Craptcha

c: | f: /

CAPTCHA allegedly stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. What it actually stands for is “Chuffing Awful Process That Completely Humiliates Anyone”.

There is little more degrading to sane people than to make an innocent request on a website and be thrown a random series of incomprehensible squiggles and then asked to type what it says to “prove” I have a soul. It turns the whole notion of security on its head and presumes you’re guilty unless proven innocent.

Look at this one I was thrown today:

Bad captcha

What the…

I requested three more and couldn’t read any of them. It’s like some kind of badly thought out Ishihara or Rorschach test and I half expect, after 3 or 4 failed attempts, the browser to turn around and tell me I’m too stupid to own a computer and shut down as a punishment.

But what does this so-called security achieve? Precious little. Time and again, captcha systems are broken by machines, or by unwitting humans used to break systems on other sites. All implementers can do is make them harder for us to read, which is a huge usability barrier and doesn’t solve anything.

It’s time people realised that there’s more to security than using a single test. One test is never enough. We need to look at this holistically.

Probable cause

Security is nearly always obtrusive. As an example, biometric security is a joke or, at best, an oxymoron. If I put a gun to someone’s head and marched them to a scanning station, forcing them to authenticate and let me through with them (or in place of them) there’s not a damn thing a computer can do about it. That’s using flawed technology and flawed human characteristics to create a false sense of security.

Similarly, a CAPTCHA system throws technological weight towards solving a problem that is inherently human.

Q: Why does someone feel they need a CAPTCHA?
A: To stop automated attempts to post information.

Q: Why does someone feel the need to post that information automatically?
A: Because it is an easy way to reach a wide audience.

Q: Why does a person need to disseminate that information?
A: Because it pays to do so.

Q: Why does it pay?
A: Because there’s a demand.

Q: Why is there a demand?
A: Because it’s been generated by advertising or +ve/-ve legislation.

Q: So who generated that demand? Who benefits?
A: Now there’s the question! The answer to that one is: industry and the keepers of the socio-economic status quo.

The result is that every time I want to, say, write a Facebook App or comment on someone’s blog I’m challenged to prove I exist because large corporations (through spam campaigns), governments (through legislation) and people who print money for a living (through control of wealth) are engineering society that way.

By paying journalists and citizens lured by get-rich-quick schemes to disseminate information on a large scale to generate wealth for those at the top, I’m inconvenienced by the same people who are trying to sell me stuff or keep me downtrodden.

And someone invented CAPTCHA to address that? Bit of a disconnect, methinx.

5 of you scribbled here

    Mr McSpammy

    I am a smelly spam bot. And I wear a tin foil hat. I demand you visit stefdawson.com/blog. It will engross your dangly bits!

    Netcarver

    <technical rant>
    Are these little questions really Turing tests? I don’t think so, not unless there is an army of operators hidden behind the scenes at most sites observing the visitors’ replies to the conundrums.

    AFAIK, a Turing test involves having a human decide if the responses they receive are generated by a machine or another human.

    But these little beasties involve having a machine try to make the same distinction. At least, I think they are made by machine. Unless, perhaps, the decisions have been outsourced.
    </technical rant>

    Stef Dawson

    Totally agree. Captcha is a misnomer and I’m sure Turing is spinning in his grave seeing how his good work is being abused in the fruitless and ill-directed pursuit of corporate spam reduction.

    Sheogorath

    A better acronym: CRAPTCHA, Completely Rubbish Automated Public Turing test that doesn’t tell Computers and Humans Apart. Simples!

    Stef Dawson

    @Sheogorath: I like it! Apt and to the point.

Type away

(required)

(required, never made visible)

(optional, linked with rel="nofollow")

(required)