Captcha Bypass Is In Business Again
We all know CAPTCHAs. We have all times succumbed to some of its more twisted and messy forms at least a dozen times. You know the drill, try to guess the text shown in the image box with the squiggly letters, type it in a text box, hit the submit button, realize you submitted the wrong text, redo everything until you get it right. Yeah, I bet you know what Im talking about.
Nevertheless, we all have learned to live with this short and recurring e-torture given its apparent use.
CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. As it name implies the main function of a CAPTCHA is to distinguish Humans and Computers Apart. All the squiggly letters, weird sizes, color meshes and overall lost of user time are made to prevent bots and/or automated scripts to post content were only real users are supposed to post.
So we deal with the pain of typing and retyping the CAPTCHA texts over and over again to avoid the even greater pain of having a web page overran by marketing accounts and unsolicited messages trying to sell products. So this way it would be hard for bots to bypass the initial account creation procedures and preventing the Black Hat Marketers from creating hundreds and even thousands of accounts. Now we can all use our blogs, social networks and other web 2.0 services in peace without being interrupted by unsolicited messages.
A short term victory that didnt last very long
It turns out that the Black Hat Marketers are sneaky and some of them have very advanced programming skills, so they started to create methods to bypass CAPTCHAs. So at first they began creating CAPTCHA OCR (Optical Character Recognition) systems and other CAPTCHA recognition methods to effectively become masters of CAPTCHA bypass. They took away the funny colors, put filters to take away unwanted lines and trained neural network applications to recognize the characters in spite of the funky fonts that were in use.
Again, a short term victory for the Black Hat Marketers
The internet community back lashed with CAPTCHAs that were much more difficult to bypass. The effectiveness of CAPTCHA OCR went down to around 30% for the best automated CAPTCHA recognition systems. The web 2.0 sites were cheering; there was final victory against massive automated marketers. Toasts were made, babies kissed, the new CAPTCHAs were here to save us!
Not so fast
Lets go back to the beginning and reference a piece of text 300 words back: CAPTCHA is an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart. Wait, so in the end this test is only to tell Computers and Humans Apart, right? Some crazy Black Marketing fella might have suggested Hey, lets just use Humans then. Now we can Bypass CAPTCHAs since were using humans and not computers. I believed that anyone that heard this just laughed out really loud. Who in their right mind would spend long hours in front of a computer screen inserting the text they see in CAPTCHAs over and over again? Not only that. What would be the costs of having a person sitting down all day long inserting CAPTCHAs into a computer?
Answer to first question: People from very poor countries.
Answer to second question: Very Low.
Black Hat Marketers are the big winners for now. Human-based CAPTCHA bypass services have been established for as low as $1.75 for 1000 solved CAPTCHAs (yes, not a scam) and there is even a new market created for this activity. These Human-based CAPTCHA solving services hire a small army of decoders or operators that are happy to insert text for endless hours in exchange of a small pay. All the web 2.0 sites now have to create additional filters and employ extra tactics to keep automated unsolicited messages away and use CAPTCHAs only to keep away the rookie marketers.
Currently, some new companies have invented some other ways to increase difficulty for Human-based systems to decode a CAPTCHA. We now have audio CAPTCHAs, video CAPTCHAs, puzzle CAPTCHAs, math CAPTCHAs, etc. But none of these CAPTCHA systems has grown in a wide scale or have been deployed to any of the main web 2.0 sites. Either way, Im pretty sure that the Human-based CAPTCHA bypass services will find a way to get over these obstacles and keep the marketers in business.
In the end, site owners and marketers will always be playing the cat and mouse game. CAPTCHAs work partially, but as users we will always have to input them. And with the new increase of mobile traffic, were still to see a standardized multi-platform method from stopping unsolicited marketing messages in web 2.0 sites.
By: William Jardain