... but if we don't find another way, this would be the ridicolous future of Captchas.
Further fodder for criticizing conventional CAPTCHAS [fffccc]: The cybersecurity company MessageLabs released a report on spamming. There seems to have a significant rise in spam activity coming from Gmail accounts during the last month. Considering that spammers need a success-rate of 20 - 30 percent to operate, it's plausible to assume that some of them have started breaking Google CAPTCHAS automatically. That's still not a proof, though I'm confident it will be coming relatively soon.
An article recently reddited on how (seemingly unbreakable) CAPTCHAs such as those used by Google had recently been cracked; As some of the quite interesting comments point out correctly, the so-called "crack" most probably is nothing but an attack by some click-farm. (Check out some of the other hillarious comments, esp. those by click-farmers soliciting their services.)
To me, the most important point is that - with growing popularity - a service inevitably will be exploited for spamming or some other iniquitous use. Hence Captchas can not be more than a significant "speed-bump" to stop full-blown atttacks. They must be combined with other techniques to detect, repel and deter spam and other unwanted usage. This will also be the same for any technology succeeding today's Captchas.
Two further interesting issues:
- Captchas will have to become increasingly hard to break - with a mounting danger of becoming unsolvable. Techniques to break them simply will keep on getting better. For the sake of argument, we might consider Captchas to be a soon-to-be-broken technology.
- Even the Captchas that are in use today are quite a nuisance. And they probably will not be getting fewer in our daily experience.
Google recently filed a patent that has now been published which targets to recognize text in images.
Some see news like this as a captcha killer.
Google foremost sees other opportunities:
Extracted image text can be stored for use an in image search application.
Additionally, in one implementation, the image is presented along with one or more advertisements. The advertisements can be selected based on the content of one or more search terms provided by the user.
This makes me believe that they will be content with reading "normal" text from images. Captcha texts are scrambled and the Google algorithm doesn't have to be that good to create revenue with Google Image Search...
In the future, I think there should be official Turing Test World Championships, where the true nature of the contestants will only be revealed after the games. There could be various disciplines. Guessing right (if contestant is human/robot): 10 points. Fool the judge: 20 points.
Also, we would have a lot of fun watching "the games". Here are two hilarious examples of what it could be like.
Me: How are you today?
BiteMe100Times: What's it to you? Unless you're my mother or my shrink, you can fuck off.
Me: Just trying to be friendly.
BiteMe100Times: Yeah, but I want a commitment.
Me: Actually, I'm writing a magazine piece on the Turing Test. I'm trying to figure out if you're human. You could be a machine, you know.
BiteMe100Times: Oh, sure I'm human. Two plus two is four. Four times four is 16. Four to the 16th power is [core dumped]
Me: Very clever.
BiteMe100Times: What the hell do you expect? I'm running Windows NT. Now go away.
jmstriegel: no, really. I'm quite human.
jmstriegel: test me if you want
shymuffin32: why do you like music?
jmstriegel: hmm. i've never really considered that.
jmstriegel: hell, i'm not going to be able to contrive a good answer for that one. ask me something else.
shymuffin32: jeesus, you're worse than eliza
This is the classical Turing Test:
Two humans involved, directly.
With Captchas (or Funtchas for that matter - let's say "Automated Turing Tests"), it look more like this:
Directly involved is only one human: The poor user. All the other guys are robots: spambot and antispambot. Or computers, or programs, for that matter. Then, we have more humans, indirectly involved: the actual spammer, controlling the spambot by means of programming and the antispammer, controlling the antispambot by the same means.
Poor user, all alone with the bots...