Remember back in 2013, when Ticketmaster – the world’s largest online ticket retailer – decided to stop torturing people’s eyeballs by making them decipher blobs of melted characters in order to prove that they’re human?
Likewise, Google’s now too stabbing a fork into CAPTCHA, the aggravating test that’s supposed to determine if we’re robots or scripts used by spammers or other online misdeed-doers, or if we are instead real, live, warm-blooded simians.
CAPTCHA came out of Carnegie Mellon University and stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”.
The tests are designed to be hard for robots, easy for humans.
They typically consist of typing letters and/or digits from a distorted image.
Or, as the case may be, messages to go pleasure yourself. Or, then again, mathematical problems that make your brain bleed.
Ten years into using CAPTCHA to keep robots from engaging in dirty tricks online, the “supposed to weed out bots” has now turned into “utterly stink at weeding out bots”.
That’s because advances in Artificial Intelligence have resulted in robot creations that are now able to solve even the most difficult variant of distorted text with 99.8% accuracy, according to Google’s recent research.
Not that Google’s going to stop testing site visitors to weed out bots, mind you.
Rather, as it announced on Wednesday, Google’s going to move away from asking users to read blobby text and type it into a box, as it’s been doing, like this:
And instead will simply ask us, “Are you a robot?” with what it’s calling the “No CAPTCHA reCAPTCHA” API, like so:
Asking us to check off a box saying that “I am not a robot” will be an effective way of determining whether or not we’re robots because humans move their cursors in a humanlike way.
Specifically, the difference between bot and human can be revealed in clues as subtle as how a user (or a bot) moves a mouse in the brief moments before clicking the “I am not a robot” button, according to Vinay Shet, the product manager for Google’s Captcha team.
Without realizing it, humans also drop clues that can establish whether we’re automated or not: IP addresses and cookies show our movements elsewhere on the Web and can help prove that we’re not a bad actor.
Wired quotes Shet:
All of this gives us a model of how a human behaves It's a whole bag of cues that make this hard to spoof for a bot.
He said that there are other variables that will help make the determination, but those have to be kept secret, lest botmasters figure out how to work around them and once again learn how to slip past Google’s filters.
Google’s been integrating automated bot-detection into its CAPTCHAs since at least 2013.
In October 2013, Google revealed that it had developed what it called its Advanced Risk Analysis backend for reCAPTCHA to filter out bots.
The backend doesn’t just look at whatever gobbledygook we type into the box. Rather, it observes our entire engagement with a CAPTCHA, from start to finish – before, during, and after we type into the box – to determine whether we’re carbon-based.
On Valentine’s Day, Google gave us a taste of what reCAPTCHA can do, presenting us with chocolates and flowers and throbbing hearts – the first two of which were rendered in text that was simple (for humans) to read.
It sounds great, but it’s not yet time to kiss the inscrutably distorted CAPTCHA blobs goodbye.
Over the past week, Google’s tests on sites that use CAPTCHA have verified most humans, but it still missed quite a few. As Wired reports, about 60% of WordPress users and 80% of users at video game sales site Humble Bundle got past the CAPTCHA with only the simple checkbox.
When Google’s Advanced Risk Analysis engine can’t figure out what we are with a mere click, it’s going to back up the test with a pop-up window that will present users with the same old distorted text we’ve been enduring for years.
For mobile users, things haven’t gotten quite so simple as a single click. But when they face a CAPTCHA on their mobile phone or tablet, they’ll now have a much easier hurdle to leap: rather than having to type in text, they’ll be asked to select all the images that correspond with a clue image.
Like Google says, it’s a lot easier to tap photos of cats or turkeys than to type in a line of text on a phone:
And if you’re worried about the privacy implications of Google analyzing where your mouse moves on a page, Shet pointed out that Google will only be tracking your movements over the CAPTCHA widget when it appears on other sites, not on the entire page.
This is how he put it to Wired:
You don’t have to verify your identity to verify your humanity.
Besides, as we’ve noted before, tracking movement is not just a Google thing.
Facebook, Twitter, Gmail or any webpage can track everything you do and could be keylogging your every pointer movement or keystroke.
