Whenever you fill in an online form, you are invariably confronted with a picture of horribly distorted words that you are asked to spell. Are these web hosts just needing a little extra help with their spelling, or is there something more subtle going on?
Filling in online forms nowadays can be a bit of a mission. Not content with forcing you to fill out pages of obscure questions about your first pet etc., before allowing you to hand over your hard earned cash to buy the website’s latest offering, web hosts are now also asking you to decipher increasingly cryptic pictures of words before allowing you to continue.
Is this just a global conspiracy to test the online world’s spelling abilities, or is there a deeper, more important meaning?
Definition of CAPTCHA
As the word CAPTCHA is not one in common usage outside of bearded computer geek circles, perhaps it’s first wise to look at the derivation of the word prior to examining it’s implementations and implications.
CAPTCHA is a made up acronym for Completely Automated Public Turing test to tell Computers and Humans Apart.
The above definition is hopefully fairly self explanatory apart from bit about the Turing Test. This is obviously fundamental to what CAPTCHA is all about, so what is a Turing Test?
The Turing Test was developed in 1950 by the British computer scientist Alan Turing (sometimes referred to as the father of modern computing) and was designed to test a computer’s ability to demonstrate intelligence, or not, as the case may be.
Putting this together with the definition of CAPTCHA above, we should now have a working understanding of what CAPTCHA is; essentially a computer generated test to check that the response has been supplied by a human and NOT another computer.
These automatic tests work on the basic principle that computers are intrinsically stupid, they just do exactly what they’re told and can’t think for themselves.
As such a CAPTCHA test is a simple challenge and response test, where the website’s computer server asks the user a question (the challenge) to which a valid answer (the response) is required before the user is allowed to proceed.
The key factor in this being that the sort of question asked must not easily be guessed or worked out by another computer system, indicating that the response must have come from a human.
So why do we need these CAPTCHA tests whenever we’re asked to complete an online form?
Well, unfortunately some people out there have ulterior motives and set up automated computer systems (called bots) to logon to websites, creating bogus accounts to promote their dubious products or activities; commonly referred to as SPAM.
By implementing these CAPTCHA tests, these spam bots can be stopped in their tracks at the first hurdle.
While CAPTCHA tests can take on many forms, by far the most common is the cryptic picture, where a distorted image of a series of characters is presented to you and you are asked to enter the characters you see in the box provided.
The computer system asking the question knows what characters it displayed, so can match your answer accordingly. If you get it correct, you are allowed to proceed, collecting £200 if you pass go!
While recognising deformed characters is fairly straightforward to us mere mortals, fortunately computers struggle with this, thus providing us with a useful weapon against the spammers.
While most CAPTCHA systems rely on visual clues, some now also utilise audio CAPTCHAs, where you listen to a spoken audio recording with background noise and are asked to type in the characters you hear.
This type of system is a useful addition to the standard visual CAPTCHA systems, enabling visually impaired users equal accessibility to the websites in question.
A good example of this type of accessible an CAPTCHA system (image shown above) can be found at www.captcha.net.
While it may be a pain in the backside to answer these CAPTCHA questions when you have to fill in online forms, unfortunately it’s become a necessary evil in the constant battle against spam.
Think of it this way, every time you answer a CAPTCHA question, you’re reaffirming your supremacy over those dumb computers and helping in the battle against spam!
Richard Rees commented
Captchas are unfortunately starting to get solved by the bots. Bots are getting cleverer and cleverer.
I get around this by tending to make my forms available only via AJAX (modal popups etc.). I’ve yet to find a bot that can make an ajax call (I’m sure it’s just a matter of time). The downside of using ajax is that none of the content on the form is spiderable, but its rare that you would want a search engine spidering a page with a form on anyways.
Anyway, if you like captchas this article may change your mind….
Excellent post YET AGAIN!!! What more can I say, I have always wanted to know the purpose and reason for CAPTCHA and you have explained it in lay mans terms and yet not left anything necessary (I assume anyway) from your explanation.
@Steve: Thanks, that was the aim of the article as an overview of CAPTCHA.
Mark S commented
Captchas are useless. You do not gain anything by making the forms unusable to your visitors. Simple HTML techniques can protect your forms 100%, without jscripts , ajax, or other cryptic image methods.