Trust is an asset in web-based interactions. For example, a user must trust that an entity provides sufficient mechanisms to confirm and protect her identity or other confidential information in order for the user to feel comfortable interacting with such entity. Further, an entity that provides a web-resource must be able to block automated attacks that attempt to gain access to the web-resource for malicious purposes. Thus, sophisticated authentication mechanisms that can discern between a resource request originating from a human being and a request generated by an automated machine are a vital tool in ensuring that web-resources are protected from automated attacks and developing the necessary relationship of trust between a resource provider and a user.
CAPTCHA systems (“completely automated public Turing test to tell computers and humans apart”) can provide such an authentication mechanism. One goal of a CAPTCHA system is to exploit situations in which it is known that humans perform tasks better than automated machines. Thus, as part of a verification process, CAPTCHA systems can provide a challenge that is solvable by a human but generally unsolvable by a machine.
In some instances, illegitimate human users, such as CAPTCHA farmers may attempt to solve a plurality of CAPTCHA challenges and to provide the solutions to the CAPTCHA challenges to one or more “bots,” such that the bots may gain access to a plurality of web-resources. In such instances, it can be difficult to distinguish an illegitimate human user such as a CAPTCHA farmer from a legitimate human user.