An update to the way Google’s reCAPTCHA anti-bot system works aims to automatically determine whether a visitor is a human or a bot
Under changes made in the latest reCAPTCHA update, users will have an easier time typing in the special random codes used by the app because it will now be able to determine whether the visitor is a human or an automated bot, according to a 25 October 25 post by Vinay Shet, a product manager for reCAPTCHA, on the Google Online Security Blog.
“For over a decade, CAPTCHAs have used visual puzzles to help webmasters keep automated software from engaging in abusive activities on their sites,” wrote Shet. “However, over the last few years advances in artificial intelligence have reduced the gap between human and machine capabilities in deciphering distorted text. Today, a successful CAPTCHA solution needs to go beyond just relying on text distortions to separate man from machine.”
That’s where the idea came from to improve the product to thwart bot attacks while making it easier for humans to use. “As a result, reCAPTCHA is now more adaptive and better-equipped to distinguish legitimate users from automated software,” he wrote.
“The updated system uses advanced risk analysis techniques, actively considering the user’s entire engagement with the CAPTCHA – before, during and after they interact with it,” wrote Shet. “That means that today the distorted letters serve less as a test of humanity and more as a medium of engagement to elicit a broad range of cues that characterise humans and bots.”
The distorted letters used in reCAPTCHA messages are meant to make it hard for automated bots to “read” so they are stopped from duplicating the messages and getting farther into a website. But that also means that some messages can be hard for humans to read as well, requiring them to ask for a new reCAPTCHA message that they can read. For humans, that can be frustrating and delay one’s interaction with a website.
As part of the fix for this situation, engineers for Google’s reCAPTCHA wrote new code that helps determine whether a potential user is actually a human or not, and then serves up CAPTCHAs to humans that will be simpler to read and retype, according to Shet. “Bots, on the other hand, will see CAPTCHAs that are considerably more difficult and designed to stop them from getting through.”
The engineers and researchers who worked on the project also found that numeric CAPTCHAs are significantly easier to solve by users, compared with those using arbitrary letters and text, wrote Shet. With numerical reCAPTCHA messages, users are able to use them perfectly almost every time. “Bots, however, won’t even see them. While we’ve already made significant advancements to reCAPTCHA technology, we’ll have even more to report on in the next few months, so stay tuned,” he wrote.
Google bought reCAPTCHA in 2009 to improve book scanning for its Google Book Search project, according to an earlier eWEEK report. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” They are those quixotic codes you have to enter into websites to let them know you are human and not some grubby spamming machine, which has trouble deciphering the funky text and words the CAPTCHAS put in front of them as passwords to enter.
ReCAPTCHA founder Luis von Ahn and others actually coined the “CAPTCHA” term at Carnegie Mellon University in 2000. Von Ahn, a computer science professor at the university, went on to create reCAPTCHA in 2008. Because this technology improves the optical character recognition (OCR) process of converting scanned images into plain text, the technology can boost text scanning projects such as Google Books and Google News Archive Search.
Are you a security pro? Try our quiz!
Originally published on eWeek.