Dallas – Computers are better than humans at many complex calculations, but we still have them beat on some small problems.
That’s why a simple test has protected some of the world’s biggest websites for so long. Go online to perform a routine task – buying sports tickets, say, or sending an e-mail or commenting on a blog – and you’ll see a picture of random squiggly letters.
The website asks you to type the letters you see – something a computer can’t do without sophisticated programming. That keeps hackers from using software to repeatedly enter information on the sites, sending spam through online e-mail services or blogs.
But the defenses are finally crumbling. Computer scientists are working on replacements for the test, knowing that computers are learning to read even the messiest scribbles.
The distorted-letter test “is getting to the point where it’s almost defeated” by computer scientists in the laboratory, said Luis von Ahn, a postdoctoral fellow at Carnegie Mellon University’s computer science department. “The ones not yet defeated by computers are really hard to read for humans, but they’ll be defeated pretty soon.”
And if computer scientists can figure out how to beat the tests, hackers won’t be far behind. The next wave of tests will have to present problems that computer researchers and cybercriminals have barely begun to tackle with artificial intelligence.
Carnegie Mellon’s research team trademarked a name for these computer-or-human tests: captcha. It’s an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.” Turing refers to Alan Turing, a British logician who proposed a theoretical test to judge whether computers were good at imitating humans.
The current captchas have protected websites for a remarkably long time in the ever-changing Internet world. Researchers at pioneering search engine AltaVista created one of the first squiggly-letter tests in the late ’90s.
“Humans are much better at recognizing patterns than computers are. A 3-year-old can tell apart a man from a woman. Computers cannot do that,” said Andrei Broder, who was AltaVista’s chief scientist at the time.
Other researchers and companies began developing their own versions of the test. Ticketmaster added one in 2002, and it’s become an important part of the company’s defense against scalpers.
“There are not a lot of ways, at the end of the day when a transaction is being made, to tell if someone is an automated bot or a human, and this helps us to identify that,” said Bonnie Poindexter, a spokeswoman for the ticketing agency owned by IAC/InterActiveCorp.
The character recognition tests come in several varieties.
Ticketmaster uses a string of letters that don’t appear to be warped much. But diagonal lines crisscross around them, and the background is sometimes grainy.
Google’s Blogger service, on the other hand, uses no background. But the letters roll and swirl as if they have been caught in a wave.
There are ways to beat the text-based captchas, and not all of them are high-tech. Some computer experts have done it simply by looking for patterns in the random characters or the computer language used to generate them. Some hackers have been rumored to pay people to enter the correct information or entice them to do it by offering free pornography.
But computer researchers are also beating text captchas simply by developing computers that are sophisticated enough to read them.
In the same way that supercomputers have been developed to beat chess masters by making millions of decisions in an instant, computers also can learn to “read” and detect patterns by making a series of complex calculations.
Fortunately, people can still find patterns in other ways that stymie computers. Carnegie Mellon’s Pix program, for instance, shows four pictures that have relatively little to do with one another except for one common element – a cow, for instance, or a cup. Other researchers are experimenting with similar image-based captchas.
Researchers continue to tweak the text-based captchas, too, using colorful backgrounds or breaking the letters apart to fool the bots. But with every change, they face the danger of making the captcha too difficult for people to read.
