Content deleted Content added
→External links: Removed template per Wikipedia:Templates for discussion/Log/2024 December 4#Template:CAPTCHAs. |
|||
| (One intermediate revision by one other user not shown) | |||
Line 49:
== Circumvention ==
Two main ways to bypass CAPTCHA include using cheap human labor to recognize them, and using [[machine learning]] to build an automated solver.<ref>{{cite book|last=Jakobsson|first=Markus|title=The death of the Internet|url=http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118062418.html|access-date=4 April 2016|date=August 2012|archive-date=15 October 2014|archive-url=https://web.archive.org/web/20141015182639/http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118062418.html|url-status=live}}</ref> According to former Google "
▲Two main ways to bypass CAPTCHA include using cheap human labor to recognize them, and using [[machine learning]] to build an automated solver.<ref>{{cite book|last=Jakobsson|first=Markus|title=The death of the Internet|url=http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118062418.html|access-date=4 April 2016|date=August 2012|archive-date=15 October 2014|archive-url=https://web.archive.org/web/20141015182639/http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118062418.html|url-status=live}}</ref> According to former Google "''[[click fraud]] czar''" [[Shuman Ghosemajumder]], there are numerous services which solve CAPTCHAs automatically.<ref name=ai-security>{{cite news |last=Ghosemajumder |first=Shuman |title=The Imitation Game: The New Frontline of Security |url=http://www.infoq.com/presentations/ai-security |agency=InfoQ |access-date=8 December 2015 |newspaper=InfoQ |date=8 December 2015 |archive-date=23 March 2019 |archive-url=https://web.archive.org/web/20190323061742/https://www.infoq.com/presentations/ai-security |url-status=live }}</ref>
[[File:Modern-captcha.jpg|thumb|An example of a [[reCAPTCHA]] challenge from 2007, containing the words "following finding". The waviness and horizontal stroke were added to increase the difficulty of breaking the CAPTCHA with a computer program.]]▼
[[File:Captchacat.png|thumb|A CAPTCHA usually has a text box directly underneath where the user should fill out the text that they see. In this case, "sclt ..was here".]]▼
▲=== Machine learning-based attacks ===
There was not a systematic methodology for designing or evaluating early CAPTCHAs.<ref name=bursz /> As a result, there were many instances in which CAPTCHAs were of a fixed length and therefore automated tasks could be constructed to successfully make educated guesses about where segmentation should take place. Other early CAPTCHAs contained limited sets of words, which made the test much easier to game<!-- This sentence makes no sense! -->. Still others{{Example needed|date=October 2022}} made the mistake of relying too heavily on background confusion in the image. In each case, algorithms were created that were successfully able to complete the task by exploiting these design flaws. However, light changes to the CAPTCHA could thwart them. Modern CAPTCHAs like [[reCAPTCHA]] rely on present variations of characters that are collapsed together, making them hard to segment, and they have warded off automated tasks.<ref name=bursz2 />
▲[[File:Modern-captcha.jpg|thumb|An example of a [[reCAPTCHA]] challenge from 2007, containing the words "following finding". The waviness and horizontal stroke were added to increase the difficulty of breaking the CAPTCHA with a computer program.]]
▲[[File:Captchacat.png|thumb|A CAPTCHA usually has a text box directly underneath where the user should fill out the text that they see. In this case, "sclt ..was here".]]
In October 2013, artificial intelligence company [[Vicarious (Company)|Vicarious]] claimed that it had developed a generic CAPTCHA-solving algorithm that was able to solve modern CAPTCHAs with character recognition rates of up to 90%.<ref>{{cite web|last=Summers|first=Nick|title=Vicarious claims its AI software can crack up to 90% of CAPTCHAs offered by Google, Yahoo and PayPal|url=https://thenextweb.com/insider/2013/10/28/vicarious-claims-ai-software-can-now-crack-90-captchas-google-yahoo-paypal/|publisher=TNW|access-date=19 June 2018|archive-date=15 September 2018|archive-url=https://web.archive.org/web/20180915002117/https://thenextweb.com/insider/2013/10/28/vicarious-claims-ai-software-can-now-crack-90-captchas-google-yahoo-paypal/|url-status=live}}</ref> However, [[Luis von Ahn]], a pioneer of early CAPTCHA and founder of reCAPTCHA, said: "It's hard for me to be impressed since I see these every few months." 50 similar claims to that of Vicarious had been made since 2003.<ref>{{cite web|last=Hof|first=Robert|title=AI Startup Vicarious Claims Milestone In Quest To Build A Brain: Cracking CAPTCHA|url=https://www.forbes.com/sites/roberthof/2013/10/28/ai-startup-vicarious-claims-milestone-in-quest-to-build-a-brain-craking-captcha/|work=Forbes|access-date=25 August 2017|archive-date=15 September 2018|archive-url=https://web.archive.org/web/20180915002819/https://www.forbes.com/sites/roberthof/2013/10/28/ai-startup-vicarious-claims-milestone-in-quest-to-build-a-brain-craking-captcha/|url-status=live}}</ref>
Line 173 ⟶ 172:
* [https://web.archive.org/web/20170915204258/https://pdfs.semanticscholar.org/692a/31f65e29ea3667de46933245f53bda55a65b.pdf Reverse Engineering CAPTCHAs] Abram Hindle, Michael W. Godfrey, Richard C. Holt, 2009-08-24
{{Authority control}}
| |||