If you’ve signed up for an account recently, you’ve probably seen it: a quick test that gives you a few distorted words and asks you to type them back in plaintext. The official name is CAPTCHA, a test designed to weed out the automated scripts used for spam, but it’s been broken for a long time. Google recently showed off a system that could crack it 99.8 percent of the time, and most spammers are happy to run their scripts knowing just one in ten will slip through. But even though everyone knows CAPTCHA is broken, there hasn’t been a clear idea of what might replace it.
Google is unveiling the best answer yet. It’s called No-CAPTCHA, a new approach built on a new API, and it’s already been adopted by Snapchat, WordPress and Humble Bundle, among other partners. Instead of asking users to pass a test, Google’s new system pre-screens each user’s behavior and filters out anyone who’s easily identifiable as human. Most users will simply see a check mark — click the box and you’ve passed the test — while anyone marked as suspicious will be given a more elaborate test.
Google is experimenting with more mobile-friendly forms of CAPTCHA, like a test that would show you a picture of a cat and asked you to select similar photos from a grid. (Data collected in this way would also be used to improve Google’s Image Search, continuing the practice from previous tests.) As the project progresses, we’ll see even more versions of the test, built on top of the new, more flexible API.
Google engineers said the pre-screening would look at factors like IP addresses and time spent on page, but were cagey about exactly what information would be used, citing concerns that spammers would manipulate algorithms in response. The pre-screening also varies widely from site to site: just over 80 percent of Humble Bundle visitors were cleared in advance, but for WordPress at large, that number dropped to 60 percent. It depends on the visitors, but also on the site’s general arrangement and how clear a signal it’s sending along to Google.