Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Why CAPTCHA?

We’ve all seen them, and to one degree or another, been frustrated by them: those distorted characters we’re supposed to be able to recognize, read, and type into a corresponding field on a web page.

That’s a CAPTCHA, which is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s even trademarked by Carnegie Mellon University.

As frustrating as they sometimes are, they exist for a very important reason.

Become a Patron of Ask Leo! and go ad-free!

It all comes back to spam

As with so many things these days, it’s all about spam and spammers.

There are several scenarios for which CAPTCHAs stem the tide of spam.

Without CAPTCHA, it’s easy to use a computer program to open thousands1 of free email accounts, and start sending spam from them. Sure, the accounts would eventually be blocked, but the program just keeps on creating thousands more.

Without CAPTCHA, it’s easy to use a computer program to leave thousands of spammy comments on Ask Leo! and other blogs and websites. It’s easy to overwhelm just about any web site that has an input form that even looks like it might be a comment-submission form.

Spammers have incurred untold millions of dollars of additional cost and burden on website owners and internet users.

CAPTCHAs are one way to keep that from growing out of control.

Computers trying to act like humans…

One of the oldest challenges in computer science is to build a computer (or software) that mimics “thinking” like a human and does it so well you can’t tell the difference. Asked a series of questions, you wouldn’t be able to tell whether the responses came from a real human or a computer.

That’s referred to as a “Turing test”, named after the computer scientist Alan Turing.

A CAPTCHA is a kind of Turing test. It’s a test to prove you’re human.

Why CAPTCHAs work

Distorted Words CAPTCHA

If you look at the two scenarios I outlined, each began with the phrase, “it’s easy to use a computer program”. Basically, CAPTCHAs prevent those computer programs from working.

For example, the traditional distorted letter type of CAPTCHA is indecipherable to contemporary computers and software. If the process of creating a new email account or submitting a comment requires you to prove you’re human by filling out a CAPTCHA, then the programs spammers love to use are stopped cold.

They can’t figure it out.

You and I, however, can (usually) make out what those letters are, and type them in correctly. We must not be computers. We’ve proven we’re human.

The drawback to CAPTCHA

CAPTCHAs have one huge drawback: they assume you can see.

Blind computer users – of which there are many – cannot complete visually-oriented CAPTCHA.

As a result, there are alternatives. Some use images (“click on all the pictures with a tree”), or even simple math expressed as a sentence (“what do you get when you add two and seven?”). The goal is the same; answering these types of tests is surprisingly difficult to automate, so a correct result is reasonably possible only if you’re human.

As another alternative, many text-based CAPTCHAs play an audio that sight-impaired visitors can listen to and then type in.

Of late, an even simpler CAPTCHA has become very popular: the “click here” CAPTCHA.

recaptcha1

As simple as this seems, it’s apparently fairly effective. The “trick” is that you can’t click the checkbox right away. It’s actually replaced by a spinning disk until it’s ready for your input. Current automated spam bots aren’t capable of something as simple as detecting that a delay is required.

I'm No Robot

Why Ask Leo! has no CAPTCHA (today)

So, I take comments, but I currently don’t use CAPTCHA. How’s that possible?

I throw money at the problem so as not to inconvenience you.

WordPress-based sites have a service called Akismet available, which acts as a real-time spam filter. Every time someone posts a comment on an Ask Leo! article, that comment, and information about where it came from, is passed through Akismet for analysis. If Akismet says it’s spam, it doesn’t get posted, and you never see it.

I get a lot of spam, so I pay for Akismet’s premium service. As I write this, there are over 44,000 comments on Ask Leo! articles on this site. One hundred times as many spam comments have been blocked.

Akismet Count

Because spammers aggressively and constantly change their approach, I’m not ruling out requiring CAPTCHA sometime in the future. But for now, things seem to be working well.

The future

CAPTCHA’s future will be interesting. There’s no doubt that image-processing software, and computers themselves, will become more powerful. Eventually, technology will be able to automatically decipher today’s CAPTCHA images and techniques. Look for new approaches – hopefully still easy for humans to use – to prevent spammers from further automating their efforts in the future.

But the bottom line? Don’t blame a web site for using CAPTCHA. It’s a corner they’ve been forced into.

Blame the spammers.

Play

Footnotes & references

1: And by “thousands”, I also mean hundreds of thousands, if not millions.

23 comments on “Why CAPTCHA?”

