Captcha

A captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge-response test used in computing to determine whether or not the user is human. The term was coined in 2000 by Luis von Ahn, Manuel Blum, and Nicholas J. Hopper of Carnegie Mellon University, and John Langford of IBM. A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen. Because the test is administered by a computer, in contrast to the standard Turing test that is administered by a human, a captcha is sometimes described as a reverse Turing test.

Applications

Captchas are used to prevent bots from using various types of computing services. Applications include preventing bots from taking part in online polls, registering for free email accounts (which may then be used to send spam), and, more recently, preventing bot-generated spam by requiring that the (unrecognized) sender successfully pass a captcha test before the email message is delivered.

Characteristics

By definition, captchas have the following characteristics:

• They are completely automated. This avoids the necessity for human maintenance or intervention in the test, with obvious benefits in cost and reliability.
• The algorithm used is made public, though it may be encumbered by a patent. This is stipulated so as to require that breaking a captcha requires the solution of a hard problem in the field of artificial intelligence (AI) rather than just the discovery of the (secret) algorithm, which could be obtained through reverse engineering or other means.

Accessibility

Captchas based on reading text -- or other visual-perception tasks -- prevent visually-impaired users from accessing the protected resource. However, captchas do not have to be visual. Any hard artificial intelligence problem, such as speech recognition, can be used as the basis of a captcha. Some implementations of captchas permit users to opt for an audio captcha. The development of audio captchas appears to have lagged behind that of visual captchas, however, and presently may not be as effective.

Circumvention

Some free e-mail providers have used captchas in account registration, to deter spammers from obtaining large numbers of accounts automatically. Spammers have found a way to circumvent this restriction: simply present the captcha to a human user under false pretenses, and use the human's response to obtain the e-mail account.

To do this, the spammer must control a Web site to which human users wish to gain access — for instance, a pornography site. When a user goes to the spammer's porn site, the server starts a new account registration at the free e-mail provider. It downloads the provider's captcha and presents it to the user as a captcha for access to the porn site. The user, not knowing that the captcha is recycled, provides the correct response — and the spammer's software can then complete the e-mail account registration.

Solution

Computer programs have been created that automatically solve simple captchas. For example, two researchers at the University of California at Berkeley have written a program that can solve captcha.net's "ez-gimpy" with an 83% accuracy. More complex captcha-generators remain unsolved.