December 4, 2014 weblog
Google updates hair-pulling CAPTCHA with tick box
Google's reCAPTCHA is a free anti-abuse service to protect users' websites from spam and abuse. The good news is that the CAPTCHA test can be tossed for many users, replaced with a simple one-box tick saying you're human, not a robot. No mangled text; no frustrating fails because you can't tell if it's a g or a q or if that m is supposed to be two letters instead. Easy. A single checkbox next to the statement "I'm not a robot." Gets you where you want to go.
CAPTCHAs seemed like a good idea at one time, intended to protect against spam and abuse. "As spammers have grown more sophisticated," said Google's promotional reCAPTCHA video, "CAPTCHAs have gotten harder and harder to solve." Matthew Humphries, senior editor for Geek.com, added context to this remark, and said, "bots got clever enough to solve them, meaning the CAPTCHA had to get harder through very distorted text to the point where even a human has trouble reading some of them." What is more, while hard to figure out among the innocent, mischief makers were still gaining ground. "Today's Artificial Intelligence technology can solve even the most difficult variant of distorted text at 99.8% accuracy. Thus distorted text, on its own, is no longer a dependable test," blogged Vinay Shet, product manager, reCAPTCHA, on Wednesday. "For years, we've prompted users to confirm they aren't robots by asking them to read distorted text and type it into a box. But, we figured it would be easier to just directly ask our users whether or not they are robots—so, we did! We've begun rolling out a new API that radically simplifies the reCAPTCHA experience. We're calling it the "No CAPTCHA reCAPTCHA"
This No CAPTCHA reCAPTCHA API will attempt to monitor users' interactions with the CAPTCHA to see if they are genuine or a script. Most valid users will be able to simply click a box without seeing any CAPTCHA. What's the technology to make this possible? Google said they are using an Advanced Risk Analysis engine and "adaptive CATCHAS" where humans can be separated out from bots. Vinay Shet, said , "Last year we developed an Advanced Risk Analysis backend for reCAPTCHA that actively considers a user's entire engagement with the CAPTCHA—before, during, and after—to determine whether that user is a human. This enables us to rely less on typing distorted text and, in turn, offer a better experience for users."
Writing in Wired, Andy Greenberg on Wednesday said more about this kind of capability: Every user unwittingly provides the cues that reCAPTCHA needs to do its job. What kinds of cues? IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web, said Greenberg. "And Shet says even the tiny movements a user's mouse makes as it hovers and approaches a checkbox can help reveal an automated bot."
This does not mean that distorted-text CAPTCHAs are going away altogether. They will still be around. "In cases when the risk analysis engine can't confidently predict whether a user is a human or an abusive agent, it will prompt a CAPTCHA to elicit more cues, increasing the number of security checkpoints to confirm the user is valid," said Google's Shet. Humphries in Geek.com explained that in instances where the Advanced Risk Analysis system was, even after monitoring input, not sure of the status as a human, a more typical CAPTCHA test would be a second-stage fallback.
Shet reported that reCAPTCHA early adopters such as Snapchat, WordPress, Humble Bundle, and several others "are already seeing great results with this new API." (For mobile devices, Google will simplify matters via a presentation of image collections, asking the user to prove humanity. Shet's blog called it making reCAPTCHAs mobile-friendly. "This new API also lets us experiment with new types of challenges that are easier for us humans to use, particularly on mobile devices. In the example below, you can see a CAPTCHA based on a classic Computer Vision problem of image labeling. In this version of the CAPTCHA challenge, you're asked to select all of the images that correspond with the clue. It's much easier to tap photos of cats or turkeys than to tediously type a line of distorted text on your phone."
© 2014 Tech Xplore