Can Google's ReCAPTCHA Swat The Bots? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Digital Business
01:50 PM
Jim Rapoza
Jim Rapoza
Connect Directly

Can Google's ReCAPTCHA Swat The Bots?

New API promises to cut down on the annoyance factor of proving to websites we're human.

8 Facebook Privacy Settings To Check
8 Facebook Privacy Settings To Check
(Click image for larger view and slideshow.)

When we talk about robots taking over, we tend to think of science fiction scenarios of gleaming cyborgs wiping out mankind with high-powered weapons. But there is a very real battle going on today where robots are constantly working against the interests of businesses and individuals.

These robots of destruction are actually easy to find. Just look at the comments section of some of your favorite blogs, or notice how the online channels quickly fill up when you try to buy tickets for a major event. The enemy here are bots that are trying to spread comment spam, access e-commerce servers, and generally make life miserable for people who do business online.

For a while now, the main weapon against these bots has been CAPTCHA, also known as everyone's least favorite thing that websites constantly ask them to do. While opinions differ about nearly everything on the web, one area where most can agree is that everyone hates trying to decipher a nearly illegible series of characters in order to make a comment, purchase a ticket, or do nearly anything online. "Is that an l or a 1? Is that c lowercase or uppercase?" To make things even worse, your customers are enduring these headaches for no good reason, as many bots can easily defeat classic CAPTCHAs.

[Want more ideas on reducing risk? See Security Armchair Quarterbacks: Go Away.]

However, this week, Google announced a new system designed to replace classic CAPTCHA with something a little more user friendly. Called No CAPTCHA reCAPTCHA, the new Google system replaces those hard to read text boxes with one simple question: "Are you a robot?" Click "No" and you're good to go.

Image: Google
Image: Google

Of course, it's more complicated on the backend. After all, if that was all there was to it, then No CAPTCHA reCAPTCHA would be trivially easy for bots to defeat. What makes this new system potentially effective is its implementation of risk analysis. That's because, while in a single moment it can be hard to tell a person from a robot online, over time people and robots behave very differently, and these patterns can be very easy to detect. So an entity that's been rapid-fire hitting many sites and logging in with the same comment on Louboutin shoes may be a robot. If you've been casually browsing the web, reading articles, checking mail, and mooning over those shoes, there's a good chance you're a human (or a "meatbag" as Bender on Futurama would say).

But what if you've just logged in and there's no history to scan? Or if the system isn't really sure? Then it can implement an improved alternative to classic CAPTCHA texts. For example, the site can show a picture of a cat, followed by a set of other pictures and ask you to select the ones that don't fit. Still annoying, but hopefully less so than traditional text CAPTCHAs.

How soon will we see this new scheme? Many major sites, including Wordpress, already use the new Google API. According to Google's Security blog, early adopters are seeing good majorities of their traffic being able to be quickly identified as not robots. And since this is a Google API, I expect other sites to implement it quickly.

But will it work? Only time will tell. The makers of these annoying robots won't give up easily. They'll work on ways to defeat risk scans and try to fool reCAPTCHA into thinking they are humans.

However, fooling this system won't be easy and until then, while the bots aren't quite terminated yet, they are definitely poised to take a beating.

Want proof that your IT team is special? Apply now for the 2015 InformationWeek Elite 100, which recognizes the most innovative users of technology to advance a company's business goals. Winners will be recognized at the InformationWeek Conference, April 27-28, 2015, at the Mandalay Bay in Las Vegas. Application period ends Jan. 16, 2015.

Jim Rapoza is Senior Research Analyst at the Aberdeen Group and Editorial Director for Tech Pro Essentials. For over 20 years he has been using, testing, and writing about the newest technologies in software, enterprise hardware, and the Internet. He previously served as the ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/25/2014 | 1:28:54 AM
Recaptcha can be easily broken by bots
Recaptcha can be easily broken by bots by solving the puzzle manually/using OCR and then copying the cookies in the bot program to continue scraping. More details on how recaptcha is being broken can be found in our recent blog post in ShieldSquare Website
User Rank: Ninja
12/11/2014 | 9:39:43 AM
Re: Will it work?
Tools used by sentiment analysis should be combined with plagiarism checking software to determine whether an account is a real human or just a bot spamming.

Until, such sophisticated tools are developed, it is better to have pictures rather than, text input that is hard and time consuming to bypass by human users.
Thomas Claburn
Thomas Claburn,
User Rank: Author
12/10/2014 | 6:21:21 PM
Will it work?
>But will it work? Only time will tell. 

It will work for a time. But given enough time, a computer can be taught to defeat the system.
User Rank: Ninja
12/10/2014 | 6:09:20 PM
Re: A step in the right direction
As a user, CAPTCHA is annoying. As a provider of online services to customers who were born into the internet age, CAPTCHA is almost a deal-killer. A better alternative that won't tick off my hundreds of thousands of my teenager users will be well-accepted.
User Rank: Ninja
12/10/2014 | 2:50:26 PM
A step in the right direction
I love that they are trying to fix the bigest issue with Captcha method of bot detection by making it not just easier on us meatbags by eliminating non-sensical words and number combinations, but also by streamlining it to images.  If this will make it harder for bots to bring down services or reduce the number of spam, I am all for it!
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll