Bits on Captchas
Apr. 22nd, 2008 12:27 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jackofallgeeksSo a CAPTCHA is a mechanism used to tell a real person from a scripted bot
on the Internet; I'm sure most people these days have seen the distorted
images or obscured words that banks and email providers ask you to identify
when you mistype your password. The idea was that at one point computers
couldn't "see" the screen as well as humans, and since the words were images
rather than text, bots couldn't read it. Eventually bots learned to read,
so they distorted the images. Bots have figured that one out, too, and
broken into Gmail (which was thought to have pretty strong protection).
Now, It
Seems, some are trying a new tactic which is both absurd and, I think,
futile. I'll save you clicking through the link: it seems RapidShare (a
download site) is presenting users with letters and animals, and
asking you to type the letters that are on top of a certain pet. I guess
the idea is that computers can tell what the letters are but... can't
determine what animal's behind them? That's why I think it's futile: at
best you're just delaying the inevitable because the bots WILL over come
this. Visual tricks aren't working and this is a visual trick.
The whole idea of a Captcha
comes from the Turing
Test -- a test proposed by Alan Turing to demonstrate the
capabilities of an artificially intellgent computer. All the test says is
that an AI passes the test if it can can convince a human operator that
they're talking to another human, not a
machine. Captchas are supposed to be tests that are impossible for bots
to pass but trivial for humans (so we aren't utterly frustrated everytime we
have to prove to a website that we're human). They're failing this
objective.
The really amusing thing, I think, is that Captchas are really, really
distorted Turing tests. It's not a machine proving to a human that it's a
human, it's a machine proving to another machine that it's a human.
The odds seem so stacked against Captchas that I imagine the only
reason they're still around is due dilligence -- we have to do
something to protect against bots, and this is as good as we have.
on the Internet; I'm sure most people these days have seen the distorted
images or obscured words that banks and email providers ask you to identify
when you mistype your password. The idea was that at one point computers
couldn't "see" the screen as well as humans, and since the words were images
rather than text, bots couldn't read it. Eventually bots learned to read,
so they distorted the images. Bots have figured that one out, too, and
broken into Gmail (which was thought to have pretty strong protection).
Now, It
Seems, some are trying a new tactic which is both absurd and, I think,
futile. I'll save you clicking through the link: it seems RapidShare (a
download site) is presenting users with letters and animals, and
asking you to type the letters that are on top of a certain pet. I guess
the idea is that computers can tell what the letters are but... can't
determine what animal's behind them? That's why I think it's futile: at
best you're just delaying the inevitable because the bots WILL over come
this. Visual tricks aren't working and this is a visual trick.
The whole idea of a Captcha
comes from the Turing
Test -- a test proposed by Alan Turing to demonstrate the
capabilities of an artificially intellgent computer. All the test says is
that an AI passes the test if it can can convince a human operator that
they're talking to another human, not a
machine. Captchas are supposed to be tests that are impossible for bots
to pass but trivial for humans (so we aren't utterly frustrated everytime we
have to prove to a website that we're human). They're failing this
objective.
The really amusing thing, I think, is that Captchas are really, really
distorted Turing tests. It's not a machine proving to a human that it's a
human, it's a machine proving to another machine that it's a human.
The odds seem so stacked against Captchas that I imagine the only
reason they're still around is due dilligence -- we have to do
something to protect against bots, and this is as good as we have.
