March 27, 2009, CAPTCHA tells computers and humans apart, By Charles Miller

CAPTCHA tells computers and humans apart
By Charles Miller

Something appearing on the internet more and more lately, much to everyone’s irritation and annoyance, are those difficult-to-read letters called “CAPTCHA.” Thousands of websites, including banking, email and many others, now use this test in an effort to make sure it really is a live human being doing the typing.

This has become necessary because of the number of crooks and con artists who have developed automated techniques for cracking passwords, accessing your bank account or sending spam. The last is a big problem because spammers have used automated robots to set up thousands of bogus email addresses from which they can send out spam.

To combat these problems, many websites have resorted to using CAPTCHA, those skewed and malformed letters that a human being can (hopefully) read and type, but that a mechanized system would not be able to recognize.

CAPTCHA is an acronym and not just the word “capture” mispronounced. It is a registered trademark owned by Carnegie Mellon University and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”

“Turing” refers to Alan Turing, who was a mathematician and early computer pioneer. Part of his work was directed toward the question of how to tell people and computers apart. Though his work was involved in breaking the German Enigma code during World War II, it is today taking on much greater importance for the internet. The so-called “Turing Test” is one used to tell if you are dealing with a machine or a real person.

Those wacky-looking, warped and deliberately obscured chunks of text or letters and numbers are a problem the human user is asked to solve by retyping correctly. The idea is that this would be easy for humans and hard for a robot. Unfortunately, computer technology has improved to the point that for the test to be hard for computers, it also has to be really hard for people.

A fierce battle is now raging. As soon as your bank or broker puts a stronger CAPTCHA on its website, some crook finds a way to circumvent it. The most incredibly ingenious method of which I have read is the crook who runs a high-traffic website, such as a porn site. When someone comes to that site, it logs onto a financial site and grabs the CAPTCHA from the other site. It then presents the CAPTCHA from the financial site to the person surfing the porn site. That person solves the CAPTCHA to gain access to the porn site, but the results are also entered on the financial site. The person surfing the porn site never knew he/she was being used to help some crooks gain unauthorized entry to a financial site.

This same concept is actually now used to a good and constructive end. Some folks using Optical Character Recognition (OCR) software to digitize books had trouble with their OCR software not being able to identify certain words. These unidentified words were converted to CAPTCHAs, which internet users had to solve to access certain websites. Using this method, it is estimated that 60 million mistakes in scanned documents are currently being corrected by humans every day.

So, if you visit a website and solve a CAPTCHA, not only have you perhaps proven yourself to be human, but you might have also helped clean up some errors in digitized books.

Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044 (415) 101-8528 or email FAQ8 (at) SMAguru.com.