I Hate Captchas

Is it me or have they gotten more annoying? Those little puzzles to separate out the robots from humans that appear on web sites constantly?

The saga of the “CAPTCHA” began years ago with garbled letters — ever more garbled as we went — intended to be hard for optical character recognition (OCR) software to read but easy enough that humans could prove their humanness through typing them down.

As blog spam clogged up comments and fake accounts bogged down shopping sites, they offered a way forward. Trouble was, robots’ ability to read scrambled text quickly pushed the puzzles to near unintelligibility for humans to stay ahead of robots intended to defeat them.

About a decade ago, the engineers at Google upped their game and moved to the modern “tile” CAPTCHA design. As Google was trying to train machine learning tools and categorize the web, the company could kill two birds with one human stone: create a harder-to-guess puzzle of “pick the thing like this” tiles and get millions of users to help verify its image data set based on our answers.

Like the original scrambled letters, the puzzle tiles started out straightforward before becoming increasingly convoluted in an arms race with robots. No longer a matter of clicking on a few obvious tiles, there are now more tiles, less obvious tiles and even multiple sets of tiles to secure that “I’m not a robot” seal of approval and get back to whatever one was really trying to accomplish.

Besides being an annoying interruption to workflow, I’m never sure what to do in edge cases it presents. Say I’m supposed to click on all the “motorcycle” tiles and there’s but a nub of a wheel in a particular square? Does that count? Will Google toss me another set of tiles because it didn’t realize there was a hair of a tire in that tile? Are these the questions that I should be occupying myself with?

Ugh. That’s when it works. CAPTCHAs do work most of the time, but there are plenty of times they fail. Going through the tile puzzle process multiple times only to have it fail is maddening.

How much time do we waste as human beings now per year answering these things?

And then there are the absurdly unnecessary ones that add insult to the time wasting injury. Why do I need to do a CAPTCHA after I’ve logged in to a utility company’s site and simply want to pay my bill? If a hacker’s robot gets that far and gets to all my information and the “evil” deed consists of paying my bill, I’ll take the robot over the CAPTCHA. Thank you, Mr. or Ms. Hacker!

There are countless examples I run into on a given week of worthless CAPTCHA placements. Places I’ve logged into repeatedly on the same machine inexplicably insisting on testing my humanness again. Sites that require 2FA (two-factor authentication) insisting on testing to see if I’m me with a CAPTCHA. You know the drill — we’ve all encountered these and wondered, “Why would you even check if I’m human at this juncture?”

It’s almost as if someone did a survey and found that users assume a place is more secure if several CAPTCHAs are thrust upon them, and so they’ve become the digital version of the TSA. A false sense of security might make people feel safer, but is, well, false.

Meanwhile, these useless CAPTCHAs do do something. They give Google even more insights into where we go and who we are, since the vast majority of CAPTCHAs are from the search giant’s Recaptcha division. A few rebellious sites have turned against the empire and use alternative CAPTCHA providers, though those can be even more maddening to use than Google’s.

In the AI era, computers can solve even the most complex of these puzzles faster and more accurately than humans can. They can also do so in a way that emulates human beings’ hesitations and errors just enough to throw off any attempt to detect them. If the time for CAPTCHAs end has not yet arrived, it shall soon.

I’m not sure what the solution is for keeping robots at bay long term. A starting point might be to use CAPTCHAs only where they are genuinely beneficial. Reducing the number of them would reduce the incentive for malevolent developers to produce new CAPTCHA-defeating AI techniques.

Perhaps I’ll cheer on that AI, though. At least it’ll bring the CAPTCHA era to an end.