The Internet is a fantastic tool for constructive web sites to gather users for a common purpose; however, the Internet is also a fantastic tool for abuse of these same web sites. People who want to take advantage of websites do so by creating automated programs employing various algorithms and routines (hereinafter “bots”) that create fictitious accounts or access content for a multitude of reasons.
In an effort to block these bots, builders of web sites have created a variety of tests to determine if the user is a bot or if the user is a human. Initial efforts required a user to simply enter an alphanumeric string into an input field. However, as character recognition engines became more available, such “tests” became easily defeated. What was needed was a more robust form of test—one that couldn't be easily defeated.
Carnegie Mellon University coined the term “CAPTCHA” (Completely Automated Public Turing test to tell Computers and Humans Apart) for these types of tests. A common type of CAPTCHA requires that the user type the letters, digits or characters of a distorted image appearing on the screen. The objective is to create an image that a bot cannot easily parse but that is discernable by a human. Such efforts have been successful in preventing non-adaptive software from recognizing the imaged characters, but people intent on abusing these sites have designed ways to circumvent the CAPTCHA, such as through specially tuned character recognition programs. A brief survey of the Internet will reveal many resources that describe how to tune and/or use character recognition to decipher CAPTCHA including aiCaptcha, Simon Fraser University and PWNtcha.
The result of the foregoing is that while CAPTCHAs are becoming increasingly more difficult for bots, they are also becoming more difficult and/or burdensome for human users. In certain instances, the desire to defeat the bots has resulted in images that are so distorted that some human users cannot decipher the images. This is particularly true with users having a visual deficiency or imparity. As a partial solution to this escalation of perception difficulty, some web sites have begun adding a link to a sound file that will speak the characters, but these sound files are also being drastically distorted to protect against being discerned by bots through speech pattern matching algorithms. Other web sites like Facebook.com, have gone so far as to adopt a practice requiring deciphering two distorted word images to increase the complexity for bots. While perhaps achieving the stated objective, the collateral effect is to exacerbate the existing burden to human users.
Current CAPTCHA technology is visual or auditory in nature, requiring the human user to answer a test that should be simple to most humans but difficult for non-humans, e.g., bots. Visual CAPTCHA using distorted images is widely used as the primary test by nearly every top Internet site including Yahoo, Google, You Tube, Microsoft's Live ID, MySpace, Facebook, Wikipedia, Craigs List. By using solely visual testing criteria, nearly all users will be able to invoke the requested action; not all users have functioning audio equipment or environments such as libraries may not permit such use.
A positive user experience is critical to the success and increased popularity of a given website. Designers of web sites go to great lengths to ensure their website is as user friendly as possible. Carnegie Mellon University estimates that 60 million CAPTCHA tests are deciphered every day and with an average time spent of 10 seconds, requiring a total of 150,000 hours of work spent every day trying to protect web sites from bots. Reducing or eliminating the requirement of a user having to decipher CAPTCHA is one more way websites can create a more positive user experience for their visitors and minimize opportunity costs.