CAPTCHA stands for the Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs are tools you can use to differentiate between real users and automated users, such as bots. CAPTCHAs provide challenges that are difficult for computers to perform but relatively easy for humans.
A CAPTCHA is a type of challenge–response test used in computing to determine whether or not the user is human. The term was coined in 2003 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford. The most common type of CAPTCHA was first invented in 1997 by two groups working in parallel. Wikipedia
Can Captcha be bypassed?
CAPTCHAs Can Waste Customers’ Time
When a human encounters a CAPTCHA test, they have to spend precious seconds looking at it and responding. A bot can bypass the test—acting like a CAPTCHA skipper and proceeding almost directly to purchase in milliseconds.
CAPTCHA and reCAPTCHA: How Can You Bypass It?
Bots
April 21, 2021
by Richard Kahn
If you have spent any time on the internet in recent years, you’ve had to check a little box to tell the world, “I’m not a robot.” This little box was invariably accompanied by a small visual or audio test, called CAPTCHA.
You have to pass the CAPTCHA test to prove you are “not a robot” before you can access some part of a website. Usually, this occurs at a point where you need to complete a form to sign up, subscribe, or make a purchase on a website or app.
For many users, these have been an annoying and time-consuming necessity of the internet—often leaving them wondering how to avoid CAPTCHA. For the companies using them, however, CAPTCHA tools have been a reassuring security measure. This has given them confidence that the people accessing their website are genuine visitors and not fraudsters. There is one problem though, they don’t always work.
In this article, we will go through exactly what CAPTCHAs are, how they can easily be bypassed or are otherwise ineffective, and what you can do instead to truly protect yourself from fraudulent users.
Table of Contents:
What Is CAPTCHA?
What Is reCAPTCHA?
The Downsides of CAPTCHA
What Can You Do about CAPTCHA Bypasses?
What Is a CAPTCHA?
As the internet started gaining traction in the 90s, internet malpractice followed close behind. CAPTCHAs were created in response to this as a way of differentiating genuine users from bad bots merely crawling through websites to perform some form of fraud.
The very name CAPTCHA explains this goal, standing for ‘Completely Automated Public Turing test to tell Computers and Humans Apart’, with a Turing Test being a creation designed to differentiate between human intelligence and that of a machine.
These early CAPTCHAs took the form of text altered in some way to make it impossible for bots to read. While initially, they were very successful, quick advances in computing meant that bots were able to read what the text said.
In fact, pretty soon bots got so good at bypassing CAPTCHA that, by 2014, Google found that their reCAPTCHA program (a development from the original CAPTCHAs) could be bypassed by bots over 99% of the time.
What Is reCAPTCHA?
reCAPTCHA is a human verification system developed in 2007 and purchased by Google in 2009. Initially, the tool was developed to help digitize books that couldn’t be scanned by computers. Once enacted to verify users, reCAPTCHA displayed two different distorted words with lines running through them (compared to CAPTCHA’s random sequences of letters and numbers).
By 2012, the project began incorporating images from Google Street View. By now, you’ve almost certainly spent a decent chunk of time clicking all of the images that contain a stoplight just to prove you’re not a bot. And you’ve probably failed some of these tests, too! As noted by Baymard Institute, “Only 66% of users during our qualitative usability testing successfully entered the CAPTCHA on the first attempt.”
There were a few more iterations of reCAPTCHA, including the noCAPTCHA reCAPTCHA (where low-risk users only had to click a checkbox that stated “I’m not a robot”) and reCAPTCHA v3.
About reCAPTCHA v3
In 2018, Google unveiled reCAPTCHA v3, the latest iteration of the tool. Even if you’re an incredibly proficient internet user, there’s a good chance you’re scratching your chin and wondering whether you’ve come across reCAPTCHA v3 before.
With reCAPTCHA v3, you don’t have to decipher distorted words, you don’t have to click boxes to indicate you know what a car looks like, and you don’t even have to click the “I’m not a robot” checkbox, either. That’s because reCAPTCHA v3 exists largely in the background—completely invisible to the average user.
As such, reCAPTCHA v3 helps companies detect bots while ostensibly delivering a better user experience—but it hurts user privacy in exchange.
Here’s how it works: Google analyzes behavior as users navigate a website, and they rank that behavior to determine how “risky” the user is, i.e., how likely it is that the session is actually a bot and not a human.
While reCAPTCHA v3 can help websites detect bots, it’s only good for that use case. If you want to protect your website from ad fraud, you’ll need to do more than rely on this service. Based on client performance data, carefully crafted malware and human fraud will get past reCAPTCHA v3 and has a high false positive rate in mismarking real people as fraud.