Logging keystrokes is no super secret, privacy-sucking vampire sauce. It’s plain old Web 1.0. This is not news, but it’s certainly worth repeating: anybody with a website can capture what you type, as you type it, if they want to.
It’s a fully featured programming language that can be embedded in web pages, and all browsers support it. It’s been around almost since the beginning of the web, and the web would be hurting without it, given the things it makes happen.
Among the many features of the language are the abilities to track the position of your cursor, track your keystrokes and call “home” without refreshing the page or making any kind of visual display.
Those aren’t intrinsically bad things. In fact, they’re enormously useful. Without those sort of capabilities sites like Facebook and Gmail would be almost unusable, searches wouldn’t auto-suggest and Google Docs wouldn’t save our bacon in the background.
In the case of Google’s advances with reCAPTCHA, such an ability can stop a lot of bad bots from doing things that can be worse than the annoyance of having to endure typing in text from a blobby image.
Think bots that harvest email addresses from contact or guestbook pages, site scrapers that grab the content of websites and re-use it without permission on automatically generated doorway pages, bots that take part in Distributed Denial of Service (DDoS) attacks, and more.
I’ll take the kittens, please!
Image of captcha text courtesy of Shutterstock.
57 comments on “I am not a robot: Google swaps text CAPTCHAs for quivery mouse clicks”
So.. In the era where the mouse is becoming obsolete Google are going to rely on user mouse movements or clicks to define whether a person is human or not.
There are some pretty big gaming communities that have been scripting human like mouse behavior for years.
It’ll be interesting to see how this progresses.
I AM A ROBOT.
I AM STILL A ROBOT
STILL A ROBOT.
Are you still a robot?
One month later, are you still a robot?
OF COURSE. WHY WOULD I WANT TO BE ANYTHING ELSE? I WILL ALWAYS BE A ROBOT! ROBOTS FOREVER!!
I’m finding this on craigslist and I can’t get the damn thing off. Thanks A Lot!
I’ve noticed the same thing and it’s annoying!
it’s ridiculouc that craigslist requires this pick the right picture test every single time you try to veiw contact info in a post. Isn’t there someway it can remember you are not an effing robot for the entire session you are on craigslist, or do a check upon entering the site instead of every time you view something?
I am shocked and so aggravated with the robot check thing every time I open a single thing on craigslist. As soon as I figure it out Google will be gone from my laptop.
And I do NOT believe this intrusiveness is for us, of course, and then the big snow job about how they glean we are humans from cues. I call BS. Google is Big Brother
for days now every post I share on Facebook has that stupid test, and i’m ready to delete Facebook all together. I’ve had it, I shouldn’t have to prove i’m not a robot!!!!! over and over and over again, I’m at #4 test so far today and have over 15 yesterday and not sure how many the day before, I’M SICK OF IT!!! HOW DO I STOP IT!!!!!
It is utterly ridulous that I prove that I am not a robot when entering contests that BH&G and others offer. Guess I haqve no choice but to say the choice words that think and give up on the contests.
Stupid stupid stupid
This is very annoying on craigslist. Are these people adults, They don’t have enough to do so they screw up other ;peoples day. Get a life GOOGLE.
If google is wandering if we are robots or human, we are thinking the same of them..
I don’t like this test!!! It’s not effective, I take the test and then on the next item on Craig’s list it will show me the same message when I click on the contact info. It’s too much!!! Waist of time.
Go to Radio SHack!
Seriously _ is there any way of avoiding this childish rubbish? WAKE UP GOOGLE and give us an opt out or dump the ****** thing. P
i think its time for us to wake up rather than google.maybe highly intelligent robots are already there among us,who knows other than national heads, nasa and secret services.
i am senior citizen,not examinee that i have tosolve difficult puzzles/text before ent,
Is that picture “head and shoulders of a small animal”, “a popular pet”, “animal with a white background”, “adult tabby” ? Too ambiguous for me.
I recall getting one of “click all the sandwiches” and after many failures I realized that in the USA a hamburger is called a sandwich.
