Jump to content

reCAPTCHA

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Anurag Garg (talk | contribs) at 21:42, 10 July 2012 (→‎Origin). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The reCAPTCHA logo

The reCAPTCHA service is a user-dialogue system originally developed at Carnegie Mellon University's main Pittsburgh campus. It uses the CAPTCHA interface, of asking users to enter words seen in distorted text images onscreen, to help digitize the text of books, while protecting websites from bots attempting to access restricted areas.[1] On September 16, 2009, Google acquired reCAPTCHA.[2] reCAPTCHA is currently digitizing the archives of The New York Times and books from Google Books.[3] As of 2009, twenty years of The New York Times had been digitized and the project planned to have completed the remaining years by the end of 2010.[4]

The reCAPTCHA service supplies subscribing websites with images of words that optical character recognition (OCR) software has been unable to read. The subscribing websites (whose purposes are generally unrelated to the book digitization project) present these images for humans to decipher as CAPTCHA words, as part of their normal validation procedures. They then return the results to the reCAPTCHA service, which sends the results to the digitization projects.

The system has been reported as displaying over 100 million CAPTCHAs every day,[5] and among its subscribers are such popular sites as Facebook, TicketMaster, Twitter, 4chan, CNN.com, and StumbleUpon.[6] Craigslist began using reCAPTCHA in June 2008.[7] The U.S. National Telecommunications and Information Administration also used reCAPTCHA for its digital TV converter box coupon program website as part of the US DTV transition.[8]

Origin

Project Gutenberg was one of the first projects to use volunteer time to decipher scanned text that could not be read by OCR. The reCAPTCHA program originated with Guatemalan computer scientist Luis von Ahn,[9] aided by a MacArthur Fellowship. An early CAPTCHA developer, he realized "he had unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles".[10]

Operation

An example of a reCAPTCHA challenge from 2007, containing the words "following finding". The waviness and horizontal stroke were added to increase the difficulty of breaking the CAPTCHA with a computer program.

Scanned text is subjected to analysis by two different optical character recognition programs. Their respective outputs are then aligned with each other by standard string-matching algorithms and compared both to each other and to an English dictionary. Any word that is deciphered differently by both OCR programs or that is not in the English dictionary is marked as "suspicious" and converted into a CAPTCHA. The suspicious word is displayed, out of context, along with a control word already known. The system assumes that if the human types the control word correctly, then the response to the questionable word is accepted as probably valid. If enough users were to correctly type the control word, but incorrectly type the 2nd word which OCR had failed to recognize, then the digital version of documents could end up containing the incorrect word. Thus, due to human error in distinguishing between the word "Internet" and the French name "Infernet", references to Captain Infernet have occasionally become Captain Internet.[11] The identification performed by each OCR program is given a value of 0.5 points, and each interpretation by a human is given a full point. Once a given identification hits 2.5 points, the word is considered called. Those words that are consistently given a single identity by human judges are later recycled as control words.[12]

The original reCAPTCHA method was designed to show the questionable words separately, as out-of-context correction,[13] rather than in use, such as within a phrase of 5 words from the original document. Also, the control word might mislead context for the 2nd word, such as a request of "/metal/ /fife/" being entered as "metal file" due to the logical connection of filing with a metal tool being considered more common than the musical instrument "fife".

Implementation

The reCAPTCHA tests are displayed from the central site of the reCAPTCHA project, which supplies the words to be deciphered. This is done through a JavaScript API with the server making a callback to reCAPTCHA after the request has been submitted. The reCAPTCHA project provides libraries for various programming languages and applications to make this process easier. reCAPTCHA is a free service (that is, the CAPTCHA images are provided to websites free of charge, in return for assistance with the decipherment),[14] but the reCAPTCHA software itself is not open source.

Also, reCAPTCHA offers plugins for several web-application platforms, like ASP.NET, Ruby, or PHP, to ease the implementation of the service.

Security

An example of a reCAPTCHA challenge from 2010, containing the words and chisels. The distortion style has since been altered.

