CAPTCHA: Difference between revisions

Line 3:

|Category=

|Company=

~~|Description=~~

|InProduction=

|Logo=

|ProductLine=

|ReleaseYear=

|ReleaseYear=2000

|Website=

}}

|Description=CAPTCHA is an interactive authentication system to deter Internet bots and spamming. Its efficacy is debatable, with concerns regarding privacy and accessibility.

~~'''Completely Automated Public Turing test to tell Computers and Humans Apart''' or [[wikipedia:CAPTCHA~~|CAPTCHA~~]] was invented in 2000 as a means~~ to deter ~~[[wikipedia:Internet_bot|~~bots]] and [[wikipedia:Spamming|spam]] on publicly available websites.<ref name=":0">{{Cite web |last=Burling |first=Stacey |date=15 Jun 2012 |title=CAPTCHA: The story behind those squiggly computer letters |url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html |url-status=usurped |archive-url=https://web.archive.org/web/20120617130133/https://m.phys.org/news/2012-06-captcha-story-squiggly-letters.html |archive-date=17 Jun 2012 |website=Phys.org}}</ref> CAPTCHA tests aim to confirm that the visitor of a website or service is ~~human~~, ~~usually by presenting a challenge which humans can solve easily, but computer programs cannot. Primary CAPTCHAs used today are [[Google]]'s [[reCAPTCHA]]~~ and ~~hCaptcha~~.

}}

==Consumer impact==

'''Completely Automated Public Turing test to tell Computers and Humans Apart''' or {{Wplink|CAPTCHA}} was invented in 2000 as a means to deter {{Wplink|Internet bot|bots}} and {Wplink|Spamming|spam}} on publicly available websites.<ref name=":0">{{Cite web |last=Burling |first=Stacey |title=CAPTCHA: The story behind those squiggly computer letters |url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html |website=Phys.org |date=15 Jun 2012 |access-date= |url-status=usurped |archive-url=https://web.archive.org/web/20120617130133/https://m.phys.org/news/2012-06-captcha-story-squiggly-letters.html |archive-date=17 Jun 2012}}</ref> CAPTCHA tests aim to confirm that the visitor of a website or service is human, usually by presenting a challenge which humans can solve easily, but computer programs cannot. Primary CAPTCHAs used today are [[Google]]'s [[reCAPTCHA]] and hCaptcha.

<blockquote>"It's an arms race between site owners and spammers; users lose." - Jeremy Elson<ref name=":0" /></blockquote>Overall, CAPTCHA technology has been shown to waste human time with only marginal security improvement.<ref name=":12">{{Cite journal |last=Searles |first=Andrew |last2=Prapty |first2=Renascence Tarafder |last3=Tsudik |first3=Gene |date=21 Nov 2023 |title=Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2 |url=https://arxiv.org/pdf/2311.10911 |journal=Preprint}}</ref>{{Citation needed}}

==Consumer impact summary==

<blockquote>"It's an arms race between site owners and spammers; users lose." - Jeremy Elson<ref name=":0" /></blockquote>

Overall, CAPTCHA technology has been shown to waste human time with only marginal security improvement.<ref name=":12">{{Cite journal |last=Searles |first=Andrew |last2=Prapty |first2=Renascence Tarafder |last3=Tsudik |first3=Gene |date=21 Nov 2023 |title=Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2 |url=https://arxiv.org/pdf/2311.10911 |journal=Preprint}}</ref>{{Citation needed}}

===Accessibility===

The ~~[[wikipedia:World_Wide_Web_Consortium~~|World Wide Web Consortium]] (W3C) releases a periodic report on the ~~Inaccessibility~~ of CAPTCHA technology. Their 2021 report concluded that "traditional CAPTCHA continues to be challenging for people with disabilities, but also that it is increasingly insecure and arguably now ill suited to the purpose of distinguishing human individuals from their robotic impersonators."<ref name=":1">{{Cite web |~~date~~=~~16 Dec 2021~~ |title=Inaccessibility of CAPTCHA |url=https://www.w3.org/TR/turingtest/ |url-status=live |archive-url=https://web.archive.org/web/20211216162624/https://www.w3.org/TR/turingtest/ |archive-date=16 Dec 2021 ~~|website=W3C~~}}</ref> It is important for websites to be able to keep unwanted bots from accessing their sites, however CAPTCHA may not be the best way to do so.

