Solving the CAPTCHAs

Vishal Gorai
6 min readAug 21, 2023

Unravelling the CAPTCHA game from the start till date.

The brief introduction to CAPTCHA

Technically, CAPTCHA stands for “Completely Automated Public Turing Test to tell Computers and Humans Apart. The use case is pretty straightforward, to restrict unlimited consumption of internet resources by bots and spiders roaming in the public internet, we (users of internet) are presented with a real-time “turing test” while browsing. If users pass the test, they’re allowed forward, or else, they are thrown out.

With the mass adoption of internet is 2000s and simultaneously increasing computer bots, it became the need of the hour for protecting the resources from these 24x7 running scripts.

Just imagine a bot books all the movie tickets for a your favourite movie on its first show.The person running the bot, now sells the tickets in black for double or triple the price. I swear I will be pissed off.

Here comes the CAPTCHA for help. It was first developed by researchers in Carnegie Mellon University which uses the Turing test behind the scenes for it. Turing test in this context is “ a set of test that computers can grade, humans can pass, but paradoxiclly computers cannot.

Fun fact : CAPTCHAs are intended to impede mechanized bots, but CAPTCHAs are themselves robotized.

They’re customized to spring up in specific puts on websites. This feels annoying for sure. But this is so genuine in todays world. A report published on Wired.com in 2014 says “more than 50% of internet users are computer operates bots”. Think about 2023.

The traditional CAPTCHAs

Now that the CAPTCHA feels little justified, lets talk about their evolution in cyber space. Yes, its not only that internet has evolved over the time, all its components have shown significant progression. And the trajectory CAPTCHA has followed over the years caught my attention lately. Hence this blog, bringing out the length CAPTCHA has covered till date.

Going back about 10 years in time, we can recall encountering unwelcoming pop-ups at unexpected times. Those had distorted letters and numbers in them, and we had to identify them before we can proceed. This is a classic example of CAPTACHAs.

Image credit : https://www.okta.com/sg/identity-101/captcha/

Apart from the distortions in the characters, the fonts even had variety, some bold, some italics, some even user underlined for no obvious reason. For me personally, the biggest challenge was to distinguish from an “O for orange” and 0 (number zero). The only option which saved me from being declared a bot, in those places was the option to get next CAPTCHA

We don’t see them nowadays, but surely they must be in use even now. Another form of this traditional CAPTCHA method was the audio ones. I almost never used the audio CAPTCHAs.

Do let me know your experiences with audio CAPTCHAs .

Here comes the big tech giant — Google

The CAPTCHAs were doing all fine, and so was our frustration. No matter it served the purpose of CAPTCHAs, but ruined our momentum. Then came the tech super giant, Google and took over the CAPTCHA game and named it as reCAPTCHA.

Image Credit : https://developers.google.com/search/blog/2014/12/are-you-robot-introducing-no-captcha

It introduced the “I’m not a robot” button, which did a heck load of computation in the background to distinguish you from a bot. It utilizes all your past behaviour during your googling session, your button-clicks, mouse-movements to declare your behaviour human.

reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site

But incase, google doubted your humanly behaviour, it presented you with 4x4 boxes to identity fire hydrant and traffic lights. This process served purposes like training AI by giving them larger datasets. This in turn helps preserve books, improve maps, and solve hard AI problems by the bots itself.

Traffic Light CAPTCHA

But on a positive side, this was a manifold jump in the way we experienced CAPTCHAs during browsing. Lesser the CAPTACHs, better the user experience. Win-Win for all.

More on Google’s reCAPTCHA : https://www.google.com/recaptcha/intro/invisible.html?ref=producthunt

The CAPTCHA game became interesting

Now that the U/X was improved, people started having fun with CAPTCHAs. Though the reCAPTCHAs reduced the pop-ups by 70%, creative people saw an opportunity even in the 30% of the times we had to prove ourselves human. Things started getting interesting

Enter rotation CAPTCHA and slider CAPTCHA

Slider CAPTCHA : We are now presented with a broken piece from a jigsaw puzzle and asked to slide the piece to correctly complete the puzzle.

Slider CAPTCHA

Rotation CAPTCHA : In this, an object appears in odd position. We have to rotate it for few times, to bring it in upright position.

Rotation CAPTCHA

These variations of CAPTCHAs proves, people can turn anything to fun, given the creativity we have. This however didn’t bring any revolutionary change in the CAPTCHA space, but it appealed to the users. In fact I started enjoying solving CAPTCHAs at some point. But this fun was short lived. When work becomes more, our mind doesn’t really enjoy small fun sliders. After all who would welcome a CAPTCHA when you had almost booked a train ticket, but couldn’t pass the CAPTCHA on time. And by the time you start booking again, you get the wait listed ticket.

Enters the Big Daddy — Apple

Apple recently upped the CAPTCHA game by introducing their own “human auth” system. It recently launched a Youtube teaser to their latest upcoming feature where Apple has trolled other CAPTCHA methods, and indeed it feels so better to see the next level of CAPTCHA catching up. The perfect blend of Apple ecosystem and CAPTCHA.

Youtube : https://www.youtube.com/watch?v=ykNWqUlLftE

It is a must watch video. In fact this video intrigued me to dig into the CAPTCHA world from the start.

Source : https://developer.squareup.com/docs/web-payments/apple-pay

At the core it feels being such a basic idea, researchers didn’t use this before and Apple is doing it. Bingo! Fingerprint, and face-lock being used for real time human-auth tests, feels really seamless. Just like unlocking your phone, or your mac. This feature will by far increase the user experience at its best. Apple has integrate this feature with ApplePay which serves a great purpose. A significant jump in CAPTCHA systems used in Apple devices.

The hack : Devices will use your fingerprints to classify you as humans, because bots do not have fingers right.

Thanks for reading! 😃

If you’ve reached till here, I’m sure you’re into the CAPTCHAs as much as I’m. Cheers mate. I will appreciate you giving it a clap and share it with your peers. Consider getting connected on linkedin :)

--

--