April, 1950. Computer Lab, University of Manchester, England.
In a lively mood, British mathematician and computer engineer Alan Turing was discussing the cognitive abilities of computers with his colleagues. The topic of discussion—could a computer ever apply its own intelligence to work as an alternative to humans, as a bot? To unfold this question, they turned to a remarkable game that could reveal the depths of a machine’s intelligence. He called it The Imitation Game. More than a game, it was a groundbreaking test, aimed at answering the question that fascinated him—just how far could a robot’s intellect go?
The game worked like this: in two separate rooms, one held a human and the other held a computer. The examiner wouldn’t know which was which. By asking a series of short, written questions, the examiner would try to figure out who—or what—was in each room. If the computer could respond in a convincingly human way, it would be considered to possess human-like thinking.
But such a breakthrough would bring challenges. The rise of intelligent bots could lead to serious problems, like a surge in spam and frequent website crashes. Eventually, Turing began his game, and both the computer and human minds were hit with a flood of questions, testing their capacity to think.
The results of the game remained a mystery at first. But soon after, Turing unveiled the findings in a groundbreaking research paper titled “Computing Machinery & Intelligence.” The paper sent waves through the scientific world, capturing minds and imaginations alike, as if something out of science fiction had come to life. This revelation set the stage for a new era, and within just a few decades, it paved the way for transformative advancements in computer security systems.
Yahoo’s problem with spam
Internet giant Yahoo, known for its search engine and email services, started noticing strange spam links cropping up in its online chat rooms. As soon as the company’s users clicked on these spam links, they began to lose their privacy. Gradually, the volume of spam on the website increased to such an extent that it eventually crashed the company’s servers. This surge in spam was driven by a few malicious individuals exploiting open access on the website using computer bots to launch relentless brute-force attacks.
What is a brute-force attack?
Imagine a server designed to handle 500 clicks or registrations per second. Now, what if someone tries to flood that server with 50,000 clicks or registrations in the same amount of time? Naturally, the server will be unable to handle the load and will crash. This is exactly what cybercriminals do. Using a range of computer bots and specialized software, they overload the system, rendering the website’s server unresponsive and bringing it offline.
This issue highlighted the need to prevent the unrestricted movement of computer bots on the site. It became crucial to identify the behavioral differences between humans and computer bots. In such a situation, the company’s senior officials reached out to the Department of Computer Science at Carnegie Mellon University. At that time, the department was led by a knowledgeable, skilled, and esteemed professor, Manuel Blum. Working alongside him were a group of talented students, one of whom was Luis von Ahn.
Professor Blum assigned the task of solving Yahoo’s newly arisen problem to this young research team. The brilliant Luis von Ahn was made the team leader. Under Blum’s guidance, they began their research, and before long, they developed a remarkable computer program: which is known as CAPTCHA now. Though it may seem bothersome today, CAPTCHA has made an extraordinary contribution to secure internet usage.
What is CAPTCHA?
When you try to register or complete a task on a website, you might see a set of images, distorted letters, math problems, or other symbols pop up on your screen. The website’s goal is simple: only if you correctly identify these symbols will you gain access to the main site, be able to submit your registration, or complete your task.
But the question is, in this fast-paced world of technology, why is it necessary to impose such an annoying delay? Yes, there is indeed a reason. This is, in fact, the security CAPTCHA test created by Carnegie’s researchers, designed to distinguish between the behavior of a real human and a computer bot. It provides essential protection against uncontrolled spam on websites.
Types of CAPTCHA
Since its beginnings in a small university lab in 2000, CAPTCHA has undergone significant evolution. Its programming structure has transformed, and new forms of CAPTCHA have been introduced over time. Today, when accessing websites, you’re likely to encounter four main types:
- Alphanumeric CAPTCHA
- Image Recognition CAPTCHA
- Audio CAPTCHA
- Checkbox CAPTCHA
Alphanumeric CAPTCHA
Alphanumeric CAPTCHA is considered the original version of CAPTCHA technology. It was through this method that key websites on the internet first encountered CAPTCHA. In this type, users must identify a sequence of random, distorted letters and numbers, often arranged in a challenging way that demands careful attention. Some of these CAPTCHAs appear in various colors, with faint or unusual lines drawn across them, adding an extra layer of difficulty.
Image Recognition CAPTCHA
Many of you might already recognize this type, right? In this CAPTCHA, a grid of images appears, featuring various objects like traffic lights, zebra crossings, bicycles, and more. Your challenge is to pick out the images that belong to the same category. This type of CAPTCHA is quite easy for those with good vision, offering a clear and straightforward way to verify users.
