CAPTCHA

Captchas are used to prevent bots from using various types of computing services. Applications include preventing bots from taking part in online polls, registering for free email accounts (which may then be used to send spam), and, more recently, preventing bot-generated spam by requiring that the (unrecognized) sender successfully pass a captcha test before the email message is delivered.

By definition, captchas have the following characteristics:

• They are completely automated. This avoids the necessity for human maintenance or intervention in the test, with obvious benefits in cost and reliability.
• The algorithm used is made public, though it may be encumbered by a patent. This is stipulated so as to require that breaking a captcha requires the solution of a hard problem in the field of artificial intelligence (AI) rather than just the discovery of the (secret) algorithm, which could be obtained through reverse engineering or other means.

Captchas based on reading text -- or other visual-perception tasks -- prevent visually-impaired users from accessing the protected resource. However, captchas do not have to be visual. Any hard artificial intelligence problem, such as speech recognition, can be used as the basis of a captcha. Some implementations of captchas permit users to opt for an audio captcha. The development of audio captchas appears to have lagged behind that of visual captchas, however, and presently may not be as effective.

Some free e-mail providers have used captchas in account registration, to deter spammers from obtaining large numbers of accounts automatically. Spammers have found a way to circumvent this restriction: simply present the captcha to a human user under false pretenses, and use the human's response to obtain the e-mail account.

To do this, the spammer must control a Web site to which human users wish to gain access — for instance, a pornography site. When a user goes to the spammer's porn site, the server starts a new account registration at the free e-mail provider. It downloads the provider's captcha and presents it to the user as a captcha for access to the porn site. The user, not knowing that the captcha is recycled, provides the correct response — and the spammer's software can then complete the e-mail account registration.

Computer programs have been created that automatically solve simple captchas. For example, two researchers at the University of California at Berkeley have written a program that can solve captcha.net's "ez-gimpy" with 92% accuracy. More complex captcha-generators are better (only 33%), but still give way under thousands of requests.

• The Captcha Project
• A free Captcha-Service
• The JCaptcha Project Open Source java framework for captcha definition and integration
• The reCaptcha Project No link with JCaptcha.
• An Image Verification Tutorial -- Planet Source Code
• The uses of CAPTCHA or similar human verification systems .
• And another Image method + code
• How spammers crack captchas using free porn.
• HumanVerify
• Image Verification Script