CAPTCHAs (Completely Automated Public Turing Tests to Tell Computers and Humans Apart) need no introduction. All of us who have used the internet, have come across some or the other CAPTCHA while creating a new account, filling online forms or downloading software.
The main aim of CAPTCHAs is to prevent spam, so when a CAPTCHA is developed, it is with the assumption that general users won’t be affected by it.
One common example is a text based CAPTCHA that typically is made up of somewhat distorted alphanumeric characters, which machines can’t comprehend but humans can, as they have the ability to visually recognize patterns.
While using CAPTCHA, I am sure, you must have wondered at some point or another, whether it really does control SPAM? Taking a closer look at CAPTCHA and its various facets might give us an idea.
Why is Spam such a major issue in the first place?
In order to control spam, there is a need to understand what it actually is. Spam is human generated or machine generated bulk messages that are distributed online, with a purpose that is normally not in favor of the site owner or users. For example, spam can be used to manipulate online content, post unethical links on sites, access confidential information or spread malicious code.
Let’s take a look at this example to put SPAM in perspective. Say there is a website, that has scores of visitors per day. Such website is a haven for potential spammers. They might target the websites and post unethical links in order to boost their own search engine rankings. This reduces the credibility of the popular site, and it loses out on its visitors causing a huge loss.
Another common example can be that of some newly founded social media site. Naturally, it will have a huge database of user information. Hence, spammers can try and access the users’ information from the site and use them for their purposes.
Their greed for accessing information is never-ending; this is why protection against SPAM is of paramount importance.
This is where CAPTCHA enters the scene.
CAPTCHA and the human mind
The basic idea of having a CAPTCHA in the first place is that it helps distinguish between man and machine because more often than not, spam is generated automatically by machine bots. Moreover, we must not forget that computers and all the machines for that matter are products whose concepts were generated by the human mind itself. So naturally, man is logically and conceptually more adept than the machines.
Therefore, website developers came up with different CAPTCHAs which are accessible to human users but restrict machines in order to curb spam. Some of these CAPTCHAs are – text recognition, logic questions, image recognition, friend recognition and user interaction, and each of them have their own set of advantages and limitations.
CAPTCHA As a Part of Website Design
Modern websites are dynamic in nature which leaves them open to spam. If you talk about website design in particular, there are forms, comment boxes, and other design elements on a web page which are vulnerable to spammers. This is the reason why, despite their aversion to CAPTCHAs (they think CAPTCHA takes away the visual appeal of web pages and affects the consistency of the layout), designers have no choice but to integrate CAPTCHAs willingly/unwillingly on their sites.
But things are changing; there are a number of CAPTCHA options available nowadays that allow designers to integrate CAPTCHA in their existing design without affecting the design aesthetics.
Types of CAPTCHAs and their pros and cons
Most of us are familiar with Text Recognition. In this type of CAPTCHA, users view alphanumeric text on the screen, which often appears to be illegible, and users can only make sense of the text with some effort. While humans can interpret the alphabets and numbers with the ability to recognize patterns, machines fail to do so.
The advantage of text recognition is that it offers tremendous usability and accessibility to the general users. An alternate variation of the text recognition CAPTCHA is ‘audio CAPTCHA’. It is an option suitable for visually challenged users.
But the downside of text recognition is that many users are not familiar with English words and numbers and this prevents them from completing the process
Many CAPTCHAs are used to test human logic directly with the help of simple questions. This is based on the assumption that answering logic based questions would be more effective than recognizing visuals; the twisted language of these questions can confuse computers/machine bots, which are more used to identifying and following instructional language/commands. Such kind of CAPTCHAs require a huge database of logic based questions ready for the users like – ‘what is the first letter of the word “zombie”’ or ‘recognize the lowest number in the series – 5,12,3,58’.
The advantage of this system is that the questions are so simple that they can be answered even by a 7-year old and as discussed above, they are far more accessible and usable than text and image recognition CAPTCHAs. But like other CAPTCHA systems, this also has certain limitations.
