[RANT] The declining quality of CAPTCHAs

Every time I see a CAPTCHA, whether it be plastered on a registration page or comment form, I find myself telling the website, “you couldn’t have thought of anything better?”. What used to be a good idea for filtering spambots has now turned into nothing more than a bad joke.

The story of CAPTCHA goes something like this: once upon a time, three scientists at Carnegie Mellon created the wonderful challenge-response test, intended to be only solvable by humans. Unfortunately, the bad guys (spambots) caught up with CAPTCHA-cracking, as they acquired magical powers enabling them to read the CAPTCHAs. This ushered in what I call the Golden Age, in other words, when CAPTCHAs worked according to their purpose. Words were readable by humans, but stopped bots dead in their tracks.

That Golden Age, however, has long gone. Now bots and humans alike struggle with CAPTCHAs, trying to transcribe indecipherable scribbles, symbols, mathematical equations, words from foreign languages, and sometimes the occasional phone number. More and more, I find myself pressing the Refresh button for a readable CAPTCHA, half-expecting the system to kick me out for refreshing too many times.

We can plot the amount of effort it takes to solve a CAPTCHA vs. time in years on a graph, and see a direct positive correlation:

The dotted line represents the insanity level to which CAPTCHAs could escalate if someone doesn’t do a damn about them.

From this data, we can see that when CAPTCHA was created (in 2000), they were relatively easy to solve. The Golden Age occurred between 2003 and 2010, roughly, when CAPTCHAs were at their ideal solvability level. Then for some reason, the CAPTCHA Co. that made these distorted words ran out of words apparently? So they started substituting in other craziness.

From CAPTCHA, its evil cousin from hell ReCAPTCHA, was born. It works a bit differently than CAPTCHA, in that one word  is computer-generated and garbled until it’s at the brink of recognizability, and another word is borrowed from one of millions of books digitally scanned by the Gutenberg Project. Why borrowed from books, you ask? The intention was simple: when a user solved the CAPTCHA, he or she would have effectively transcribed the word from said book, thereby digitizing a tiny fraction of the book.

Unfortunately though, ReCAPTCHA expected its human minions to be able to read English, Hebrew, Chinese, Mathematican, and Gibberish. Soon, users worldwide were seeing more Windings than could fit under the twenty-six letters, ten numbers, and various characters on their keyboards. Again, what was a well-intended bot filter has turned into a hell-hole for humans.

This slideshow requires JavaScript.

The only thing they’re good for now is making great laughs on humor websites. Also, since ReCAPTCHAs borrow words from books, you can be a troll by purposely entering gibberish in return for their gibberish. I wrote a blog post on this a while back.

The Solution to CAPTCHAs

Fortunately, other talented individuals and groups have come up with challenge-response tests that hopefully will bring CAPTCHA rape to an end. These alternatives range from solving of simple math equations (e.g. 3+5 = ?) to identifying cats apart from dogs (ASIRRA.) One of my favorites so far is PlayThru, which requires the user to complete a very simple task, such as the one below:

All one has to do in this case, is put the football and bat in the correct places. Solvable by humans, undecipherable by bots. The only flaw with this system is the handicap feature, which plays you an audio sample and asks you to enter the words. When I heard it, I felt like I was on magic mushrooms, listening to the consciences of five different people talking to me through a long tunnel. Creepy was not enough to describe it.


My hope right now for the Internet is for those archaic, masochist CAPTCHAs to disappear into oblivion for eternity, so that not another user must open up his/her Character Map to enter Hebrew letters. Already, many alternative bot-killing systems are being developed that require much less effort for humans to solve. I wish that major websites would implement this technology, and throw CAPTCHA into the virtual garbage can. A good idea gone wrong, its time has long since come.