So, CAPTCHA Test. How do you know I’m Not a Robot?

25.05.20

CAPTCHA test

We’ve all had to do it – prove that we’re not a robot when browsing online. But what exactly is that pesky CAPTCHA test? Why is it necessary? And how does it work?

What is the CAPTCHA Test?

CAPTCHA is an acronym for…well… a bit of a mouthful really:

  • Completely
  • Automated
  • Public
  • Turing Test to Tell
  • Computers and
  • Humans
  • Apart

Yeah, we know that’s not strictly an acronym. You can take that up with the originators of the term — Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford.

CAPTCHAs are designed to prevent scammers and spammers from using bots to commit unwholesome acts online, such as:

  • Creating fake accounts
  • Spamming blog comments boxes
  • Purchasing multiple items (think ticket sales scams)
  • Hiding scammer identities via VPN services

What’s their history?

Although they have been around in various guises for decades, the first modern CAPTCHAs were created in the late 90s by the then-popular search engine, AltaVista. They needed to find a way to preventing bots from adding spam and malicious URLs to their link database. Their answer to the problem was to create an on-screen test that was relatively easy for a human to pass, but extremely difficult for bots.

At the time, computers could only read clean, easy to read text. So, AltaVista’s engineers forced users – human and bots – to read a distorted piece of text that was legible (supposedly) to the human eye. They looked something like this:

Captcha

The system was effective for a while, but hackers got more sophisticated. They began paying people to solve CAPTCHAs for them, and harnessed machine learning so that bots could crack codes themselves.  CAPTCHAs had to evolve. So, we saw the rise of image recognition tests, trivia questions and other puzzles in the battle to dupe this new generation of bots.

Malware CAPTCHAs

The birth of reCAPTCHA

You’ve probably noticed that there are fewer CAPTCHAs of the puzzle variety these days. Instead, you’re asked to check a box to confirm that you’re not a robot. This is Google’s No CAPTCHA reCAPTCHA. And you thought the name couldn’t get any sillier.

What’s going on here? If bots are getting smarter, surely then can tick a box, can’t they?

Well, yes. But they do it differently to humans. Google’s new test is mighty clever. The formula is top secret, but we know that it tracks the user’s mouse movements before clicking the checkbox. People tend to move the mouse in erratic patterns that bots can’t replicate. The test also assesses the user’s cookie activity and IP address to see if it’s consistent with human activity. Pretty nifty, right?

Google’s reCAPTCHA is user-friendly and effective, but it’s causing a bit of a privacy stir. Just how much data is the King of Net collecting about its users, and for what purposes? That’s a big debate for another day, but it’s probably safe to say that as Google’s bot-blocking tactics develop, so will its understanding of its human users.