One of the limitations of such CAPTCHAs is that the questions that are asked to the users are often specific to a particular language, English being the most common of them. But then, all users may not be as well-versed in that language to understand and answer the question. Another drawback is that these questions are not fully machine-proof and it is possible that certain programs may easily decode such CAPTCHAs.
(In this case, the alternative would be to ask questions that are restricted to the site such as – “What is the background color” or “what are the initials displayed in the logo above” as compared to general questions.)
Image Recognition CAPTCHAs make use of images, graphics or photographs instead of text. But the reason why it is not as popular as text bases CAPTCHAs, is due to the fact that it does not improve usability even though it does away with the legibility issues. Also, such CAPTCHAs may create problems for the users who are either visually challenged or those who are color blind. As an alternative, even if a description is included it still won’t help improve its usability as the CAPTCHA will lose all meaning.
Another type of CAPTCHA implemented by Facebook about a year ago is Friend Recognition. It is a form of social authentication wherein the users need to identify their friends in order to verify their accounts. The basic idea behind this type of CAPTCHA is to target human hackers and filter them out.
Although friend recognition holds tremendous potential and is easier than text recognition and logic questions, it is not a feasible method. This can be attributed to the fact that nowadays, with so many Social media sites, the line between friends and acquaintances has blurred and so, it is difficult remembering the names of each and every person along with their faces.
User interaction is by far the most interesting CAPTCHA. It asks users to perform certain tasks which are impossible for virtual intelligence. For instance, “TheyMakeApps” contains an interactive CAPTCHA which features a small slider. The users then drag this slider in the order specified in the site (like “slide the cursor to the end of the line to create your account”) to complete the process.
Even though this user-interaction based CAPTCHA is quite innovative, it cannot be accessed by one and all; people with special needs will find definitely face difficulties when they use it. On a second thought, it is not much difficult to create a program that can easily move the slider and activate the submit/download button.
No prizes for guessing that none of the above mentioned CAPTCHAs are absolutely foolproof. This calls for other alternative methods, which can be used instead of them to filter spam. Some of these alternate methods are – honeypot method, centralization of the user base and recording user time expenditure.
What are the alternatives?
Nowadays, human SPAM (such as unethical link building) is on the rise and this is why merely targeting machines is not sufficient. In such cases, CAPTCHAs alone would not suffice and so, we must also look at other alternatives. Some of the alternatives to CAPTCHA are:
Going for the Honeypot Method
The concept behind the Honeypot method is quite simple. In this method various website forms deliberately include an additional field (Honeypot), which is hidden from the general users. When normal human users fill in the form, they are unable to see this field and so leave it unfilled. This field however, can be detected by Spam Bots who will scan the form, detect it and fill it up along with other fields. Hence, when website administrator finds that data was inserted in this “honeypot”, he/she will be assured that the form was not filled up by a genuine/human user and discard the form or block it.
Targeting a Centralized user base
Using a centralized user base is one of the most convenient ways to avoid spam. To know what is it all about, let us go back a few years. Back then, the spammers could easily post any content on various third-party sites, mostly in the guise of comments. This is due to the fact that the sites gave users the facility of easy registration for an account or anonymous submission of the posts.
Now, the scenario has changed. With social media sites such as Twitter, Facebook, and LinkedIn many third-party websites now provide social-networking integration wherein users can post their content by logging in via their social media accounts.
Since the users are no more anonymous and their content is public, users will be forced to submit nothing but ethical content. Additionally, human spammers can be easily detected by this method and blocked or banned from all these sites.
Monitoring the time spent by the user
The simplest method of detecting spam without using CAPTCHA, is by measuring the time taken by the users to fill out a contact form or post a comment on the site. For instance, if a comment post takes less than 4 seconds, which is impossible for a human but not for a bot. Thus, humans and bots can be easily recognized and the user will be asked to try again. This method usually works as most of the spammers do not target the same site once their initial attempt is thwarted.
To conclude, we can say that although CAPTCHAs are extremely useful, they are not the permanent solution to all spam related issues.
As the technology progresses, spammers will definitely try and find out new ways carry out their objectives and so, the developers need to be a step ahead of them They need to be prepared in advance and update the CAPTCHAs from time to time or think of completely new and innovative methods to combat the ever-increasing problem of spam.