The CAPTCHA test - the security measure that requires users to correctly identify distorted text when accessing web pages - has become something of a necessary evil online. The main purpose of a CAPTCHA (an acronym for 'Completely Automated Public Turing test to tell Computers and Humans Apart') is to try and make sure only human users can successfully identify the text, preventing automated software from getting through and 'attacking' the site.
Although these garbled images can sometimes prove incomprehensible for legitimate users - we've all failed or been forced to refresh particularly irritating ones - they have proven a valuable tool for decreasing spam and hacking traffic since their widespread introduction in the early 2000s.
Given the ever adaptive nature of spammers and hackers, however, the CAPTCHA is no longer as useful as it once was. Some of the methods that have been developed to attempt to automatically bypass the restriction include character and image recognition software, with some hackers even developing databases full of the finite amount of known CAPTCHAs. In other cases, sweatshop labour is used to bulk identify and bypass the security images, or fake websites are set up to trick legitimate users into 'solving' what they believe is a genuine CAPTCHA.
GOTCHA - Generating panOptic Turing Tests to Tell Computers and Humans Apart - is being proposed as a possible successor to the existing CAPTCHA. Developed at Carnegie Mellon University, the same institute responsible for the earlier security software, the proposed GOTCHA model makes use out of inkblot or Rorschach tests to further differentiate between a human user and an automated one.
How it works
MIT Technology Review explains the software in depth. It's a more complicated process than the existing one. When signing up to a website, a user is required to assign words or phrases to a series of inkblot tests consisting of randomly placed multicoloured dots. The responses are stored, and every time an extra security layer is required, the user must again identify inkblots and assign their previous description from a list of possible phrases.
The hope is that the personalised nature of the answers means 'bots' will be locked out, as the random multicoloured dots make pattern recognition more difficult for computers.
The new method has undergone a successful trial using Amazon 'Mechanical Turk' members - individuals who sign up to perform repetitive tasks in exchange for small payments. It is still, however, in its early stages, with the team acknowledging in their initial report that there is room for improvement in terms of GOTCHA accuracy and usability.
There are many potential other roadblocks facing GOTCHA's possible future implementation. Both website owners and users might be reluctant to accept a significantly more complicated sign-up process, while the developers also acknowledge complex, multi-word phrases are more effective. Multicoloured dots could cause accessibility issues, with visually impaired users already at a significant disadvantage with CAPTCHA (a computer voice often provides an optional audio accompaniment for this reason: a 'dot' equivalent is effectively impossible). Given the way hackers operate, it is inevitable that some sort of bypass would be developed, either sooner or later. And can humans really be relied on to consistently identify inkblot imagery?
Despite the concerns, the GOTCHA designers are adamant the service could provide a valuable extra layer of security for services such as online banking. Only time will tell if GOTCHA replaces CAPTCHA, or whether another inventive web security measure will overtake them both.
For more on the world of science and technology, tune in to Futureproof on Newstalk, every Saturday at 10 am.