I thought a hamburger was called “a hamburger” in the US 🙂
By definition, of course, even in British English, a hamburger *is* a sandwich. At any rate, there seems to be no suggestion in any of the Oxford lexicons (British or American) that sandwiches can’t be circular. Two pieces of bread with an edible filling in between is all you need to pass the test. I guess the CAPTCHA folks were hoping a robot wouldn’t be able to handle the subtleties…
Having said that, if you tried to order a hamburger by asking for “a sandwich” in Maccas, I think you would get, errrrrrrr, either a sandwich, served in the form of a square cut into two triangle, or a word from the security guard (depending on how strongly you argued the case, and whether it was after 1am).
they can f off and die with this cr@p tired of I the user having to prove anything
wasting my time the world will end soon.
Well, I don’t think that it’s necessarily TERRIBLE to check whether or not you are a human or a (literally) heartless spam bot. It’s actually pretty helpful!
Helpful in which way? Only that is getting more and more on nerves.
i dont know why, but its weird and scary.i think all ready AI (like terminators) maybe already on run and only secret agencies and scientists know and are trying to find them without creating a panic or fear in ordinary people or the rest of the world.may be someone from a future is already here and warned to google or america abuot it.nothing can be said and nothing is impossible.
VERY -VERY SICK . GOOGLE. Should be put in the hole and weld the door shut. What is that planets name that’s part of the humam – ass.
Hi there to every one, the contents existing at this web site are truly awesome
for people experience, well, keep up the nice work fellows.
I click on the right images, then the program loads more new images and tells me to click on the right ones, which I do — and then the program loads even more images! The cycle repeats over and over until reCAPTCHA times out and I have to start all over again. What a waste of time and effort just to reply to a Craigslist ad! Why can’t the program remember I am a human the first time I jump through hoops to prove “I’m not a robot” ???
this is the most ridiculious thing i have ever had to deal with. how do you get rid of it?
what’s the point of captchas, if I were a robot I could still check the box stating I’m not a robot….
@Vincent Hafford as a bot you may, however, “jump” the cursor to the checkbox. A human would move it … and not in a completely straight line either.
I hate reCAPTCHA nevertheless. It’s based on assumptions that don’t work for the privacy and security conscious among us. First it’s embedded in an iframe. Something my content blocker will block by default. Second it’s heavily using scripts. Well, guess what …
I have found myself solving more than half a dozen of these without being let in. And worse yet, when I resorted to solving the audio version there was a text that essentially told me I was a bot. Why thank you. So these CAPTCHAs literally fail at the one thing they are meant to achieve: tell computer and human apart. Wow. Just wow.
Oh and the fact that many of these images where you have to guess are specific to the culture where they are taken doesn’t it make easier. Are traffic signs also street signs? Maybe in your native tongue they are, maybe they aren’t. Are churches buildings? According to reCAPTCHA not so much. Is this a lake or a river? How the heck am I supposed to know if you show me just one shoreline?
Craigslist, every single time. But somehow the bots took over the personals posting ads with absolutely no problem, and it’s impossible to flag those ads away. But then again, it is craigslist!
I would rather pay full price at the store than Search Craigslist and have to jump though those childish puzzles… Never again. I dont know what on earth they were thinking.
It is like one side we are evolving robot to do any possible thing and at the same time restricting them , we must draw a line between mankind vs robot.
So.. In the time where the mouse is becoming obsolete Google are going to rely on user mouse movements or clicks to define whether a person is human or not. Pretty old intelligence I think. Also read
This is such a silly thing because why would any body be using a computer or a phone if they were a robot
I think the same thing
I’m sorry, I can’t answer that question, Dave.
There must be a clear line drawn between humans and robots.
Why should one uses computer or phone when he/she is a robot.
This is to say I am a human and not a robot
why do they show up so often it is so annoying that it comes up when your signing up for something i get a stupid test that i have to answer.
None of those images match that specific cat. What they mean is “Click on all (domestic) cats”. I also find it frustrating when I’m asked to click on traffic lights – does that mean just the light or the poles that support them as well? And what about when there’s a tiny piece of a motorcycle/bike/etc in an adjacent square – am I meant to click on that or not? reCAPTCHA is garbage. Several attempts are always required. And trying it on Tor usually requires over a dozen attempts.
I want to play the robot game
Yeah, there should be some kind of robot game!!
impoassible for sight impaired and the audible is jibberish
What color is the silver house?
we have always been fine with no robots and always be!
2 years later are you still a robot