What Are Captchas?

Why do we have to jump through hoops when filling out web forms?

We are often presented with an irritating – and seemingly irrelevant – “intelligence test” when completing web forms. This usually takes the form of trying to read a piece of text in a box that looks as if it has been deliberately obfuscated. We then have to type that text back into the form. As we all know, it is sometimes almost impossible to read the text: it may be fuzzy, the letters may run into each other, the letters may be distorted, the background may make the letters harder to distinguish, and so on. And the question we ask ourselves is – why? I have sat by the side of so many of my computer clients asking me that question (with more than a hint of irritation in their voice) that I think it’s worth a blog post.

Example of a Web Form with a CaptchaThe answer is that the designers of the web form are trying to present us with a method whereby human beings can complete the form but computers can’t. They do this by generating an image (usually called a “captcha”) that contains a representation of text. The point is that it is not “written” text that a computer could easily “read”. It is an image that contains something that we INTERPRET as text. The trick is to make the image clear enough for human beings to make the interpretation, but too difficult for a computer to do it. That is why they are sometimes so fiendishly difficult to read: they have to be hard enough to interpret that computers can’t manage it.

This, of course, begs several questions such as “why would computers want to fill in forms?” and “why would web form designers want to stop them?”

Here’s an example. My website (www.davidleonard.net) contains several forms. I use these forms as a means for people to contact me. Someone fills in a form and the programming on my website turns that completed form into an email that is sent to my normal email address. I now have the information supplied on the form and can act on it. But, just like my normal email is susceptible to low-lifes sending me spam and other online scams and dodges, so is the form on my website. A computer under the control of such a low-life can “read” the source code of my web page, discover and understand the form, “complete” it and then “submit” it just like a human being can. Another reason that a computer may want to fill out a form is to create bogus webmail accounts (Gmail and Hotmail accounts, for instance) that can be used to send spam.

So, the “captcha” is designed to stop this from happening. The computer that attempts to complete the form might know that there is an image on the web page, it might even know that the image contains a representation of text, but it can’t see the image like a human being can and so it cannot turn the image into text that it can key back into the form. The form will, therefore, be rejected.

Rodin's ThinkerThat’s the theory, but it’s not as straightforward as that because there are people writing programs that can “read” the captcha. This, of course, means that the captchas need to be changed so that computers are, once again, confused by the styling of the text in the captcha. Other tests that have the same purpose can involve listening to an audio file and keying in what is “said”. Yet another way to achieve the same end is to ask simple questions that humans can probably answer, such as “what is 2 plus 2”. The challenge for the “good guys” is always the same – how do you devise a test that is passable by humans but not by computers?

Believe it or not, there is even a market in Asia for people to get paid to interpret captchas manually on behalf of computers. The going rate of pay is, apparently, somewhere in the region of $1 per 1000 captchas completed – see this article in the New York Times.

The word “captcha”, by the way, is probably the world’s most tortuous acronym. It stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. I did not just make that up.

A “Turing Test” is named after the computer pioneer Alan Turing. He pondered the question of whether we could ever know if computers could be capable of thought. He decided that we could never be sure but that we could devise a test (the “Turing Test”) that posited that if a human being is having a dialogue with either a human being or computer (and he doesn’t know which it is), if he can not tell from its responses whether it is a human being or a computer, then we could say that that is tantamount to saying that it is thinking. Further reading (Wikipedia).

So, there you have it. I can’t make it any easier for you to complete captchas, but maybe you won’t be quite as irritated by them if you know why they are there.

PS: if you visit my website you may notice that the forms don’t have any captchas (at the time of writing this blog). This means that aforementioned low-life can send me spam etc. They do. However, it’s in small enough quantities that I think it’s worth the inconvenience when balanced against the “barrier to communication” caused by captchas. Let’s hope I’m not tempting providence with this blog!