IN THE end, the robots won. On December 3rd, Google announced that it was radically changing its ReCAPTCHA system, the sort of prove-you’re-a-human-and-not-automated-software test that has become all but ubiquitous online. In April, Google researchers published a paper showing that their computer-vision software could decipher their own squashed and twisted images 99.8% of the time.
For many, it comes as little surprise that algorithms can now nearly always beat a CAPTCHA. This is a tortured acronym that stands for “completely automated public Turing test to tell computers and humans apart”, and refers to a notional test devised by Alan Turing, a British code-breaker and computer-science pioneer, in which humans test a machine to see if it can think. CAPTCHAs are the reverse, administered by a machine to make sure the user is of the thinking sort.
- Web Security
It was inevitable that computer-vision research would advance to a point that CAPTCHA text that was in any way legible to humans would also be legible to the machines they had taught. In 2009, Luis von Ahn, the founder of ReCAPTCHA (the sort that presents two images, one of which is designed to make the user extract useful bits of text from an image, such as a scan of a newspaper page or a house number in a photograph), told The Economist that “it will be possible for software to break text CAPTCHAs most of the time within five years.” He was spot on.
The April paper came out of work on text recognition in images from the firm’s Street View archive, and of course on ReCAPTCHA’s arms race to defeat increasingly sophisticated artificial intelligence. Vinay Shet, the product manager for the service, said that the outcome was proof that decrypting squiggly text alone was no longer enough to separate the men from the ‘bots. However, Mr Shet says, Google had already developed a sophisticated risk-analysis system that could do the same job by different means.
The solution—which may seem fantastically simple by comparison to some of the textual hoops web denizens have had to jump through in recent years—is to ask a user to check a box that reads, quite simply, “I’m not a robot”. From particulars that arise in the act of visiting the page and checking the box, the firm’s software can acquire a host of signals of humanity. Dr Shet was loth to share the recipe for the test’s secret sauce, but it surely includes parameters about the connection, such as the network address from which the browser summoned the page. The sum of those attributes may be enough to pass the test; if not, it will also offer pictures of cats, dogs and turkeys for users to identify, which ‘bots are poor at matching. Computer vision has come far, but still has some way to go with certain visual tasks that humans find simple.
No doubt the robots will get better, for getting past CAPTCHAs is big business. Firms that want to purchase large blocks of event tickets stand to make much in the resale market, as do the people who wish to register enormous numbers of email accounts only to sell the bogus addresses to spammers. So it is that Google’s latest move, as with so much of online security, is just the next stage of a cat-and-mouse game. But the firm is active on both sides; the artificial intelligence systems that the new CAPTCHA system aims to thwart are being taught how to think about, for example, what a cat is by seeing which picture real humans choose.
With what amounts to billions of CAPTCHA solutions already processed and billions more to come, Google is breeding the next generation of ‘bots that will fool the systems it has just deployed. Who knows what hoops real humans will eventually have to jump through just to get seats at the theatre.
Powered by Facebook Comments