Google Gets Better At Spotting HumansGoogle Gets Better At Spotting Humans
Google's revised reCAPTCHA test promises to help website users solve security puzzles faster -- unless they are using a browser's private mode or some other privacy measure.
December 3, 2014
10 Holiday Party Attire Atrocities
10 Holiday Party Attire Atrocities (Click image for larger view and slideshow.)
Google has been paying attention to how online visitors use websites' filtering mechanisms that separate humans from bots, and it believes it can make life easier for real people.
With the help of a risk analysis system deployed last year, Google said Wednesday that it has revised its version of the CAPTCHA test, reCAPTCHA, for separating human intelligence from artificial intelligence.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
CAPTCHA tests have been relied on for years to deter automated spamming and abuse of online resources. But advances in computer vision technology and in machine learning have kept CAPTCHA makers struggling to improve their defenses. Google's own research indicates that artificial intelligence can identify the distorted text used in traditional CAPTCHA puzzles 99.8% of the time.
[Does your WiFi signal make you easy prey for real-life attackers? Read 'Walk & Stalk': A New Twist In Cyberstalking.]
Google's improved approach considers user engagement with CAPTCHA tests before, during, and after the input process -- rather than just the input itself -- and presents easier challenges to website visitors suspected of being human.
Google calls its latest bot detection scheme "No CAPTCHA reCAPTCHA."
"On websites using this new API, a significant number of users will be able to securely and easily verify they're human without actually having to solve a CAPTCHA," Vinay Shet, project manager for Google's reCAPTCHA project, writes in a blog post. "Instead, with just a single click, they'll confirm they are not a robot."
This helps websites that rely on CAPTCHA puzzles to defend against abusive traffic, because it allows real users get through the gates more quickly. And it benefits users, who have a better experience at the website. Shet said that, in the past week, more than 60% of WordPress's traffic and more than 80% of Humble Bundle's traffic received the "No CAPTCHA" experience.
However, there is a drawback to this approach. Specifically, it punishes privacy. Internet users who resist being tracked online, through the use of privacy software, might not reveal enough about their behavior to be deemed human. As suspected robots, they will face more challenging CAPTCHAs -- the sort that can be very hard to read. Several individuals commenting on Hacker News confirmed that disabling third-party cookies or accessing the web in a browser's privacy mode resulted in more difficult puzzles.
What's more, if Google's approach is effective, it will encourage spammers to hire greater numbers of human CAPTCHA solvers in low-wage markets. And these CAPTCHA crackers will be able to do their work more quickly than before, because they'll be presented with easier tests of their humanity.
Employers see a talent shortage. Job hunters see a broken hiring process. In the rush to complete projects, the industry risks rushing to an IT talent failure. Get the Talent Shortage Debate issue of InformationWeek today.
About the Author(s)
You May Also Like
The Forrester Wave™: Vulnerability Risk Management, Q3 2023
How to Develop an AI Governance Program
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Ultimate Guide to the CISSP
Top Six Recommendations to Improve User Productivity with a Hybrid Architecture