The {{Wplink|World Wide Web Consortium|World Wide Web Consortium}} (W3C) releases a periodic report on the inaccessibility of CAPTCHA technology. Their 2021 report concluded that "traditional CAPTCHA continues to be challenging for people with disabilities, but also that it is increasingly insecure and arguably now ill-suited to the purpose of distinguishing human individuals from their robotic impersonators."<ref name=":1">{{Cite web |last1=Hollier |first1=Scott |last2=Sajka |first2=Janina |last3=White |first3=Jason |last4=Cooper |first4=Michael |last5=May |first5=Matt |display-authors=2 |title=Inaccessibility of CAPTCHA |url=https://www.w3.org/TR/turingtest/ |website=W3C |date=16 Dec 2021 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20211216162624/https://www.w3.org/TR/turingtest/ |archive-date=16 Dec 2021}}</ref> It is important for websites to be able to keep unwanted bots from accessing their sites, however CAPTCHA may not be the best way to do so.

===Data privacy concerns===

Newer forms of CAPTCHA work by scraping a user's device and behavior for uniquely identifiable information which would indicate a unique human using the service, as opposed to a bot which would have known and repetitive information. Information collected can include screen size, IP address, mouse and touch activity, previous websites visited, etc.<ref name=":02">{{Cite web |last=O'Reilly |first=Lara ~~|date=20 Feb 2015~~ |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 ~~|website=Business Insider~~}}</ref>~~{{Citation needed}}~~

Newer forms of CAPTCHA work by scraping a user's device and behavior for uniquely identifiable information which would indicate a unique human using the service, as opposed to a bot which would have known and repetitive information. Information collected can include screen size, IP address, mouse and touch activity, previous websites visited, etc.<ref name=":02">{{Cite web |last=O'Reilly |first=Lara |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |website=Business Insider |date=20 Feb 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015}}</ref>

===Crowdsourcing of labor===

Services such as [[Google~~|Google~~'s]] [[reCAPTCHA]] have been found to be using human input to perform transcription work or train machine learning models without user consent. In 2015, a class-action lawsuit attempted to argue Google should pay its users for their labor.<ref>{{Cite web |~~date~~=~~22 Jan 2015~~ |title=~~Civil Action No~~. 15-10160~~-MGM~~ |url=https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |url-status=live |archive-url=https://web.archive.org/web/20160209093438/https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |archive-date=2016-02-09 |website=~~United States District~~ Court ~~for the District of Massachusetts~~}}</ref>

Services such as [[Google]]'s [[reCAPTCHA]] have been found to be using human input to perform transcription work or train machine-learning models without user consent. On 22 January 2015, a Massachusetts class-action lawsuit attempted to argue Google should pay its users for their labor.<ref>{{Cite web |last1=Shapiro |first1=Thomas G. |last2=Vallely |first2=Patrick J. |title=''Rojas-Lozano v. Google Inc.'' (3:15-cv-10160) |url=https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |website=Santa Clara University School of Law Digital Commons |date=22 Jan 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20160209093438/https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |archive-date=9 Feb 2016}}</ref> Google's motion to transfer the case to the Northern District of California was granted 12 August 2015,<ref>{{Cite web |last=Mastroianni |first=Mark G. |title=''Rojas-Lozano v. Google Inc.'' (3:15-cv-10160) |url=https://www.courtlistener.com/docket/5127913/31/rojas-lozano-v-google-inc/ |website=Court Listener |date=12 Aug 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260409000656/https://www.courtlistener.com/docket/5127913/31/rojas-lozano-v-google-inc/ |archive-date=9 Apr 2026}}</ref> where it was dismissed on 3 February 2016.<ref>{{Cite web |last=Corley |first=Jacqueline Scott |title=''Rojas-Lozano v. Google, Inc.'' (15-cv-03751-JSC) |url=https://www.courtlistener.com/opinion/7318166/rojas-lozano-v-google-inc/ |website=Court Listener |date=3 Feb 2016 |access-date=8 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0409-0933-59/https://www.courtlistener.com:443/opinion/7318166/rojas-lozano-v-google-inc/ |archive-date=9 Apr 2016}}</ref>

