Skip navigation

The CAPTCHA Gotcha

Paging through TIME Magazine recently, I came across an illuminating story about the CAPTCHA—that weird, wavy collection of letters that you’re asked to type into a security box to gain access to certain web content. The article, “Computer Literacy Tests” by Lev Grossman, talked about the history of the CAPTCHA (which stands, rather inelegantly, for “completely automated public Turing test to tell computers and humans apart”) and the way this fascinating security device has become, according to Grossman, “one of those rare moments when the invisible war between spammers and programmers becomes visible to you, the prey.”

Surely you’ve encountered the CAPTCHA. There’s probably one at the bottom of this page, asking you to transcribe the drunken letters so that you can leave a comment. I nearly always read one of the letters wrong the first time, requiring the system to generate a new CAPTCHA and asking me to try again. The device has become rather ubiquitous. But what a fascinating way to prove to a computer that you’re a human being! I just never really stopped to think about it.

One of the more interesting aspects of Grossman’s story is the amazing efforts on the part of some spammers to defeat or bypass the CAPTCHA. The brute-force method might seem out of the question, but you can bet it’s being tried. Some spammers are hiring massive teams of people “to read and type CAPTCHAs, all day, by hand, by the thousands.” And presumably, the spammers still maintain a profit margin!

Grossman goes on: “You can also get around CAPTCHAS by being clever. They work only because there are things computers can't do, and there are fewer and fewer of those things all the time. Headlines on tech blogs regularly announce the cracking of CAPTCHAS--Gmail's, Hotmail's, Yahoo!'s.” He says it is possible to hack an amateur, poorly conceived CAPTCHA. For example, consider a CAPTCHA in which a certain letter always contains the same number of pixels. The malware needs only count the pixels to determine the letter.

Are we getting to the point at which distinguishing between computer and human is nearly impossible? Grossman imagines a future technology that asks users to identify animals or listen to sound files (or even taste wine). But it would be only a matter of time before those methods, one by one, would be defeated.

And Skynet would be born (obligatory Terminator reference)

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.