My Love-Hate Relationship with CAPTCHA

by Joanna Pineda Posted on September 23, 2008

By now, most of us are familiar with CAPTCHA graphics, or the graphics with squiggly text that we have to retype correctly in order to submit a form.  I understand that CAPTCHA was developed to stop spam, prevent bots from hijacking forms and surveys, and prevent dictionary attacks against sites. But I’ve noticed recently that these tests are getting harder and harder, to the point where they are preventing me from submitting forms on the first, second, even third try.

CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. A CAPTCHA is a type of challenge-response test used mainly on Web pages to ensure that the response is not generated by a computer. For example, humans can read distorted text on a graphic, but computer programs (most of them at least) cannot.

Here are some examples of CAPTCHA:

Here’s the problem.  Computer programs are getting smarter and smarter. “Spammers and malware authors are able to break Captcha process,” says Carl Leonard in an article in The Guardian.  As a result, CAPTCHAS are getting harder and harder.

On my personal blog, which I host on, I sometimes have to type the text 3 or 4 times before I get it right.  I sometimes look at the squiggly text and think, “you’ve got to be kidding.”  I just hit submit and hope the next test is easier, which I guess defeats the idea behind CAPTCHA.

BTW, new CAPTCHAs are being developed in an effort to foil the spammers, scrapers and bots.

My favorite CAPTCHA is RECAPTCHA.  This is a project to digitize books, which are scanned and run through OCR (optical character recognition). RECAPTCHA sends words that cannot be read by computers to the Web in the form of CAPTCHAs for humans to decipher.  This is the CAPTCHA that we use on the Matrix Group Web site; it uses traditional, squiggly text but we think it’s cool to save books.

Of course, CAPTCHA is not the only answer to stopping spam posts on blogs, dictionary attacks against searches, etc.  This blog, for example, uses a spam filter to filter out possible spam comments.  We opted against a CAPTCHA as an experiment and because the Akismet filter we’re using has been so effective.

The final word on CAPTCHA?  I guess here it’s to stay, but it will morph into more complex tasks , and I will surely continue to struggle against these increasingly complex tasks that I need my CMU grad husband to help me figure out. 🙂

4 replies on “My Love-Hate Relationship with CAPTCHA”

I think both advanced CAPTCHAs are broken. The SQUIGL-PIX test seems to be a little too cutting-edge in its HTML and doesn’t work for me in either Firefox or Opera; I think it’s using SVG in its implementation. The ESP-PIX one seems to be having problems with corrupted image files; no browser I have will display the images, and if I download them manually, my image viewer reports a decoding error.

I’m glad I’m not the only one having trouble with the new CAPTCHAs. I can get squigl-pix to work in Firefox and IE, but still nothing on esp-pix. I tried esp-pix in IE and Firefox; in IE, the images don’t render properly; in Firefox, all I get are red dots in the boxes. Oh well, I guess these CAPTCHAs still need work.

[…] Raise your hand if you have ever abandoned a form because you couldn’t get the CAPTCHA right. I know I have. I thought my years of staring at the screen had made these CAPTCHAs harder to decode. I was relieved when Joanna Pineda, CEO of Matrix Group, gave her observation that as Image reading software becomes better and better – CAPTCHA tests are g… […]

SQUIGL-PIX doesn’t work for me in Chrome either. It’s also slow and makes cultural assumptions.

Comments are closed.

Related Articles