The end of the CAPTCHA?

CAPTCHA Insanity
CAPTCHA Insanity (Photo credit: JillOW)

Between 2009 and 2011 my work included establishing and editing a website (in English) about news and events in Georgia, in the Caucasus.

Lots goes on in Georgia – it’s a fascinating place – but the number of people interested in reading news in English about it is quite limited: still the site built up a good readership and was widely noted amongst the small international community that follow events there for academic, human rights and other reasons.

But Google Analytics also showed that the bulk of the audience was in Georgia itself. Some times this was because the website was one of the few places that gave a reasonably straight report of some controversial events there, especially if these involved criticism of, or statements by, the Georgian Orthodox Church, by far the most respected institution in the country and one that the government had a deeply uneasy relationship with.

But a growing audience also meant attracting spambots and how to deal with them was an important consideration. Even going away for a few days could attract many dozens of spam messages and deleting them was a pain. Bayesian filters for Drupal (the CMS) seemed to be quite poor, so that was not an automatic solution either.

So, I chose the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) – in this case some mangled text that would be posters had to decipher before they could successfully comment on the site. With the CAPTCHA spam all but disappeared (though plainly there are some desperate people even prepared to wade through CAPTCHAs to post their ads).

Now, nobody likes CAPTCHAs – they are a terrible pain, because quite often the text is so mangled it is difficult to read. But I discovered Georgian readers loathed them. For a start they were in an unfamiliar alphabet -he Georgian – Kartuli – alphabet is completely different (for instance there are no capital forms) from Roman or even Cyrillic, even if there are some Greek influences on it –  and then it required them to use a different keyboard layout. ი სტილლ ჰავე ა გეორგიან ლაყოუტ ავაილაბლე ჰერე – სო ტჰის ის სომე ენგლისჰ ტრანსლიტერატედ ინტო გეორგიან.

So eventually the CAPTCHA had to go and I went back to relying on poor quality Bayesian filtering and hand weeding.

Now, it seems, that might be where we are all headed: as Slashdot reports audio and video CAPTCHAs have been cracked and cracking software can even score a 1% success rate against reCAPTCHAs – the toughest type apparently (do read this link on reCAPTCHAs and the social function they fulfil, I often wondered why it was possible to ‘pass’ them with little better than guesses and now I know why).

The failure of audio CAPTCHAs is, I fear, quite likely to lead to their demise as a widely used security technique – as without them those using screen readers and similar audio technology may face some sever difficulties in accessing CAPTCHA guarded content.

Still, well implemented Bayesian and other filtering has already saved email from complete collapse, so maybe it is time to give the Georgians a break and turn all the CAPTCHAs off?

%d bloggers like this: