Google: CAPTCHAs aren't dead yet

CAPTCHAs, those fuzzy letters that are supposed to ensure you're a human when you register for an account, have been under fire of late, but Google says their demise is greatly exaggerated.

That's the takeaway from a post by Brad Stone in the New York Times Bits blog. As most of you know CAPTCHAs have been panned by security researchers of late. Hackers are eluding CAPTCHAs with spambots these researchers say.

According to Stone, Google disagrees. Stone reports:

Google itself is casting some doubt on these reports. Brad Taylor, a Google software engineer known informally as the company’s spam czar, says that internal evidence shows that the rise in spam originating from Gmail accounts stems not from captcha-busting programs. Instead, he said, spammers are using the old-fashioned “mechanical turk” trick—an operation where low-paid laborers in third-world countries are enlisted to solve the puzzles, one by one.

“You can see it is clearly done by humans,” Mr. Taylor said. “There are patterns in the rate we find bogus accounts, like at night time and when people get off work,” in certain parts of the world.

Software may make the process more efficient, but overall spammers are paying folks in the developing world to break CAPTCHAs. Google's comments are an interesting footnote in the ongoing CAPTCHA debate.