https://dstny-se.igomoon.agency/app/uploads/captcha_recaptcha.jpg

I’m not a robot – how does CAPTCHA work?

Have you ever sat in front of the computer and been asked to prove that you are not a robot? The phenomenon can sound quite bizarre when you think about it, should I have to prove to a machine that I am not a machine? Many people probably recognize the name of this feature, CAPTCHA. But how does CAPTCHA work and why is it needed?

What is CAPTCHA?

CAPTCHA is a rather complicated abbreviation. It stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Maybe not the sexiest acronym in the world. CAPTCHA was invented in the late 90’s. At that time, the search engine Altavista was popular. Even then, it was common for people to program robots to spam various pages or leave bad URLs. To avoid this being collected in Altavista’s link database, they introduced CAPTCHA.

Optical character recognition

Altavista wanted to put a barrier in place to prevent robots from running amok and came to the conclusion that optical character recognition was the answer. An ordinary computer, at that time, could only recognize letters and numbers that were very clearly written. Ordinary characters, written by a computer. By distorting the characters, it was difficult for robots to decipher what was written. We humans, who are experts at finding patterns, could still easily read what letters and numbers we saw on the screen and in this way we could prove that we were real people.

Today, CAPTCHA helps stop robots from acquiring social media accounts, ordering lots of concert tickets to avoid spam messages.

Leetspeak

However, the idea of using technology to deceive or circumvent other technology was not entirely new when CAPTCHA was invented. Leetspeak, or 1337S34K as you can also write, is something that originated in the early 80’s. It was a method to make information less searchable by robots and to be able to circumvent things like filters for swear words and such. This is something that is still used today. €4$y f0r u$ t0 r€4d, h4rd f0r c0mpu7€r$.

Secure script

It is important that CAPTCHA scripts are written as securely as possible, so that a robot cannot hack them and find the character combination in other ways. There are many free version of the feature that renders the answer on the user’s screen, instead of on the server and handles the answer in plain text. This means that a robot can be programmed to retrieve the answer without even having to solve the problem.

But computer technology is advancing at a furious pace and therefore other solutions have been implemented such as image recognition and various puzzles to keep the robots in place.

reCAPTCHA

I’m not a robot. This is a box that you often get to click on in various contexts on the internet. A solution that at first glance looks very simple. So if computers are so smart today, how can they not manage to check the box for “I am not a robot”?

Well, this is a pretty cool feature that Google invented. What no CAPTCHA, or reCAPTCHA as it is often called, does is read the movement of the mouse clicker before clicking in the box. We humans tend to move the mouse pointer in a slightly shaky path, there are no straight perfect lines we create. A robot, on the other hand, tends to have much more precise movement patterns. The function also checks your IP address and your cookies to see if it matches but a person’s behavior.

In this way, it is both faster and easier for the user to prove that they are not a robot than to sit and decipher pixelated and curved letters.

Given that people still find profit in deploying robots for spam and more, it does not feel like we will get rid of the CAPTCHA alternatives in the near future. We can only hope that developers continue to try to stay one step ahead in order to create a secure internet use for us.