ADVERTISEMENT

Use It Better: Eight Alternatives to the Hated Captcha

Programmers hope that humans can jump through these hoops better than bots



Flickr/Phillie Casablanca

Captchas are those annoying "What does this garbled text say?" puzzles that you have to solve before you're allowed to sign up for something online. (Read more about Captchas in March's Scientific American.) They’re designed to thwart spammers whose automated software bots would otherwise pollute the Web site with phony sign-ups.

But Captchas are sometimes so difficult that even humans can't solve them. And although they're no longer sufficient to stop spammers' increasingly sophisticated bots, they're 100 percent effective in keeping out blind people.

Various people have come up with alternatives to the hated Captcha. Each has its charms—and its drawbacks. For example:

Task Puzzles, Image Puzzles
In a world of tablets and touch-screen phones, a typing puzzle is extra clumsy. In a task puzzle, you're asked to do something, like "Tap here if you're human." In theory, a software bot can't do that. Unfortunately, non-English speakers won't know how to respond, either.

Some sites now offer image puzzles: "Draw a circle around the photo of a lighthouse." Great—unless you're blind.

The Audio Captcha
You hear a garbled, scratchy recording of someone saying a word, and you're supposed to type in what it says. But the same problems apply: sometimes it's hard for even a human to understand the word, and of course deaf people are left out.

The Math Puzzle
Instead of trying to interpret a garbled-looking word, you're asked to solve a simple math problem like "What's 3 + 3?" Both blind people and seeing people could solve this one.

The trick here, of course, is finding puzzles that are simple enough for everyone to solve, regardless of education level—and still hard enough to stop automated software bots. "What's 3 + 3?" won't stop many determined spammer bots.

The Trivia Puzzle
Another proposal: Ask a pitifully easy question like, "What color is the sky?" This kind of blockade is great if you're an English speaker and a perfect speller. Otherwise, it might keep out innocent bystanders as well as bots.

Text-Message Verification
When you try to sign up for a Google Voice account, you're asked for your cell phone number. When you click "Connect," your phone dings, and you're asked to type in a two-digit code that the Web site is displaying. Fast, easy and foolproof—unless, of course, you don't have a cell phone or you're blind or you don't live in the United States.

The Confirmation-Page Trick
Once you've filled in your sign-up information, you click "Okay"—and you arrive at a final confirmation page, where a message says, "Click 'Confirm' if this information is correct." This non-puzzle puzzle works very well, because software bots aren't expecting the additional step. Unfortunately, if yours is a popular site (such as Yahoo or Google), it won't take long for the spammers to catch on.

The Timing Trick
If you're a real person, it might take you a couple of minutes to fill in the fields of a Web form; if you're a software bot, you can fill it in instantly. A Web site's code can measure the time it takes you to fill in the form, and gauge your humanness that way.

Unless, of course, you use a Web browser (such as Safari or Firefox) that offers a one-click "Fill in my standard information button," which would make the site conclude that you, in fact, are a software bot.

The Hidden-Field Scam
The Web site's creator makes a tempting-sounding text box labeled something like "E-mail address"—and then makes it invisible, using CSS (cascading style sheets) coding. Humans will never see that box, and will leave it empty; software bots will fill it in.

This solution, too, isn't perfect, because those auto-fill features like Safari's will still fill in the invisible box, and not everyone has CSS turned on.

The bottom line: We can all agree that Captchas are horrible, but we can't agree on a perfect solution. But if you're a Web-site owner, consider this: the spammers don't have much interest in you unless you're a major site. If you're a relatively small site, you can probably get away with using one of the easier blockades described here or an automated spam-blocking trick (www.sitepoint.com/captcha-alternatives)—or none at all.

Rights & Permissions
Share this Article:

Comments

You must sign in or register as a ScientificAmerican.com member to submit a comment.
Scientific American Special Universe

Get the latest Special Collector's edition

Secrets of the Universe: Past, Present, Future

Order Now >

X

Email this Article

X