CAPTCHA pass is in Business Again
Article by William Jardain
We all know CAPTCHAs. We have all times succumbed to some of its more twisted and messy forms at least a dozen times. You know the drill, try to guess the text shown in the image box with the squiggly letters, type it in a text box, hit the submit button, realize you submitted the wrong text, redo everything until you get it right. Yeah, I bet you know what I’m talking about.
Nevertheless, we all have learned to live with this short and recurring e-torture given its apparent use.
CAPTCHA is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”. As it name implies the main function of a CAPTCHA is to distinguish Humans (us) and Computers (bots) Apart. All the squiggly letters, weird sizes, color meshes and overall lost of user time are made to prevent bots and/or automated scripts to post content were only real users are supposed to post.
So in the end, we deal with the pain of typing and retyping the CAPTCHA texts over and over again to avoid the even greater pain of having a web page overran by marketing accounts and unsolicited messages trying to sell products. So this way it would be hard for bots to bypass the initial account creation procedures and preventing the Black Hat Marketers from creating hundreds and even thousands of accounts. Now we can all use our blogs, social networks and other web 2.0 services in peace without being interrupted by unsolicited messages.
A short term victory that didn’t last very long…
It turns out that the Black Hat Marketers are sneaky and some of them have very advanced programming skills, so they started to create methods to bypass CAPTCHAs. So at first they began creating CAPTCHA OCR (Optical Character Recognition) systems and other CAPTCHA recognition methods to effectively become masters of CAPTCHA bypass. They took away the funny colors, put filters to take away unwanted lines and trained neural network applications to recognize the characters in spite of the funky fonts that were in use.
Again, a short term victory for the Black Hat Marketers…
The internet community back lashed with CAPTCHAs that were much more difficult to bypass. The effectiveness of CAPTCHA OCR went down to around 30% for the best automated CAPTCHA recognition systems. The web 2.0 sites were cheering; there was final victory against massive automated marketers. Toasts were made, babies kissed, the new CAPTCHAs were here to save us!
Not so fast…
Let’s go back to the beginning and reference a piece of text 300 words back: “CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart”. Wait, so in the end this test is only to tell Computers and Humans Apart, right?… Some crazy Black Marketing fella might have suggested “Hey, let’s just use Humans then. Now we can Bypass CAPTCHAs since we’re using humans and not computers”. I believed that anyone that heard this just laughed out really loud. Who in their right mind would spend long hours in front of a computer screen inserting the text they see in CAPTCHAs over and over again? Not only that. What would be the costs of having a person sitting down all day long inserting CAPTCHAs into a computer?
Answer with initial question: Folks from truly bad nations.
Answer with 2nd question: Really Lower.
So in the end, Black Hat Marketers are the big winners for now. Human-based CAPTCHA bypass services have been established for because low because $ 1.75 for 1000 solved CAPTCHAs (yes, not a scam) plus there is even a unique marketplace built for this activity. These Human-based CAPTCHA solving services hire a little military of “decoders” or “operators” which are happy with insert text for endless hours inside exchange of the tiny pay. All the net 2.0 websites have with create more filters plus employ additional methods with keep automated unsolicited messages away plus employ CAPTCHAs just with keep away the rookie marketers.
Currently, some new companies have invented some other ways to increase difficulty for Human-based systems to decode a CAPTCHA. We now have audio CAPTCHAs, video CAPTCHAs, puzzle CAPTCHAs, math CAPTCHAs, etc. But none of these CAPTCHA systems has grown in a wide scale or have been deployed to any of the main web 2.0 sites. Either way, I’m pretty sure that the Human-based CAPTCHA bypass services will find a way to get over these obstacles and keep the marketers in business.
In the end, site owners and marketers will always be playing the cat and mouse game. CAPTCHAs work partially, but as users we will always have to input them. And with the new increase of mobile traffic, we’re still to see a standardized multi-platform method from stopping unsolicited marketing messages in web 2.0 sites.
William Jardain is a security consultant for Caribbean and Central American Social Networking Sites. He has over 15 years of experience in SPAM prevention and designing systems against abusive users.