If you’re reading this, you’re probably human, and you definitely use the web. If both are true, you’ve interacted with CAPTCHA systems.
You know, those twisty letters, picture grids and “I’m Not a Robot” checkmarks.
But there’s more to CAPTCHA than meets the eye. In this post, we’ll dive deeper into the what, why and how of the an under-appreciated piece of the web.
What Is a CAPTCHA?
Websites use CAPTCHAs to help ensure that interactions are being done by a human, not a robot. (They’re basically reverse Turing tests.)
And yes, it’s an acronym: (Completely Automated Public Turning test to tell Computers and Humans Apart).
The concept – which has been around since the 1990s – is pretty simple. Users are given something that a robot shouldn’t be able to do before they can complete an action. This is often a direct action, but it can be invisible.
(We’ll get to that.)
The most common use of CAPTCHAs is the prevention of fraud and spam on web forms. This applies across the web, from B2B lead generation websites to eCommerce sellers.
The Evolution of CAPTCHA
Think of the history of CAPTCHAs in terms of three epochs.
The first era of CAPTCHA was the “twisty letters” phase. These irritating things date back almost 25 years. Fortunately, this tech is depreciated; you rarely see it in use anymore.
The second phase of CAPTCHA was rolled out by Google in 2012. reCAPTCHA V2 is the era of “select all images with,” as well as the beginning of “I’m not a robot.”
(There’s more to this than you think, by the way.)
Those two types of CAPTCHAs have something in common: The user experience sucks. They’re not accessible in any real way, and it’s incredibly easy to fail them even if you’re a human.
That leads us to the modern era of CAPTCHA. The UX is far improved, from single clicks to even lower-impact versions. You’ll still have to identify images sometimes, but it’s far lighter weight.
How Do You Implement CAPTCHA?
If you run a WordPress site, there are a slew of plugins you can use to deploy CAPTCHA testing. Without a CMS, it’s relatively simple code to install.
Going Beyond the Basics
Like I said before, there’s more to CAPTCHA than meets the eye. Here are three things you probably didn’t know about them.
It’s Not Always Google
Google’s reCAPTCHA tech is by far the most popular way to deploy the tests, but there are other vendors out there. One popular alternative is hCaptcha, from Intuition Machines. It’s marketed as a privacy-friendly and democratized alternative to reCAPTCHA.
That speaks to one of the biggest criticisms of reCAPTCHA: it’s potentially a way for Google to access your users. Which speaks to the next thing you probably didn’t know about CAPTCHA …
You’re Probably Training a Bot
Think about the reCAPTCHA V2s you’ve seen recently.
They probably asked you to identify things like:
- Cars
- Crosswalks
- Emergency vehicles
- Stoplights
- Street signs
Now, what needs to know what those things are?
Self-driving cars, that’s what.
In other words, there’s a pretty good chance you’re training AI when you pick out those stop signs.
This is called “data labeling.” And it’s a huge issue when it comes to artificial intelligence. AI needs a ton of inputs to be able to consistently pick something out. reCAPTCHA uses millions of users’ clicks to train its systems.
(hCaptcha, by contrast, lets companies use their own datasets the same way.)
CAPTCHAs Can Be Invisible
You probably aren’t seeing as many direct CAPTCHA tests as you used to.
That’s because modern systems can be deployed without human interaction.
In other words, they’re invisible.
Which is cool!
Essentially, reCAPTCHA V3 and reCAPTCHA Enterprise (along with some versions of the older V2) watch users for human-like behavior. The site visitor is “scored” behind the scenes, and allowed to interact if they seem human. If they don’t, they can be served a direct challenge.
tl;dr
CAPTCHAs have been challenging bots (and humans!) since the dawn of the modern web. And they’ve changed a lot – mostly for the better – over more than two decades.
The days of twisty letters are thankfully over. But don’t expect the core tech to go anywhere anytime soon.