CAPTCHA Alternative on the Web

Completely Automated Public Turing test to tell Computers and Humans Apart (“CAPTCHA”) is proving to be a valuable web service. The most common use for CAPTCHA is to block automated comment spam in blogs.

Graphical CAPTCHAs are serious barriers for low-vision and blind users. Those with learning disabilities, such as dyslexia, may also be adversely affected. The use of patterned backgrounds is an increasing issue for color-blind users with more sophisticated CAPTCHAs.

In 1997, the US Census Bureau estimated about 7.7 million Americans had difficulty reading an ordinary newspaper. The American Foundation for blind reveals a low estimate of 1.5 million Americans who are visually impaired computer users.

Audio CAPTCHA

Many companies are trying out audio CAPTCHAs, spelling out random letters with arbitrary sound in the background. However, aural disabilities are more common than visual ones, so the approach isn’t really more accessible. The purpose of discriminating between humans and computers is not filled even as speech recognition software is more advanced than character recognition.

CAPTCHA is broken

Several projects to crack common visual CAPTCHA algorithms, particularly The CAPTCHA Project (by the Carnegie Mellon School of Computer Science), the UC Berkeley Computer Vision Group, and Sam Hocevar’s PWNtcha, have thrived.

Often easier than fancy programming, the first widely recognizeds ocial engineering solution was to “borrow” CAPTCHAs from target sites and show them at entry points to porn sites. Visitors to porn sites would solve the CAPTCHAs, allowing spammers to get essentially free labor. Amazon’s Mechanical Turk, which gives micro-payments for minimal tasks, is an example of another way CAPTCHAs could be defeated.

What is the underlying purpose?

The real reason for CAPTCHAs is to screen out undesirable users. For low traffic sites, it means avoiding automated access and can be realized in a relatively easy way.

Due to value of their services and their size, sites like Yahoo! and Google have a major problem. When launching their Gmail email service, Google limited the accounts to those invited by other active users. There was a good bit of commotion initially as gmail.com addresses became a sign of prestige. Google is allowed by the invitation system to track users that are abusing the service, as well as which users invited abusers. Having moved a step further, Google allows potential users to have an invitation code sent to mobile phones. The number of accounts requested per phone number can be tracked.

Google’s responsibly enables users with disabilities to evade the CAPTCHA, even as it involves human-to-human interaction to complete, which is a costly option. Google’s account request page, however, does use a CAPTCHA.

Real solutions

Numerous solutions to the problems with CAPTCHA have been proposed and debated, and the majority has major cost or accessibility problems. Some sort of federated identity system seems to be a good solution, which is really just offloading the trouble of user validation to someone else.

Source: Tag-strategia.com (Blog)