DEV Community

Cover image for Are you a robot?: Intro to CAPTCHA
ccaldwell11
ccaldwell11

Posted on

Are you a robot?: Intro to CAPTCHA

Introduction

Whenever you try to log into a website or participate in an online poll, you may notice a tiny check box that inquires:

"Are you a robot?"

This may seem like such a pointless, silly, and easily receivable way to see if the person using the site is a human or a robot, but I'll be the person to let you know that there is a lot more going on in the background than what is being shown. Chances are, the necessary data needed to determine your status as a member of the human race will have been collected before your mouse even reaches the white box to click. That check box test is a type of CAPTCHA test used to make sure that the number of robots present on an application is significantly reduced if not removed entirely.

What is CAPTCHA?

According to the Official CAPTCHA website, CAPTCHA is a "program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot." This means that the intended purpose of the CAPTCHA tests is to determine if a "user" is truly a human or a component of some form of automated program (bot). Short for Completely Automated Public Turing test to tell Computers and Humans Apart, the full phrase that the acronym represents makes it much more apparent as to what the intended function of these programs is. These tests usually appear at specific moments during a user's navigation of an application or website, typically at locations where user input is required in some way, form, or fashion (i.e. login pages, online polls, form submissions, etc.). CAPTCHA can also be triggered by the detection of suspicious behaviors that humans are unlikely to replicate (Cloudflare, "How CAPTCHAs work").

How CAPTCHA Works

The way that CAPTCHA works is by presenting a task to the client that would be considered relatively easy for mostly all humans to work out but much more challenging for an autonomous program to decipher with little to no human intervention. These tasks can make it much more apparent as to what users need to be blocked from proceeding further into an application to avoid automated events from being inflicted. There are currently different versions of CAPTCHA tests that are programmed to check for bots in a variety of ways, but the most infamous trail is the dreaded "distorted text" test.

Image description

This test uses an algorithmically constructed photographic image that has been distorted in a way that makes it visually different from common fonts and text patterns and expects the user to respond with the text that is displayed in the provided image. This test played on the known failures involved with the digitization of text and used this weakness in the current technology in order to provide an additional layer of protection for all internet citizens. Similarly, an audio equivalent of this CAPTCHA test exists that reads the characters to be typed aloud instead of showing the user visually. This proved to not be as inclusive as one would have wanted as members of the deaf-blind community did not have an accessible alternative for that respective demographic (Google, "What is CAPTCHA?").

Image description

Challenges & Concerns

After some time passed from its initial introduction in 2000, CAPTCHA began to receive many critiques due to it taking additional time (up to 30 seconds) for some users to complete. This got to the point where one of the co-cretor's friends allegedly mentioned it to him personally on numerous occasions. With it being a newer technological concept, people still were not fully used to it. The adjustment frustrated and confused many people, and rightfully so. Another major issue was the seemingly unwavering battle between good and bad automatic processes. As time progressed, so did the technology that was created to bypass these security measures that were put in place. A select few bots were able to accurately provide the necessary input to be perceived as a human or closely emulate it which is a major problem. Even in the instances where bots were not able to fool CAPTCHA by itself, "click farms", locations populated with people who manually complete CAPTCHA tests, were being used as well.

Image description

reCAPTCHA

In response to user criticism and other apparent improvements to security that were needed, reCAPTCHA was introduced. reCAPTCHA is a service that is now being provided and maintained by Google to better ensure the security of websites while also providing a more user-friendly experience. reCAPTCHA includes automatic bot behavior detection that keeps track of potential evidence that could prove or disprove a user as a bot. Things like sharp & precise mouse movements, biometric data, IP addresses, and cookie logs are just a few of the factors that can be considered.

Image description

reCAPTCHA also has access to Google's fraud intelligence department and uses the gathered information within its possession to identify and block any users that are probable to have malicious intentions. This paired with artificial intelligence/machine learning-powered threat detection that's "capable of identifying active attacks and uncovering the connections between adversaries and their operations" allows users & site owners to feel more secure while also contributing more to the autonomy of the user end to comfortably combat the autonomy of malicious software or programs (Google, "What is CAPTCHA?"). With all that was included in the reCAPTCHA technology rollout, there should not be a question as to why it is the current officially recommended CAPTCHA implementation by the creators of CAPTCHA.

Image description

CAPTCHA Creator

let captcha;
function generate() {

    // Clear old input
    document.getElementById("submit").value = "";

    // Access the element to store
    // the generated captcha
    captcha = document.getElementById("image");
    let uniquechar = "";

    const randomchar =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

    // Generate captcha for length of
    // 5 with random character
    for (let i = 1; i < 5; i++) {
        uniquechar += randomchar.charAt(
            Math.random() * randomchar.length)
    }

    // Store generated input
    captcha.innerHTML = uniquechar;
}

function printmsg() {
    const usr_input = document
        .getElementById("submit").value;

    // Check whether the input is equal
    // to generated captcha or not
    if (usr_input == captcha.innerHTML) {
        let s = document.getElementById("key")
            .innerHTML = "Matched";
        generate();
    }
    else {
        let s = document.getElementById("key")
            .innerHTML = "not Matched";
        generate();
    }
}
Enter fullscreen mode Exit fullscreen mode

In this code snippet example provided by GeekforGeeks, the code for a simplified version of a "distorted text" CAPTCHA can be created and ran to produce an output like so:

Image description

Conclusion

It is apparent that CAPTCHA technology is needed in this day and age, especially with how common it is for people to have sensitive information about themselves stored on a digital platform. CAPTCHA can not only assist with the security of a user's information and accounts but also prevent biases in data from being formed from the use of repetitive inputs from a bot. Although CAPTCHA programs are not perfect and can allow bots to slip through its cracks every now and then, without them the state of the internet would not be what it is today with its lack of user confidence.

Sources

Top comments (0)