second rejected attempt.
So, is it just a matter of simplifying the tests?
Possibly, but unfortunately the bots are fighting back. According to CAPTCHA.com, researchers at the University of California at Berkeley have developed AI software capable of 83% accuracy with Yahoo’s CAPTCHA system. This will only improve.
When you throw in the accessibility drawbacks (vision impaired users have enough trouble reading normal type), the CAPTCHA method looks to be in a spot of trouble.