We’ve all seen them, and to one degree or another, been frustrated by them: those distorted characters we’re supposed to be able to recognize, read, and type into a corresponding field on a web page.
That’s a CAPTCHA, which is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s even trademarked by Carnegie Mellon University.
As frustrating as they sometimes are, they exist for a very important reason.
It all comes back to spam
As with so many things these days, it’s all about spam and spammers.
There are several scenarios for which CAPTCHAs stem the tide of spam.
Without CAPTCHA, it’s easy to use a computer program to open thousands1 of free email accounts, and start sending spam from them. Sure, the accounts would eventually be blocked, but the program just keeps on creating thousands more.
Without CAPTCHA, it’s easy to use a computer program to leave thousands of spammy comments on Ask Leo! and other blogs and websites. It’s easy to overwhelm just about any web site that has an input form that even looks like it might be a comment-submission form.
Spammers have incurred untold millions of dollars of additional cost and burden on website owners and internet users.
CAPTCHAs are one way to keep that from growing out of control.
Computers trying to act like humans…
One of the oldest challenges in computer science is to build a computer (or software) that mimics “thinking” like a human and does it so well you can’t tell the difference. Asked a series of questions, you wouldn’t be able to tell whether the responses came from a real human or a computer.
That’s referred to as a “Turing test”, named after the computer scientist Alan Turing.
A CAPTCHA is a kind of Turing test. It’s a test to prove you’re human.
Why CAPTCHAs work
If you look at the two scenarios I outlined, each began with the phrase, “it’s easy to use a computer program”. Basically, CAPTCHAs prevent those computer programs from working.
For example, the traditional distorted letter type of CAPTCHA is indecipherable to contemporary computers and software. If the process of creating a new email account or submitting a comment requires you to prove you’re human by filling out a CAPTCHA, then the programs spammers love to use are stopped cold.
They can’t figure it out.
You and I, however, can (usually) make out what those letters are, and type them in correctly. We must not be computers. We’ve proven we’re human.
The drawback to CAPTCHA
CAPTCHAs have one huge drawback: they assume you can see.
Blind computer users – of which there are many – cannot complete visually-oriented CAPTCHA.
As a result, there are alternatives. Some use images (“click on all the pictures with a tree”), or even simple math expressed as a sentence (“what do you get when you add two and seven?”). The goal is the same; answering these types of tests is surprisingly difficult to automate, so a correct result is reasonably possible only if you’re human.
As another alternative, many text-based CAPTCHAs play an audio that sight-impaired visitors can listen to and then type in.
Of late, an even simpler CAPTCHA has become very popular: the “click here” CAPTCHA.
As simple as this seems, it’s apparently fairly effective. The “trick” is that you can’t click the checkbox right away. It’s actually replaced by a spinning disk until it’s ready for your input. Current automated spam bots aren’t capable of something as simple as detecting that a delay is required.
Why Ask Leo! has no CAPTCHA (today)
So, I take comments, but I currently don’t use CAPTCHA. How’s that possible?
I throw money at the problem so as not to inconvenience you.
WordPress-based sites have a service called Akismet available, which acts as a real-time spam filter. Every time someone posts a comment on an Ask Leo! article, that comment, and information about where it came from, is passed through Akismet for analysis. If Akismet says it’s spam, it doesn’t get posted, and you never see it.
I get a lot of spam, so I pay for Akismet’s premium service. As I write this, there are over 44,000 comments on Ask Leo! articles on this site. One hundred times as many spam comments have been blocked.
Because spammers aggressively and constantly change their approach, I’m not ruling out requiring CAPTCHA sometime in the future. But for now, things seem to be working well.
CAPTCHA’s future will be interesting. There’s no doubt that image-processing software, and computers themselves, will become more powerful. Eventually, technology will be able to automatically decipher today’s CAPTCHA images and techniques. Look for new approaches – hopefully still easy for humans to use – to prevent spammers from further automating their efforts in the future.
But the bottom line? Don’t blame a web site for using CAPTCHA. It’s a corner they’ve been forced into.
Blame the spammers.