Captcha/reCAPTCHA /Zittrain: Captchas—now used on many mainstream Web sites (…) ask users to prove that they are human by typing in, say, a distorted nonsense word displayed in a small graphic. (1) Computers can start with a word and make a distorted image in a heartbeat, but they cannot easily reverse engineer the distorted image back to the word. This need for human intervention was intended to force spammers to abandon automated robots to place their blog comment spam. For a while they did, reportedly setting up captcha sweatshops that paid people to solve captchas from blog comment prompts all day long. (2) (In 2003, the going rate was $2.50/hour for such work.) (3) But spammers have continued to explore more efficient solutions. A spammer can write a program to fill in all the information but the captcha, and when it gets to the captcha it places it in front of a real person trying to get to a piece of information—say on a page a user might get after clicking a link that says, “You’ve just won $1000! Click here!” (4) —or perhaps a pornographic photo. (5) The captcha had been copied that instant from a blog where a spammer’s
robot was waiting to leave a comment, and then pasted into the prompt for the human wanting to see the next page. The human’s answer to the captcha was then instantly ported back over to the blog site in order to solve the captcha and leave the spammed comment. (6)
reCAPTCHA/Zittrain: the ability to remix different pieces of the Web, and to deploy new code without gatekeepers, is crucial to the spammers’ work. Other uses of captchas are more benign but equally subtle: a project called reCAPTCHA provides an open API to substitute for regular captchas where a Web site might want to test to see if it is a human visiting. (7)
reCAPTCHA creates an image that pairs a standard, automatically generated test word image with an image of a word from an old book that a computer has been unable to properly scan and translate. When the user solves the captcha by entering both words, the first word is used to validate that the user is indeed human, and the second is used to put the human’s computing power to work to identify one more word of one more book that otherwise would be unscannable.
1. For a detailed discussion of captchas, see Luis von Ahn et al., CAPTCHA: Using Hard AI Problems for Security, available at http://www.es.cmu.edu/~biglou/captcha_crypt.pdf.
2. For a detailed discussion of captchas, spammers’ workarounds, and human computation, see von Ahn, supra note 28. For his slides, see http://www.cs.cmu.edu/-biglou/cycles.ppt.
4. E-mail from Luis von Ahn to Jonathan Zittrain (May 22, 2007) (on file with author).
5. The use of pornography in motivating individuals to fill in captchas has been suggested but not proven.
6. See Luis von Ahn, Presentation for Google TechTalk on Human Computation (Oct. 26, 2006), available at http://video.google.com/videoplay?docid=-8246463980976635143.
7. See Posting of Ben Maurer to Exploring, reCAPTCHA: A New Way to Fight Spam, EXPLORING (May 23, 2007), http://bmaurer.blogspot.com/2007/05/recaptcha-new-way-to-fight-spam.html (May 23, 2007, 16:31).
_____________Explanation of symbols: Roman numerals indicate the source, arabic numerals indicate the page number. The corresponding books are indicated on the right hand side. ((s)…): Comment by the sender of the contribution. The note [Author1]Vs[Author2] or [Author]Vs[term] is an addition from the Dictionary of Arguments. If a German edition is specified, the page numbers refer to this edition.
The Future of the Internet--And How to Stop It New Haven 2009