==Alternatives==

The W3C also outlined potential consumer-positive alternatives to CAPTCHAs:<ref>{{Cite web |title=Captcha Alternatives and thoughts |url=https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |website=W3C wiki}}</ref>

The W3C also outlined potential consumer-positive alternatives to CAPTCHAs:<ref>{{Cite web |author= |title=Captcha Alternatives and thoughts |url=https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |website=W3C wiki |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250903080807/https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |archive-date=3 Sep 2025}}</ref>

#Honeypot - "Another method to detect automated submissions. The idea behind the honeypot method is as follows: website forms would include a hidden field (by positioning the field off screen). Since spam robots cannot detect a hidden field in the HTML, when data is inserted into this 'honeypot' field, the website administrator would know that the data was not entered by a 'real' user."

Line 32:

Line 35:

#[[Biometric authentication]] - facial recognition, fingerprint, retinal scan. This would only be acceptable in an institution with very high security requirements.

<blockquote>"Users should not be forced beyond what is strictly necessary to keep a site secure, e.g.,/ if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else." - W3C<ref name=":1" /></blockquote>

<blockquote>"Users should not be forced beyond what is strictly necessary to keep a site secure, e.g., if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else." - W3C<ref name=":1" /></blockquote>

==See also==

*[[DataDome]]

*[[hCAPTCHA]]

Line 42:

Line 44:

==References==

~~<references />~~

[[Category:~~Articles in need of additional work]]~~

[[Category:{{PAGENAME}}]]

~~[[Category:CAPTCHA~~]]

[[Category:Data collection]]

[[Category:Common terms]]