  1. I saw an interesting Captcha the other day. Instead of a picture it had an easy to answer question. Something like “Which is not a tree? with six possible answers. The wrong answer was “2×4”. Since it was text it could easily be used by a screen reader. It would be interesting to know how easy it would be to beat.

  2. I didn’t know that these things had a specific name. I suppose “captcha” sounds better than “gotcha”. 🙂

    I encounted one the other day (I think it was eBay’s “contact the seller” link) which included a “hear the code” link next to the picture. I guess they’re getting enough flak from people who can’t see the pictures to enter the code.

  3. Thanks for posting this. I realized I forgot to activate the Akismet plugin on the church’s website. We’ve been getting a lot of spam comments and my frustration was very high. Hopefully this should do the trick.

    • AN email client is simply a program for sending and receiving emails. If a CAPTCHA was built into it, spammers could use a program without CAPTCHA. Spammers have their own bulk email sending programs.

  4. I’m not certain about CAPTCHA, but there is a variant called reCAPTCHA that has a side benefit. There are thousands of books and documents that cannot be accurately converted to digital via OCR. In the case where a word or phrase is unrecognized, it is used as part of a reCAPTCHA item. When enough people have been presented with that item, the majority “opinion” is generally the correctly identified word or phrase.

      • I saw a reCAPTCHA a few weeks ago, but they are rare. One kind of CAPTCHA that I liked a lot is the “What does 1 times fifteen equal.” kind. Apparently, those must be bot accessible or they would probably be more common. I could handle a simple word problem like “If a car goes 30 MPH and goes 10 miles, how long did the car drive.” Maybe if they let you chose a word problem instead of illegible letters or find the road signs in a fuzzy picture, it would make is easier for some.

  5. It sure would help if the captcha creators would indicate if the response is case sensitive. Same problem with password creation. Rarely are the rules for a password presented before the first attempt. Both are unfriendly.

    • I used to design and program financial systems. I found that a major deficit with software designers is that they understand the technical details to get the job done, but many don’t empathize with the average to technically challenged users (actually maybe the average user is technically challenged 🙂 ). That part is an art, not a science. Now I teach in an engineering school, and the vast majority relate much better with machines than with humans. There should be classes on interfacing with humans. Maybe I should suggest that where I teach.

    • No kidding – and sometimes, they *never* give you their password requirements – you just have to trial-and-error it until you figure it out. I actually had one website accept my password, but then I couldn’t log in. I finally ended up calling their customer service – turns out, my password was too long – it accepted my original input for the password, but wouldn’t accept the whole length when I tried to log in!

  6. Thank you for this article on “Captcha,It has been a mystery word to me. Having just read your article it makes a lot more sense and made me aware of the importance of blocking spam.

  7. I hope you won’t ever feel compelled to use the current CAPTCHA that’s going around. The one that after you check I’m Not A Robot then shows you a page full of mostly fuzzy photographs. You’re required to pick the ones that show trees, or storefronts, etc… I’m failing 80% of those, to the point of giving up, and on the ones I successfully pass it’s only after 10 minutes of repeated tries. This CAPTCHA is becoming ubiquitous and the catch-22 is that you can never contact the website to complain about it because you have to sign in first (and pass the CAPTCHA).

    • Yeah, CAPTCHAs can be especially problematic for people with visual disabilities – but they can be problematic for people without visual disabilities too. I find the CAPTCHAs that use strings of random, squiggly numbers and letters to be particularly difficult, and I have perfect eyesight.

  8. The pictcha captcha (sorry) is certainly more accessible than the squiggly letters, especially, as someone aid, when they don’t tell you in advance whether they are case-sensitive. There are cultural issues, though. Is a laundromat a shop? Is a château a house? It doesn’t bother me, but I can see that people from other cultures might have problems. Perhaps it’s all designed to make us aware of the world beyond our borders, in which case, I’m all for it. Thank you for your informative and entertaining blog, Leo.

    Peter

  9. I/m having a hard time getting a password 2 go through. My user name goes through fine. I just need 2 b able 2 get a password 4 my Yahoo and face book accounts. What suggestions do u have/

  10. I need a answer soon. I have tried everything that has been suggested. But 2 no avail. All because I don’t have a password 2 use.

  11. It seems like CAPTCHAS have become much more tamed lately. They still use the – identify which fuzzy drawing contains a certain object. It still usually takes me 2 or 3 attempts, but once successful it appears they set a cookie which they check when you click the “I am not a robot” box instead of making you pass the CAPTCHA test each time.

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.