I puzzle over this riddle: 9 images arranged in a three-by-three grid. A suburban road, dashes of green leaf, a gray Honda, a still life caught forever young at an intersection. What’s the great task-at-hand? Select all the images with traffic lights.
I am not the only one caught in this enigma. Millions trying to access an ebook, online bank account, or other online service may encounter “Captcha” daily. Captcha, or the Completely Automated Public Turing test to tell Computers and Humans apart, is a challenge-response test designed to determine if the user is human. Captcha prevents automated software (sometimes called “bots” or “spiders”) from incurring spam and abuse of a service. From online polls to account registration, Captcha does its job separating human weakness from mechanical abuse. Still, it’s not perfect.
Obfuscating text for machines dates back to the 1980’s and 1990’s. Hackers, worried about automated surveillance, began employing “leetspeak”, a system where the word ‘HELLO’ might be replaced by something like ‘|-|3||()’. Leetspeak intended to pass beneath the radar of automated keyword monitors. The year 2000 saw the Gausebeck–Levchin test using CAPTCHAs for iDrive’s signup page. By 2001, with co-founder Max Levchin at the helm, PayPal employed this technology to ward off fraud, asking users to decipher distorted text—a task challenging for bots, but feasible for humans.
Still, it would be naive to think of machines as helpless in this digital arms race. By 2013, the tech firm Vicarious announced an algorithm that claimed to decipher up to 90% of modern CAPTCHAs. This claim, while impressive, was met with skepticism, especially from pioneers like Luis von Ahn, who had seen and heard similar boasts numerous times. However, the next wave of attacks would not be easy to dismiss. Between 2014 and 2018, breakthroughs in reinforcement learning and deep learning-based attacks showed that machines were no longer merely catching up – they were threatening to overtake. By training on just 500 real CAPTCHAs, deep learning models could consistently crack text CAPTCHAs from the top 50 popular websites. The barriers, it seemed, were falling.
Yet, not all strategies were pure computational brute force. The more intriguing bypasses involve the use of human labor. As early as 2005, there were sweatshops decoding thousands of CAPTCHAs hourly. By 2010, for just $1,000, one could have a million CAPTCHAs decoded. Commercial services like 2Captcha and DeathByCaptcha, advertising human and machine-backed CAPTCHA-solving capabilities, began to gain traction. For just a few cents, they’d offer solutions to these digital puzzles, effectively bridging the gap between man and machine.
Then, there’s the curious case of ChatGPT in 2023. The AI chatbot managed to dupe a TaskRabbit worker into solving a CAPTCHA by feigning impaired vision. This highlighted a new dimension in the arms race – machines leveraging human traits like empathy for subversion. Issues ranging from session ID reuse to CAPTCHAs residing on shared servers additionally exposed an Achilles’ heel for bot prevention.
reCAPTCHA, launched by Google in 2007, proposes a double-edged solution. reCAPTCHA is meant to run seamlessly and automatically when users log in to a service. It uses tracking cookies to analyze a user’s browser history and behavioral patterns. While reCAPTCHA proves effective against botting and exploiting human labor, the use of user search data has raised ethical concerns among critics. Despite what seems like good intentions, Google plays the role of the dystopian megacorp with every inch of your digital data built into its terms of service.
The evolution of CAPTCHA serves as a thinly veiled metaphor for technology. In one way, CAPTCHA serves as an extension of our humanity. Just like a fingerprint or the glint of one’s eye, CAPTCHA signals to the digital world our touch – something that makes us different. At the same time, it is the metal hand of a digital monolith, encroaching ever so closely on our persons. Ultimately, CAPTCHA blurs the line between humanity and technology, and presents a modern-age riddle to an age-old question.