Google is killing CAPTCHA as we know it | The Verge
http://www.theverge.com/2014/12/3/7325925/google-is-killing-captcha-as-we-know-it
If you've signed up for an account recently, you've probably seen it:
a quick test that gives you a few distorted words and asks you to type
them back
in plaintext. The official name is CAPTCHA, a test designed to weed
out the automated scripts used for spam, but it's been broken for a
long time. Google
recently showed off a system that could crack it 99.8 percent of the
time, and most spammers are happy to run their scripts knowing just
one in ten will
slip through. But even though everyone knows CAPTCHA is broken, there
hasn't been a clear idea of what might replace it.
This morning, Google is unveiling the best answer yet.
It's called No-CAPTCHA,
a new approach built on a new API, and it's already been adopted by
Snapchat, Wordpress and Humble Bundle, among other partners. Instead
of asking users
to pass a test, Google's new system pre-screens each user's behavior
and filters out anyone who's easily identifiable as human. Most users
will simply
see a check mark -- click the box and you've passed the test -- while
anyone marked as suspicious will be given a more elaborate test.
Sometimes, that test will be the same old text-recognition problem --
but sometimes it will be something new. Google is experimenting with
more mobile-friendly
forms of CAPTCHA, like a test that would show you a picture of a cat
and asked you to select similar photos from a grid. (Data collected in
this way would
also be used to improve Google's Image Search,
continuing the practice from previous tests.)
As the project progresses, we'll see even more versions of the test,
built on top of the new, more flexible API.
Google engineers said the pre-screening would look at factors like IP
addresses and time spent on page, but were cagey about exactly what
information would
be used, citing concerns that spammers would manipulate algorithms in
response. The pre-screening also varies widely from site to site: just
over 80 percent
of Humble Bundle visitors were cleared in advance, but for WordPress
at large, that number dropped to 60 percent. It depends on the
visitors, but also
on the site's general arrangement and how clear a signal it's sending
along to Google.
The old API will remain active, and many sites may decline to upgrade,
but the overall effect will be a lot less deciphering text for the
average web user
-- and hopefully less spam. It's also an interesting take on the
modern web, where widespread monitoring has made passive behavioral
identification more
effective than active testing. These days, the easiest way to tell a
user is human isn't to ask them questions, but to see how they act.
list of 2 items
SOURCE
GOOGLE ONLINE SECURITY BLOG
--
***************
"I am only one, but I am one. I cannot do everything, but I can do
something. And because I cannot do everything, I will not refuse to do
the something I can do. What I can do, I should do. And what I should
do, by the grace of God, I will do."
EDWARD EVERETT HALE.
Clean India Campaign: Let us also chip in!
Register at the dedicated AccessIndia list for discussing accessibility of
mobile phones / Tabs on:
http://mail.accessindia.org.in/mailman/listinfo/mobile.accessindia_accessindia.org.in
Search for old postings at:
http://www.mail-archive.com/accessindia@accessindia.org.in/
To unsubscribe send a message to
accessindia-requ...@accessindia.org.in
with the subject unsubscribe.
To change your subscription to digest mode or make any other changes, please
visit the list home page at
http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
Disclaimer:
1. Contents of the mails, factual, or otherwise, reflect the thinking of the
person sending the mail and AI in no way relates itself to its veracity;
2. AI cannot be held liable for any commission/omission based on the mails sent
through this mailing list..