Audio CAPTCHA
To assist individuals with visual impairments, the CAPTCHA team introduced a unique version that brought a significant change in CAPTCHA history: the Audio CAPTCHA. In this version, users listen to an audio clip containing a mix of letters and numbers. They must then enter what they hear into the required fields. With unique, layered sounds in the audio, this type of CAPTCHA offers an added layer of security, making it much harder for bots to bypass.
Checkbox CAPTCHA
In 2009, after Google acquired CAPTCHA, a more elegant and user-friendly version was created with the expertise of their in-house programmers. This version, known as “No CAPTCHA reCAPTCHA,” presents a simple checkbox labeled “I’m not a robot.” While it offers a seamless experience for users, it poses a significant challenge for bots. The beauty of this CAPTCHA lies in its simplicity—requiring a human touch, whether a cursor on a computer or a finger on a mobile device, to tick the box, making it both intuitive and secure.
Why Can’t Computer Bots Solve CAPTCHA?
After exploring the different types of CAPTCHA, one might wonder: why are computer bots unable to crack them?
The answer is simple: CAPTCHA is deliberately designed to be beyond the reach of automated systems. To solve CAPTCHA, one needs visual perception, reading comprehension, and an intuitive grasp of human behavior—qualities that bots completely lack. Additionally, CAPTCHA often requires interpreting diverse instructions, which is something bots can’t do. They can only follow rigid, pre-set commands and lack the capacity for independent thought or awareness. This fundamental difference in cognitive abilities is what separates humans from bots.
To tackle this challenge, computer bots rely on Optical Character Recognition (OCR) software, which scans the characters and attempts to match them with letters, numbers, and symbols in its database. The software tries to decipher which character or number corresponds to what is shown. However, in CAPTCHA, the characters are deliberately distorted, twisted, or presented in an irregular manner, making it nearly impossible for the OCR software to align them with its stored data. This is why computer bots struggle to interpret the characters in CAPTCHA.
Moreover, if a computer bot manages to bypass the CAPTCHA with its automated program, a new challenge will emerge. The user will be taken to the next step to confirm their human nature . At this stage, they may be asked to complete another CAPTCHA, whether it involves rewriting distorted characters or identifying images. If the system still suspects non-human activity, Google proceeds to check the user’s IP address. In addition, Google employs a range of advanced technologies to ensure that the actions are genuinely human. However, the specifics of these methods remain confidential, known only to Google.
The Birth of reCAPTCHA
In today’s world, millions of people are solving CAPTCHAs every moment. Yet, as the saying goes, there is always room for innovation—and that is exactly what unfolded.
Not long after the invention of CAPTCHA, a brilliant thought dawned upon Lewis. He wondered, why continue with the complicated, distorted characters when there was a better alternative? What if, instead, he could use the illegible, obscure words from old books? This would not only simplify the CAPTCHA process, but also provide a chance to scan and digitally preserve these ancient texts. In doing so, it would safeguard priceless writing styles from the brink of extinction.
Thus began the collection of old stacks of books. Using Optical Character Recognition (OCR), the scanning process started. However, a problem arose with some words. The words were so blurred that they couldn’t be scanned properly. It was the moment when Lewis saw an opportunity. He started incorporating these blurred words as images in the CAPTCHA code. But how?
In the current reCAPTCHA system, users are asked to type two words: one relatively clear and the other more distorted. If the user successfully types the clear word and then correctly identifies and types the distorted word, it is assumed that the second word is also correct. The first user’s second code is then passed on as the first code to the next user. If the second user also types it correctly, it gets incorporated into the digital library.
Thus, the CAPTCHA team began an extraordinary journey, where website users unknowingly contributed to the free digitization of old books. Each day, around 200 million words were added to the CAPTCHA database. Through Louis’s innovative idea, countless people found themselves helping to preserve their work for future generations. Many of them had never imagined their writings would one day find a place in an online library — a legacy that could last for centuries to come.
In 2009, Google’s attention was caught by the remarkable efforts of the CAPTCHA team. To enrich their own database and online library, they selected CAPTCHA and purchased it at a high price, exchanging it for dollars. In return, they offered it free of charge to users of their search engine. This strategic move led to a groundbreaking achievement. Within a decade, by 2019, Google successfully digitized nearly 40 million books, expanding their library with invaluable literary treasures.
The landscape of website security is constantly evolving, with new and more sophisticated spam access strategies being adopted by the moment. In 2014, Google observed that alphanumeric and image recognition CAPTCHAs were being solved by artificial intelligence, marking a pivotal shift. This led to the creation of the current no-CAPTCHA system and the introduction of the tick mark CAPTCHA. As we look to the future, the possibilities for new CAPTCHA innovations are limitless. It’s not far-fetched to imagine a time when artificial intelligence may outsmart even the most advanced CAPTCHAs. And when that happens, a new generation of security protocols will rise, ensuring that CAPTCHAs continue to play a crucial role in safeguarding the vast expanse of the internet.
References:
Leave a Reply