CAPTCHA allegedly stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. What it actually stands for is “Chuffing Awful Process That Completely Humiliates Anyone”.
There is little more degrading to sane people than to make an innocent request on a website and be thrown a random series of incomprehensible squiggles and then asked to type what it says to “prove” I have a soul. It turns the whole notion of security on its head and presumes you’re guilty unless proven innocent.
Look at this one I was thrown today:
I requested three more and couldn’t read any of them. It’s like some kind of badly thought out Ishihara or Rorschach test and I half expect, after 3 or 4 failed attempts, the browser to turn around and tell me I’m too stupid to own a computer and shut down as a punishment.
But what does this so-called security achieve? Precious little. Time and again, captcha systems are broken by machines, or by unwitting humans used to break systems on other sites. All implementers can do is make them harder for us to read, which is a huge usability barrier and doesn’t solve anything.
It’s time people realised that there’s more to security than using a single test. One test is never enough. We need to look at this holistically.
Security is nearly always obtrusive. As an example, biometric security is a joke or, at best, an oxymoron. If I put a gun to someone’s head and marched them to a scanning station, forcing them to authenticate and let me through with them (or in place of them) there’s not a damn thing a computer can do about it. That’s using flawed technology and flawed human characteristics to create a false sense of security.
Similarly, a CAPTCHA system throws technological weight towards solving a problem that is inherently human.
Q: Why does someone feel they need a CAPTCHA?
A: To stop automated attempts to post information.
Q: Why does someone feel the need to post that information automatically?
A: Because it is an easy way to reach a wide audience.
Q: Why does a person need to disseminate that information?
A: Because it pays to do so.
Q: Why does it pay?
A: Because there’s a demand.
Q: Why is there a demand?
A: Because it’s been generated by advertising or +ve/-ve legislation.
Q: So who generated that demand? Who benefits?
A: Now there’s the question! The answer to that one is: industry and the keepers of the socio-economic status quo.
The result is that every time I want to, say, write a Facebook App or comment on someone’s blog I’m challenged to prove I exist because large corporations (through spam campaigns), governments (through legislation) and people who print money for a living (through control of wealth) are engineering society that way.
By paying journalists and citizens lured by get-rich-quick schemes to disseminate information on a large scale to generate wealth for those at the top, I’m inconvenienced by the same people who are trying to sell me stuff or keep me downtrodden.
And someone invented CAPTCHA to address that? Bit of a disconnect, methinx.