Captchas, those sometimes-illegible code words designed to foil spammers, can be easily decoded by bots, a Stanford University research team has found.
The Stanford team has created Decaptcha, software that makes captchas readable by computers by cleaning up the text and rendering them in legible letters and numbers. The tool decodes captchas most, but not all the time.
The team was able to decode 66% of Visa’s Authorize.net’s captchas, 70% of Blizzard Entertainment’s and 73% of captcha.com’s captchas. The software’s success with other sites was less convincing. It cracked just 43% of eBay’s captchas and 24% of Reddit’s. Though Stanford is the latest to introduce captcha-cracking software, others have attempted the same thing, sometimes using the same name.
A paper published by the team points out that another downside of captchas is that they are hard for people to decode. “Analysis of the resulting data reveals that captchas are often difficult for humans, with audio captchas being particularly problematic,” the team wrote.
The captcha, an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart,” was introduced in the early 2000s by search engine Alta Vista, which was looking for a way to discourage the automatic submission of URLs.
Since that time there have been a number of captcha variants. As Elie Bursztein, one of the Standford researchers writes, there are geometric captchas, math captchas and even a “sexy” captcha. There are also advertising captchas.
However, since captchas are often frustrating for users, some have looked into alternatives, including simple questions like “What is the second letter of the English alphabet?” or easy tasks like “Uncheck the box if you’re human,” or verification via SMS.
Image courtesy of Flickr, Purpleslog