@@ Line 3: / Line 3: @@
 |Category=
 |Company=
-|Description=
 |InProduction=
 |Logo=
 |ProductLine=
-|ReleaseYear=
+|ReleaseYear=2000
 |Website=
-}}
+|Description=CAPTCHA is an interactive authentication system to deter Internet bots and spamming. Its efficacy is debatable, with concerns regarding privacy and accessibility.
-'''Completely Automated Public Turing test to tell Computers and Humans Apart''' or [[wikipedia:CAPTCHA|CAPTCHA]] was invented in 2000 as a means to deter [[wikipedia:Internet_bot|bots]] and [[wikipedia:Spamming|spam]] on publicly available websites.<ref name=":0">{{Cite web |last=Burling |first=Stacey |date=15 Jun 2012 |title=CAPTCHA: The story behind those squiggly computer letters |url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html |url-status=usurped |archive-url=https://web.archive.org/web/20120617130133/https://m.phys.org/news/2012-06-captcha-story-squiggly-letters.html |archive-date=17 Jun 2012 |website=Phys.org}}</ref> CAPTCHA tests aim to confirm that the visitor of a website or service is human, usually by presenting a challenge which humans can solve easily, but computer programs cannot. Primary CAPTCHAs used today are [[Google]]'s [[reCAPTCHA]] and hCaptcha.
+}}
-==Consumer impact==
+'''Completely Automated Public Turing test to tell Computers and Humans Apart''' or {{Wplink|CAPTCHA}} was invented in 2000 as a means to deter {{Wplink|Internet bot|bots}} and {Wplink|Spamming|spam}} on publicly available websites.<ref name=":0">{{Cite web |last=Burling |first=Stacey |title=CAPTCHA: The story behind those squiggly computer letters |url=https://phys.org/news/2012-06-captcha-story-squiggly-letters.html |website=Phys.org |date=15 Jun 2012 |access-date= |url-status=usurped |archive-url=https://web.archive.org/web/20120617130133/https://m.phys.org/news/2012-06-captcha-story-squiggly-letters.html |archive-date=17 Jun 2012}}</ref> CAPTCHA tests aim to confirm that the visitor of a website or service is human, usually by presenting a challenge which humans can solve easily, but computer programs cannot. Primary CAPTCHAs used today are [[Google]]'s [[reCAPTCHA]] and hCaptcha.
-<blockquote>"It's an arms race between site owners and spammers; users lose." - Jeremy Elson<ref name=":0" /></blockquote>Overall, CAPTCHA technology has been shown to waste human time with only marginal security improvement.<ref name=":12">{{Cite journal |last=Searles |first=Andrew |last2=Prapty |first2=Renascence Tarafder |last3=Tsudik |first3=Gene |date=21 Nov 2023 |title=Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2 |url=https://arxiv.org/pdf/2311.10911 |journal=Preprint}}</ref>{{Citation needed}}
+==Consumer impact summary==
+<blockquote>"It's an arms race between site owners and spammers; users lose." - Jeremy Elson<ref name=":0" /></blockquote>
+Overall, CAPTCHA technology has been shown to waste human time with only marginal security improvement.<ref name=":12">{{Cite journal |last=Searles |first=Andrew |last2=Prapty |first2=Renascence Tarafder |last3=Tsudik |first3=Gene |date=21 Nov 2023 |title=Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHAv2 |url=https://arxiv.org/pdf/2311.10911 |journal=Preprint}}</ref>{{Citation needed}}
 ===Accessibility===
-The [[wikipedia:World_Wide_Web_Consortium|World Wide Web Consortium]] (W3C) releases a periodic report on the Inaccessibility of CAPTCHA technology. Their 2021 report concluded that "traditional CAPTCHA continues to be challenging for people with disabilities, but also that it is increasingly insecure and arguably now ill suited to the purpose of distinguishing human individuals from their robotic impersonators."<ref name=":1">{{Cite web |date=16 Dec 2021 |title=Inaccessibility of CAPTCHA |url=https://www.w3.org/TR/turingtest/ |url-status=live |archive-url=https://web.archive.org/web/20211216162624/https://www.w3.org/TR/turingtest/ |archive-date=16 Dec 2021 |website=W3C}}</ref> It is important for websites to be able to keep unwanted bots from accessing their sites, however CAPTCHA may not be the best way to do so.
+The {{Wplink|World Wide Web Consortium|World Wide Web Consortium}} (W3C) releases a periodic report on the inaccessibility of CAPTCHA technology. Their 2021 report concluded that "traditional CAPTCHA continues to be challenging for people with disabilities, but also that it is increasingly insecure and arguably now ill-suited to the purpose of distinguishing human individuals from their robotic impersonators."<ref name=":1">{{Cite web |last1=Hollier |first1=Scott |last2=Sajka |first2=Janina |last3=White |first3=Jason |last4=Cooper |first4=Michael |last5=May |first5=Matt |display-authors=2 |title=Inaccessibility of CAPTCHA |url=https://www.w3.org/TR/turingtest/ |website=W3C |date=16 Dec 2021 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20211216162624/https://www.w3.org/TR/turingtest/ |archive-date=16 Dec 2021}}</ref> It is important for websites to be able to keep unwanted bots from accessing their sites, however CAPTCHA may not be the best way to do so.
 ===Data privacy concerns===
-Newer forms of CAPTCHA work by scraping a user's device and behavior for uniquely identifiable information which would indicate a unique human using the service, as opposed to a bot which would have known and repetitive information. Information collected can include screen size, IP address, mouse and touch activity, previous websites visited, etc.<ref name=":02">{{Cite web |last=O'Reilly |first=Lara |date=20 Feb 2015 |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015 |website=Business Insider}}</ref>{{Citation needed}}