The basis of the CAPTCHA system is to prevent automated access to a system by computer programs or "bots". On December 14, 2009, Jonathan Wilkins released a paper describing weaknesses in reCAPTCHA that allowed a solve rate of 18%.[15][16][17]

On August 1, 2010, Chad Houck gave a presentation to the DEF CON 18 Hacking Conference detailing a method to reverse the distortion added to images which allowed a computer program to determine a valid response 10% of the time.[18][19] The reCAPTCHA system was modified on 21 July 2010, before Houck was to speak on his method. Houck modified his method to what he described as an "easier" CAPTCHA to determine a valid response 31.8% of the time. Houck also mentioned security defenses in the system such as a high security lock out if an invalid response is given 32 times in a row.[20]

On May 26th, 2012 Adam, C-P and Jeffball of DC949 gave a presentation at the LayerOne hacker conference detailing how they were able to achieve an automated solution with an accuracy rate of 99.1%[21]. Their tactic was to use a form of artificial intelligence known as machine learning to analyse the audio version of reCAPTCHA which is available for the visually impaired. Google released a new version of reCAPTCHA just hours before their talk which made major changes to both the audio and visual versions of their service. In this release, the audio version was increased in length from 8 seconds to 30 seconds, and is much more difficult to understand, both for humans as well as bots. In response to this update and the following one, the members of DC949 released two more versions of Stiltwalker which beat reCAPTCHA with an accuracy of 60.95% and 59.4% respectively[21]. After each successive break, Google updated reCAPTCHA within the following days.

reCAPTCHA frequently modifies its system which would require the author of a similar program to frequently update the method of decoding, which may frustrate potential abusers.

Mailhide

reCAPTCHA has also created project Mailhide, which protects email addresses on web pages from being harvested by spammers.[22] By default, the email address is converted into a format that does not allow a crawler to see the full email address. For example, "mailme@example.com" would be converted to "mai...@example.com". The visitor would then click on the "..." and solve the CAPTCHA in order to obtain the full email address. One can also edit the popup code so that none of the address is visible.

Notes

  1. ^ Luis von Ahn, Ben Maurer, Colin McMillen, David Abraham and Manuel Blum (2008). "reCAPTCHA: Human-Based Character Recognition via Web Security Measures" (PDF). Science. 321 (5895): 1465–1468. doi:10.1126/science.1160379. PMID 18703711. {{cite journal}}: More than one of |number= and |issue= specified (help)CS1 maint: multiple names: authors list (link) CS1 maint: postscript (link)
  2. ^ "Teaching computers to read: Google acquires reCAPTCHA". Google. Retrieved 2009-09-16.
  3. ^ "reCAPTCHA FAQ". Google. Retrieved 2011-06-12.
  4. ^ Luis von Ahn (2009). NOVA ScienceNow s04e01 (Television production). Event occurs at 46:58. The New York Times has this huge archive, over 130 years of newspaper archive there. And we've done maybe about 20 years so far of The New York Times in the last few months, and I believe we're going to be done next year by just having people do a word at a time. {{cite AV media}}: |access-date= requires |url= (help)
  5. ^ "reCAPTCHA FAQ". Google. Retrieved 2011-06-12.
  6. ^ Rubens, Paul (2007-10-02). "Spam weapon helps preserve books". BBC.
  7. ^ "Fight Spam, Digitize Books". Craigslist Blog. 2008-06. {{cite web}}: Check date values in: |date= (help)
  8. ^ TV Converter Box Program
  9. ^ "Full Interview: Luis von Ahn on Duolingo", Spark, November 2011, webpage: CBC-11.
  10. ^ Hutchinson, Alex (March 2009). "Human Resources: The job you didn't even know you had". The Walrus. pp. 15–16.{{cite news}}: CS1 maint: postscript (link)
  11. ^ "The Gentleman's Magazine and Historical Chronicle". Google Books. Retrieved 12 February 2012.
  12. ^ Timmer, John (2008-08-14). "CAPTCHAs work? for digitizing old, damaged texts, manuscripts". Ars Technica. Retrieved 2008-12-09.
  13. ^ "questionable validity of results if words are presented out of context", Google Groups, August 29, 2008, webpage: GGd2.
  14. ^ "FAQ". reCAPTCHA.net.
  15. ^ "Strong CAPTCHA Guidelines" (PDF).
  16. ^ "Google's reCAPTCHA busted by new attack".
  17. ^ "Google's reCAPTCHA dented".
  18. ^ "Def Con 18 Speakers". defcon.org.
  19. ^ "Decoding reCAPTCHA Paper". Chad Houck.
  20. ^ "Decoding reCAPTCHA Power Point". Chad Houck.
  21. ^ a b "Project Stiltwalker".
  22. ^ "Mailhide: Free Spam Protection". reCAPTCHA.net.
Retrieved from "https://en.wikipedia.org/w/index.php?title=ReCAPTCHA&oldid=501627169"