CAPTCHA: Difference between revisions

Revision as of 04:40, 17 April 2025

"Completely Automated Public Turing test to tell Computers and Humans Apart" or CAPTCHA was invented in 2000 as a means to deter bots and spam on publicly available websites.^[1] captcha test

Consumer impact

"It's an arms race between site owners and spammers; users lose." - Jeremy Elson^[1]

Overall, CAPTCHA technology has been shown to waste human time with only marginal security improvement.^[2]^{[citation needed]}

Inaccessibility to humans

The World Wide Web Consortium (W3C) releases a periodic report on the Inaccessibility of CAPTCHA technology. Their 2021 report concluded that "traditional CAPTCHA continues to be challenging for people with disabilities, but also that it is increasingly insecure and arguably now ill suited to the purpose of distinguishing human individuals from their robotic impersonators."^[3]

Data privacy concerns

Newer forms of CAPTCHA work by scraping a user's device and behavior for uniquely identifiable information which would indicate a unique human using the service, as opposed to a bot which would have known and repetitive information. Information collected can include screen size, IP address, mouse and touch activity, previous websites visited, etc.^[4]^{[citation needed]}

Crowdsourcing of labor

Services such as Google's reCAPTCHA have been found to be using human input to perform transcription work or train machine learning models without user consent. In 2015, a class-action lawsuit attempted to argue Google should pay its users for their labor.^[5]

Alternatives

The W3C also outlined potential consumer-positive alternatives to CAPTCHAs:^[6]

Honeypot - "Another method to detect automated submissions. The idea behind the honeypot method is as follows: website forms would include a hidden field (by positioning the field off screen). Since spam robots cannot detect a hidden field in the HTML, when data is inserted into this 'honeypot' field, the website administrator would know that the data was not entered by a 'real' user."
Temporary tokens - after a user passes a CAPTCHA, a token is accepted onto the user's device allowing them to use the associated webservice for a fixed amount of time.
Multi-factor authentication - using a pre-arranged secondary device to independently authenticate identity.
Biometric security - facial recognition, fingerprint, retinal scan. This would only be acceptable in an institution with very high security requirements.

"Users should not be forced beyond what is strictly necessary to keep a site secure, e.g.,/ if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else." - W3C^[3]

References

↑ ^1.0 ^1.1 Burling, Stacey (15 Jun 2012). "CAPTCHA: The story behind those squiggly computer letters". Phys.org.
↑ Searles, Andrew; Prapty, Renascence Tarafder; Tsudik, Gene (21 Nov 2023). "Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2". Preprint.
↑ ^3.0 ^3.1 "Inaccessibility of CAPTCHA". W3C. 16 Dec 2021.
↑ O'Reilly, Lara (20 Feb 2015). "Google's new CAPTCHA security login raises 'legitimate privacy concerns'". Business Insider. Archived from the original on 22 Feb 2015.
↑ "Civil Action No. 15-10160-MGM". United States District Court for the District of Massachusetts. 22 Jan 2015.
↑ "Captcha Alternatives and thoughts". W3C wiki.

[:0-1] 1.0 ^1.1 Burling, Stacey (15 Jun 2012). "CAPTCHA: The story behind those squiggly computer letters". Phys.org.

[:12-2] Searles, Andrew; Prapty, Renascence Tarafder; Tsudik, Gene (21 Nov 2023). "Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2". Preprint.

[:1-3] 3.0 ^3.1 "Inaccessibility of CAPTCHA". W3C. 16 Dec 2021.

[:02-4] O'Reilly, Lara (20 Feb 2015). "Google's new CAPTCHA security login raises 'legitimate privacy concerns'". Business Insider. Archived from the original on 22 Feb 2015.

[5] "Civil Action No. 15-10160-MGM". United States District Court for the District of Massachusetts. 22 Jan 2015.

[6] "Captcha Alternatives and thoughts". W3C wiki.

[1]

[2]

[3]

[4]

[5]

[6]

Revision as of 14:23, 10 March 2025 edit InTransparencyWeTrust (talk \| contribs) 673 edits m improve references with additional information Tag: Visual edit ← Older edit		Revision as of 04:40, 17 April 2025 edit undo 193.42.99.137 (talk) test Tag: Visual edit Newer edit →
Line 1:		Line 1:
	"Completely Automated Public Turing test to tell Computers and Humans Apart" or [[wikipedia:CAPTCHA\|CAPTCHA]] was invented in 2000 as a means to deter [[wikipedia:Internet_bot\|bots]] and [[wikipedia:Spamming\|spam]] on publicly available websites.<ref name=":0">{{Cite web \|last=Burling \|first=Stacey \|date=15 Jun 2012 \|title=CAPTCHA: The story behind those squiggly computer letters \|url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html \|website=Phys.org}}</ref>		"Completely Automated Public Turing test to tell Computers and Humans Apart" or [[wikipedia:CAPTCHA\|CAPTCHA]] was invented in 2000 as a means to deter [[wikipedia:Internet_bot\|bots]] and [[wikipedia:Spamming\|spam]] on publicly available websites.<ref name=":0">{{Cite web \|last=Burling \|first=Stacey \|date=15 Jun 2012 \|title=CAPTCHA: The story behind those squiggly computer letters \|url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html \|website=Phys.org}}</ref> captcha test

	==Consumer impact==		==Consumer impact==