+Newer forms of CAPTCHA work by scraping a user's device and behavior for uniquely identifiable information which would indicate a unique human using the service, as opposed to a bot which would have known and repetitive information. Information collected can include screen size, IP address, mouse and touch activity, previous websites visited, etc.<ref name=":02">{{Cite web |last=O'Reilly |first=Lara |title=Google's new CAPTCHA security login raises 'legitimate privacy concerns' |url=https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |website=Business Insider |date=20 Feb 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20150222100003/https://www.businessinsider.com/google-no-captcha-adtruth-privacy-research-2015-2 |archive-date=22 Feb 2015}}</ref>
 ===Crowdsourcing of labor===
-Services such as [[Google|Google's]] [[reCAPTCHA]] have been found to be using human input to perform transcription work or train machine learning models without user consent. In 2015, a class-action lawsuit attempted to argue Google should pay its users for their labor.<ref>{{Cite web |date=22 Jan 2015 |title=Civil Action No. 15-10160-MGM |url=https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |url-status=live |archive-url=https://web.archive.org/web/20160209093438/https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |archive-date=2016-02-09 |website=United States District Court for the District of Massachusetts}}</ref>
+Services such as [[Google]]'s [[reCAPTCHA]] have been found to be using human input to perform transcription work or train machine-learning models without user consent. On 22 January 2015, a Massachusetts class-action lawsuit attempted to argue Google should pay its users for their labor.<ref>{{Cite web |last1=Shapiro |first1=Thomas G. |last2=Vallely |first2=Patrick J. |title=''Rojas-Lozano v. Google Inc.'' (3:15-cv-10160) |url=https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |website=Santa Clara University School of Law Digital Commons |date=22 Jan 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20160209093438/https://digitalcommons.law.scu.edu/cgi/viewcontent.cgi?article=1904&context=historical |archive-date=9 Feb 2016}}</ref> Google's motion to transfer the case to the Northern District of California was granted 12 August 2015,<ref>{{Cite web |last=Mastroianni |first=Mark G. |title=''Rojas-Lozano v. Google Inc.'' (3:15-cv-10160) |url=https://www.courtlistener.com/docket/5127913/31/rojas-lozano-v-google-inc/ |website=Court Listener |date=12 Aug 2015 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260409000656/https://www.courtlistener.com/docket/5127913/31/rojas-lozano-v-google-inc/ |archive-date=9 Apr 2026}}</ref> where it was dismissed on 3 February 2016.<ref>{{Cite web |last=Corley |first=Jacqueline Scott |title=''Rojas-Lozano v. Google, Inc.'' (15-cv-03751-JSC) |url=https://www.courtlistener.com/opinion/7318166/rojas-lozano-v-google-inc/ |website=Court Listener |date=3 Feb 2016 |access-date=8 Apr 2026 |url-status=live |archive-url=https://megalodon.jp/2026-0409-0933-59/https://www.courtlistener.com:443/opinion/7318166/rojas-lozano-v-google-inc/ |archive-date=9 Apr 2016}}</ref>
 ==Alternatives==
-The W3C also outlined potential consumer-positive alternatives to CAPTCHAs:<ref>{{Cite web |title=Captcha Alternatives and thoughts |url=https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |website=W3C wiki}}</ref>
+The W3C also outlined potential consumer-positive alternatives to CAPTCHAs:<ref>{{Cite web |author= |title=Captcha Alternatives and thoughts |url=https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |website=W3C wiki |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250903080807/https://www.w3.org/WAI/GL/wiki/Captcha_Alternatives_and_thoughts |archive-date=3 Sep 2025}}</ref>
 #Honeypot - "Another method to detect automated submissions. The idea behind the honeypot method is as follows: website forms would include a hidden field (by positioning the field off screen). Since spam robots cannot detect a hidden field in the HTML, when data is inserted into this 'honeypot' field, the website administrator would know that the data was not entered by a 'real' user."
@@ Line 32: / Line 35: @@
 #[[Biometric authentication]] - facial recognition, fingerprint, retinal scan. This would only be acceptable in an institution with very high security requirements.
-<blockquote>"Users should not be forced beyond what is strictly necessary to keep a site secure, e.g.,/ if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else." - W3C<ref name=":1" /></blockquote>
+<blockquote>"Users should not be forced beyond what is strictly necessary to keep a site secure, e.g., if a honeypot suffices, use a honeypot until evidence of robotic attacks dictates something else." - W3C<ref name=":1" /></blockquote>
 ==See also==
 *[[DataDome]]
 *[[hCAPTCHA]]
@@ Line 42: / Line 44: @@
 ==References==
-<references />
+{{Reflist}}
-[[Category:Articles in need of additional work]]
+[[Category:{{PAGENAME}}]]
-[[Category:CAPTCHA]]
 [[Category:Data collection]]
 [[Category:Common terms]]