human verification

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) – a type of technique used as security on websites, the purpose of which is to allow only human-filled data to be sent.

This technique protects, among others:

  • forms – against spam
  • portals – before opening accounts by machines discussion forums
  • Whois services – against automatic queries
  • blogs – before ads in the comments.

Types

The system verifies, recognizes the person by assigning tasks and expecting their solution.

The most commonly used security feature is reading the content from the image (usually randomly selected characters or a short word). This image is human-readable, but a computer-readable image is, at least assumed, very difficult.

A variation of the graphic CAPTCHA is the Asirra system, in which you should choose, for example, a cat from among the photos of various animals.

Another method of implementing CAPTCHA is to enter a text task, such as “Calculate how many is two plus two”, “Enter the year of the Battle of Grunwald”, “Enter the chemical formula of water”.

There are many other implementations and variations of CAPTCHA, including sound solutions (the system reads the task) and other blends of the above-mentioned – e.g. a combination of graphics and text. The system may ask an audio question “what color is the cap on the given photo”. There are also systems that use video sequences.

Problems

CAPTCHA has both supporters and opponents. The latter believe that CAPTCHA is a hindrance for users. In the case of graphical CAPTCHAs, these can be blind users, as well as those who have images disabled in their browsers, or use text browsers (eg Links, Lynx).

A common CAPTCHA technical error is that images are constructed in such a way that they are difficult or even impossible for humans to read. In the case of word problems, they have such a level of difficulty that requires the use of an encyclopedia.

Security

There are reports of numerous successful attacks against CAPTCHA systems.

Technological attacks (e.g. PWNtcha) involve the use of OCR software or image recognition based on e.g. artificial neural networks.

Social engineering attacks rely on the use of a large number of people who solve CAPTCHA tasks in the belief that the tests they are solving are elements of websites other than the targeted ones. A social engineering attack requires intercepting (or exercising) control over a popular or rapidly gaining popularity website (most often presenting erotic content). CAPTCHA tasks are copied from the target system to the controlled system, and the solutions (introduced on an ongoing basis by the mass of users of the controlled website) are used in the target attack.

People from poor regions of Asia and Russia are often employed to solve CAPTCHA tasks. The average cost of solving a thousand CAPTCHA tasks does not exceed a few dollars for the client.