The Downsides of CAPTCHA
As useful as CAPTCHA has been in the past, it’s important to realize that they aren’t without their downsides. These tools leave much to be desired as ad fraud prevention methods. Some key issues with CAPTCHA and reCAPTCHA include:
CAPTCHAs Hurt the User Experience
Imagine you’re heading to a retailer’s website to complete an e-commerce transaction. You just found out about a new product, and you’re eager to buy it as soon as possible. As you begin the process of checking out, you run into a CAPTCHA. Worse yet, you fail the test. Would such an experience make you more or less likely to complete the purchase?
If the CAPTCHA test is poorly made, it can be failed multiple times. For example, if there’s a requirement to “pick all boxes that have a fire hydrant” and it’s all one big fire hydrant with just the tip of a piece on a few pixels on one box, should it be clicked or not?
This can be extraordinarily frustrating for users—which impacts user engagement and conversions.
CAPTCHAs Can Waste Customers’ Time
In more recent news, CAPTCHAs have been shown to eat up extra time for users. For example, the PS5 and Xbox Series X console launches have pitted human buyers against bots owned and operated by scalpers on retailer websites.
When a human encounters a CAPTCHA test, they have to spend precious seconds looking at it and responding. A bot can bypass the test—acting like a CAPTCHA skipper and proceeding almost directly to purchase in milliseconds. The result? The bot buys dozens of consoles and the human gets an “out of stock” error message by the time they finish the test.
Killing Conversion Rates
Taken together, it comes as no surprise that annoying experiences and more time required to complete actions translate into a 40% lower conversion rate with CAPTCHA. It’s worth noting that CAPTCHAs won’t just prevent you from generating more leads or selling more products at that moment. Since consumers are likely to stop supporting brands after a bad experience, they may very well prevent you from racking up sales in the future, too.
CAPTCHA Bypass Is Too Easy with Modern Bots
If hurting the user experience wasn’t enough to cause you to think about ditching CAPTCHAs, here’s something else to consider: Due to the evolution of technology, artificial intelligence (AI) has gotten to the point where a modern “CAPTCHA bot” or “block reCAPTCHA tool” can bypass the test with ease—defeating their purpose entirely.
Since CAPTCHAs don’t offer any kind of support or analytics, you can’t zero in on where fraud is coming from. Even if your CAPTCHAs somehow prevented bots from getting around them, you’d still have to deal with malware and human fraud.
Unfortunately, despite attempts to outrun malicious users in digital advertising, just a quick Google search will provide you with an abundance of sites telling you exactly how to get around even the most complex tests.
Additionally, these tests are often so difficult or poorly-made that users get genuinely angry in dealing with them, painting a less than ideal picture of CAPTCHAs. Best case, this leads to a sour taste in their mouth from the user experience. In the worst case they leave the site altogether.
Even when it comes to reCAPTCHA v3, it is shockingly easy for fraudsters to gain a high score using a carefully crafted CAPTCHA bot or by employing human fraud farms. These sophisticated fraudsters can easily bypass the CAPTCHAs they face.
By putting the responsibility on the website owner, you are left with people deciding what traffic probably should get to their sites. With all this in mind, probability comes with a high risk of false positives. The most commonly used CAPTCHAs today should not be used as a definitive solution to block fraudulent traffic.
What Can You Do about CAPTCHA Bypasses?
Thankfully, there are ways to block fraudulent traffic that are better at identifying malicious bots, malware, and human fraud that do not ruin the user experience and don’t leave the decision-making in your hands.
Using Biometrics
You could verify users are real humans and not bots by using biometrics. For example, you might ask people on smartphones to prove their identity with their fingerprint. There are other kinds of biometrics to consider, too—including typing biometrics, speech recognition, and facial recognition.
Depending on your use case, however, biometrics might not be the best option. On one hand, such systems tend to be pretty pricey. On the other, not too many consumers are keen on giving away their biometric data to a company that sells socks, for example.
Multi-Factor Authentication
You can also implement a multi-factor authentication (MFA) method to make sure actual humans are accessing your systems. For example, you might have someone log into their account and then send them a text message with a one-time passcode they need to input on your website to get to the next step.
While this method can be helpful in secure environments—like banking and brokerage accounting apps—it will likely create far too much user friction for the average company.
ojoojoo.com results
Why Does Glo Have Dirty Ips by Nobody: 12:27pm On Jul 05, 2016
Each time I browse the internet with Glo network, I keep solving captchas and authenticating. And the worst is that the ip is so static that even when I restart my system, it still has the same IP. Anybody noticed it?
Re: Why Does Glo Have Dirty Ips by Nobody: 6:09pm On Nov 17, 2016
This is pure truth!!! It has gotten worse these days… Seun… Help us. cry cry
Re: Why Does Glo Have Dirty Ips by STEKENT: 6:13pm On Nov 17, 2016
You can only browse Naija blog with it, other country NO
Re: Why Does Glo Have Dirty Ips by yomalex(m): 8:53pm On Nov 17, 2016
Lots of users and so lots of people who…
