Google: CAPTCHAs aren't dead yet

Google: CAPTCHAs aren't dead yet

Summary: CAPTCHAs, those fuzzy letters that are supposed to ensure you're a human when you register for an account, have been under fire of late, but Google says their demise is greatly exaggerated.That's the takeaway from a post by Brad Stone in the New York Times Bits blog.

SHARE:
TOPICS: Security, Google
7

CAPTCHAs, those fuzzy letters that are supposed to ensure you're a human when you register for an account, have been under fire of late, but Google says their demise is greatly exaggerated.

That's the takeaway from a post by Brad Stone in the New York Times Bits blog. As most of you know CAPTCHAs have been panned by security researchers of late. Hackers are eluding CAPTCHAs with spambots these researchers say.

According to Stone, Google disagrees. Stone reports:

Google itself is casting some doubt on these reports. Brad Taylor, a Google software engineer known informally as the company’s spam czar, says that internal evidence shows that the rise in spam originating from Gmail accounts stems not from captcha-busting programs. Instead, he said, spammers are using the old-fashioned “mechanical turk” trick—an operation where low-paid laborers in third-world countries are enlisted to solve the puzzles, one by one.

“You can see it is clearly done by humans,” Mr. Taylor said. “There are patterns in the rate we find bogus accounts, like at night time and when people get off work,” in certain parts of the world.

Software may make the process more efficient, but overall spammers are paying folks in the developing world to break CAPTCHAs. Google's comments are an interesting footnote in the ongoing CAPTCHA debate.

Topics: Security, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • The process doesn't matter.

    The process is irrelevant. One of the main purposes of CAPTCHAs is to prevent a blog or forum from having spam posted on it. If the owner can't count on CAPTCHAs to prevent that they now have to moderate, a practice that is generally too time intensive. A blog or forum which is spam full will lose readers. If the site depends on ad revenue (eyes on webpage) then it has a negative economic impact.
    Obviously the spammers are making money or they wouldn't be hiring third-world workers to do this. So as an effective spam determent CAPTCHAs are compromised.
    carlino
    • It is relevant in certain situations

      The process can be very relevant depending on the site. If you have to hire a person to bypass the CAPTCHA, it lowers the effectiveness of the spammer as account creation rate is slower than if it was an automated bot, and also increases their operating costs. It also means there are some sites that are further spared from spam. I have noticed a few that require a CAPTCHA verification past the initial registration, requiring it during account modification and with each post. Linux.com is a good example of requiring verification with every post. With that type of requirement, it is not worth trying to spam the site unless the CAPTCHA is weak enough to be bypassed by a bot. While I can see how some users may balk at having to verify with CAPTCH on a regular basis, it is something that others may be willing to deal with in order to prevent being inundated with spam.
      jheine
  • RE: Google: CAPTCHAs aren't dead yet

    Spam won't disappear as long as email is free.
    Ronny102
    • Even then, some people will still get it.

      Well, people still get junk snail mail, and that costs money.

      It can be made rare, though: Right now, email is trivial to spoof. You can put anything you want as the "from" address, which makes it very easy to avoid the anti-spam tools. However, it is possible to use digital signatures to make spoofing almost impossible. Problem is, nobody can agree on a standard for them.
      CobraA1
  • RE: Google: CAPTCHAs aren't dead yet

    See my Top 10 Worst Captchas

    http://www.johnmwillis.com/other/top-10-worst-captchas/
    botchagalupe
  • RE: Google: CAPTCHAs aren't dead yet

    CAPTCHA's are really in the way these days and often are very useless. Some people believe that they actually works when it comes to seacrching for hackers, spammers, etc. I believe that if spammers and hackers have enough brains to hack into anything they wish they should just about be able to go around the easily misused CAPTCHAS
    rahmel.merritt
  • RE: Google: CAPTCHAs aren't dead yet

    The point of the captcha is to make the cost of gaining access above $0.00 for the automated poster. They succeed in that.

    If they knock out 99.99% of the spam, they are doing the job they were designed to do.

    We need to cooperatively fund an agency to track down the spammers that beat those methods, and ban them from the internet. It might also be interesting to track the people who click on the spammers ads and at least shame them.

    Hey - fake spam! What a concept! I want some on my blog!

    Brad Jensen
    brad@...