Recently Google announced a different kind of captcha.
You know captchas. You’re trying to register with a website but it wants to be reassured you are a real you, not just a robot program masquerading as a human. So you are asked to identify a sequence of letters and numbers presented in distorted form, sometimes set against a confusing background. Try this one.
When this technology was first used, although somewhat irritating to humans, it was fit for purpose. Anyone with normal vision could generally identify the characters, and robot programs couldn’t. Humans 1, robots 0.
But security is an arms race. The programers writing the robots found better algorithms and wrote better robots that could read the captchas. Captcha programers fought back, distorting and obscuring the letters more. In turn coders responsible for the robots upped their act, and so it went on. The race hotted up.
In just a year since I last wrote about captchas we’ve reached a stage where the traditional captcha can only defeat robots if it also defeats people. It’s impasse.
So Google (and some others) have been rethinking.
What are captchas for? To check that you are not a robot.
So the first plank of Google’s new approach is a box to tick, “I am not a robot”.
This sounds silly. Can’t a robot tick the box just as well as you and I? Yes it can, but what it can’t do is use the web page like a human. Google’s technology is capable of monitoring a number of subtle variables, for example the way you use the mouse, and using them to assess the probability that you a human. (This reminds me of a program written two or three years back to address the “kitten on the keys” problem – you leave your computer unattended and the cat walks on the keyboard, generating a whole lot of random typing. That program worked by recognising the cadence of a cat’s footsteps – the characteristic timing and rhythm, different from a human typist – and ignoring the random key presses.)
If there is any doubt about your humanity you’ll still be presented with a good old-fashioned captcha. But most people should be able to pass just on the tick box.
On mobile devices it’s a bit different There is no tick box. Instead you are presented with an image identification task. One of Google’s examples involves a picture of a cat (after all this is the internet!), together with a montage of other images: four incredibly cute kittens, one dog, a dog-like animal, a pair of guinea pigs, and a plant I can’t identify. The human is asked to tap the ones that match the cat picture.
This all makes it easier for the normally sighted person to demonstrate they’re human, but what if you are blind? Obviously the mobile version with the cats won’t work for you, but it’s possible the tick box version might, although anyone with low vision is likely to navigate around the screen in a rather different way from someone fully sighted.
It would be interesting to know if people using screen readers will be able to take the tick box test successfully. At present when confronted by a captcha they usually have to attempt an audible captcha, which I found very challenging to identify when I tried it, and of course many elderly people have significant loss of both vision and hearing.
This technology may also be seen as slightly intrusive. The captcha program is watching what we do, which may disturb some people, although I don’t see it as sinister myself.