Google's revised reCAPTCHA test promises to help website users solve security puzzles faster -- unless they are using a browser's private mode or some other privacy measure.
10 Holiday Party Attire Atrocities
(Click image for larger view and slideshow.)
Google has been paying attention to how online visitors use websites' filtering mechanisms that separate humans from bots, and it believes it can make life easier for real people.
With the help of a risk analysis system deployed last year, Google said Wednesday that it has revised its version of the CAPTCHA test, reCAPTCHA, for separating human intelligence from artificial intelligence.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
CAPTCHA tests have been relied on for years to deter automated spamming and abuse of online resources. But advances in computer vision technology and in machine learning have kept CAPTCHA makers struggling to improve their defenses. Google's own research indicates that artificial intelligence can identify the distorted text used in traditional CAPTCHA puzzles 99.8% of the time.
Google's improved approach considers user engagement with CAPTCHA tests before, during, and after the input process -- rather than just the input itself -- and presents easier challenges to website visitors suspected of being human.
Google calls its latest bot detection scheme "No CAPTCHA reCAPTCHA."
"On websites using this new API, a significant number of users will be able to securely and easily verify they're human without actually having to solve a CAPTCHA," Vinay Shet, project manager for Google's reCAPTCHA project, writes in a blog post. "Instead, with just a single click, they'll confirm they are not a robot."
This helps websites that rely on CAPTCHA puzzles to defend against abusive traffic, because it allows real users get through the gates more quickly. And it benefits users, who have a better experience at the website. Shet said that, in the past week, more than 60% of WordPress's traffic and more than 80% of Humble Bundle's traffic received the "No CAPTCHA" experience.
However, there is a drawback to this approach. Specifically, it punishes privacy. Internet users who resist being tracked online, through the use of privacy software, might not reveal enough about their behavior to be deemed human. As suspected robots, they will face more challenging CAPTCHAs -- the sort that can be very hard to read. Several individuals commenting on Hacker News confirmed that disabling third-party cookies or accessing the web in a browser's privacy mode resulted in more difficult puzzles.
What's more, if Google's approach is effective, it will encourage spammers to hire greater numbers of human CAPTCHA solvers in low-wage markets. And these CAPTCHA crackers will be able to do their work more quickly than before, because they'll be presented with easier tests of their humanity.
Employers see a talent shortage. Job hunters see a broken hiring process. In the rush to complete projects, the industry risks rushing to an IT talent failure. Get the Talent Shortage Debate issue of InformationWeek today.
Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.