Whenever there’s a problem in the modern world, we try to solve it by building barriers. Music piracy? Copy protection. Hacked Web sites? More complicated passwords.
Unfortunately, these barriers generally inconvenience the law-abiding citizen and do very little to impede the bad guys. Serious music pirates and Web hackers still find their way through.
Maybe all the hurdles are enough to thwart the casual bad guys. That seems to be the thinking behind the Web blockades known as Captchas. (It’s a contrived acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart.) Surely you’ve seen them: visually distorted words—sometimes real English ones and sometimes nonsense words—represented as a graphic when you try to sign up for something online. You’re supposed to type the words you see into a box.
Captchas were designed by their Carnegie Mellon University inventors to thwart bots (automated hacker programs) that might bring online services to their knees. For example, some bots sign up for Hotmail or Yahoo e-mail accounts by the thousands for the purpose of spewing spam. Some post bogus comments in hopes of raising a site’s search-results ranking.
In theory, only an actual human being can figure out what word is in the Captcha graphic. The letters are just twisted enough and the background is just cluttered enough that a person can read them, but not a computer. Good guys in, bad guys out—the perfect barrier.
In practice, Captchas have just replaced one public nuisance with another. First of all, the images are often so distorted that even a human can’t read them. That’s a particular problem in nonsense words like “rl10Ozirl.” Are those lowercase Ls or number ones? Zero or letter O? Second, there’s the vision thing. If you’re blind, you can’t do a visual Captcha puzzle.
The best Captchas (if that’s not an oxymoron) offer alternatives to fix these problems. There might be a button that offers you a second puzzle if the first is too hard to read or an audio Captcha option for blind people. Above all, though, increasing evidence shows that Captchas are losing the technology war. Researchers and spammers have both been able to get around them.
There have been efforts to replace visual Captchas with less user-hostile puzzles. Some ask you to take an easy math test, answer a simple question, identify a photograph or listen to garbled audio. All of them exclude one group or another, though—such as non-English speakers or deaf people.
Overall, the Carnegie Mellon team estimates that we spend a cumulative 150,000 hours at the gates of these irritating obstructions every single day. In a newer variant, called reCaptcha, at least that time is put to public use. You see a muddied-looking word that comes from a wonky scanned Google book; when you type what it really says, you’re actually helping out with the process of cleaning up and recognizing an actual text.
Nevertheless, we the law abiders are still wasting 17 person-years every single day. That’s a disgraceful waste of our lives. Surely there are better solutions worth exploring.
Maybe we should invent a voluntary Internet identity card so we’re already known when we sign up for something. Maybe Web sites should enforce a short-term limit of one new account or posted comment per “person.” Or the Web site should look at the speed or irregularity of our typing to determine if we’re human.
Or fingerprints. Or retinal scans. Something.
Spammer bots are a problem, yes. But Captchas are a problem, too. They’re a bother, they’re not foolproof and they assume that everyone is guilty until proven innocent. What Captcha really stands for, in other words, is Computers Annoying People with Time-Wasting Challenges That Howl for Alternatives.