Skip to content
Captcha-Bypass

Captcha meaning

First of all, let us remember what is a captcha?. CAPTCHA meaning in english is an acronym for “Completely Automated Public Turing test to tell Computers and Humans Apart”.

captcha-meaning

A captcha is a test of type challenge-response that is used to determine when the user of a computer system is or not human. Captchas are those images with letters and distorted numbers we see on many websites such as registration forms, pages of comments to forums and blogs, and many other pages. A captcha aims to distinguish a computer from a human being, and thus, to prevent robots (also called bots) make improper use of a service, as sending automatic spam comments to a forum or a blog.

The captcha is based on the idea that a human being can meet the test without any problems, while a computer will have many difficulties or will be unable to do so and therefore, in this way we will achieve prevent access. Unfortunately, each time more the captcha are more difficult, apply more variations, noisier and more noise is introduced to make more difficult the resolution by computers, but at the same time also are harder for people. But in addition, this type of captcha that is normally used, an image with distorted text, may not be used by certain groups of users. In particular, the captcha block access to many users who suffer from some type of disability. People with reduced vision, such as the blind who have difficulty distinguishing certain combinations of colours or people using screen magnifiers to enlarge the size of it that is displayed on a screen can have serious problems to distinguish the text that is displayed in a captcha. On the other hand, it is evident that blind people who use a screen reader cannot answer the captcha based on images with text inside, since these images can not include in the “alt” attribute of the label <img>the text that is written in l You captcha, since then a computer could also read it and could pass the test. In addition, people with some sort of cognitive or intellectual disabilities such as dyslexia may also have problems when interpreting the text that contains a captcha.

Captcha is invalid

The problem of the captcha appears as one of the main problems of accessibility of web pages today. WebAIM, an organization dedicated to the study and dissemination of web accessibility, has in recent years made several surveys on the use of screen readers. Screen readers are software employing people blind or with severe vision problems to use the computer and, therefore, surf the Web. The second survey conducted in October 2009 had several questions about the use of images in web pages. There was also a question about which items were the most troublesome (difficult and confusing) Web pages. In the results, the captcha appeared in the first position, with 28% of the responses. Therefore, the captcha poses a severe problem of accessibility, which prevents the active participation on the Internet for some users. For example, the famous Wikipedia Encyclopedia shows a captcha when you want to modify an article. Therefore, a blind person cannot create content on Wikipedia. Or Yahoo! mail system also shows a captcha. In these services, a disabled person needs the help of another person to participate. Is there any alternative? There are accessible captchas no? There are some alternatives, as we will see below, but all have a problem, and there is no alternative that is the perfect solution. For example, when you want to get an account on Google Accounts to use a service like Blogger or Gmail, provides alternative captcha for blind people that consists of listening to a sound fragment and write letters and numbers that you hear. Also, other web pages, use this system as the registry in Windows Live.

captcha-is-invalid

Captcha not working ?

We are going to try it. We will use a browser. We are in the Windows Live page to create a new account. And we have this visual captcha with two words that must be entered in this text box. In addition, we have the possibility to switch to a sound captcha. We will try and let’s see what you hear. [Listen to the captcha: a few numbers with background noise] We have heard as you have named some numbers that we would have to type in this text box.

But, like the visual captcha, the sound captcha also includes some distortion, which are often unintelligible. In addition, they require a quiet environment to be able to be understood correctly. Also presented a significant problem: the user’s browser must support JavaScript and should have certain plug-ins to be able to reproduce the sound fragment. Finally, Deafblind users, not can access or not to the sound captcha visual captcha. We check other types of websites. Are social networks as “social” as we promise?

Make a test with Twitter. We’ll see what happens with your captcha in the registration page. We go again to the browser, to the main page of Twitter. We are going to register as a new user, this is the registration form, as we can see this in Spanish. Pulse on the button “Create my account” and get me a visual captcha so you write the two words that appear in the image. In addition, we also have the option to switch to a sound captcha. Let’s hear it.[Hear an explanation in English][Listen to the captcha: words with background noise][Turns to listen once again to everything]As we see, quite surprising, the form is in Castilian, but the sound captcha is in English.

captcha-not-working

To solve the problem of accessibility of the captcha some interesting proposals have emerged, but none is a panacea. WebVisum is a complement for Firefox that allows users with vision problems or blindness to navigate and interact with web pages more easily. Among its functions, there is a help to solve the captcha. This add-on for Firefox allows to send to the people of Webvisum a captcha image, they solve the captcha and return the solution to who has requested it. In particular: suppose that we have agreed to a web page that contains a captcha. Press the right button of the mouse on the captcha and “Solve CAPTCHA” is selected from the context menu. With this we send the captcha to Webvisum people. A notification informs that the captcha has been sent and it is processing, resolution time depends on several factors.

When the captcha solution receives, shows another notification with solution and indicates that he has also copied to the Clipboard. You select the corresponding text box and paste solution. And, thus, can already send form. Another similar initiative is offered by the project Solona, a community of users who help solve the captcha to blind users registered on its website. This system is similar to the previous one: a person examines the captcha and solves it as confidential, by sending the result to the other user blind. However, as I said before, these systems are not the universal solution, even more so when they are emerging new types of captcha which are even more inaccessible for some groups of users.

Captcha Examples

Let’s see some innovative proposals for captcha. For example, on the website “They Make Apps” used a captcha that consists of a scroll bar that is to be moved to some extent. Clearly, a blind person can not solve this captcha or either can resolve remote form using a system such as Webvisum or Solona. Another proposal is that we can find on the website “Web Design beach” where you have to drag an object onto an area of the page. We are going to try it. We go to the browser, the page of “Web Design beach” and here we have the visual captcha. In this captcha, give us the statement that to verify that we are human we must drag the heart to the circle. If I try to drag any of the images, can not I, only I can drag the heart. And with this already could send the form correctly. Another alternative captcha is “Animal Captcha Test”, where you have to write the animal that appears in a distorted image. Obviously, this captcha is also inaccessible to a blind person or with cognitive problems, and surely many people will also have problems when it comes to appoint certain animals.

captcha-examples

Another alternative captcha is which can be found in “Captcha The Dog”, showing nine photographs of animals and have to predict what is the dog. The process is repeated a number of times until all pictures are of the same animal, in this case of cats. We are going to try it. We go to the browser, to the website of “Captcha The Dog”, and here we have the captcha. And ask us “which of these things is not equal to each other”. We have nine pictures, as we can see, eight are cat, and there is one, which is here, which is a dog. I select it, and it reloads another set of photographs where the same thing happens, eight are cat and one dog. I return to select the dog and become to load nine photographs.

Again, we have eight cat and one dog. And, finally, we have nine photographs which are of the same cat. When all the pictures are the same, we can already send the form. Another proposal is that of “Imagination”, which uses a dual system. The first test shows an image composed of multiple images and marking the geometric center of any of them. For example, if I choose this image, its geometric center would be more or less around here. The second test of this captcha shows a distorted picture that must be labelled by choosing a label for a set that is proposed. In this example, you would choose the label “man” (man, in English). Another proposal is that of “Yuniti”, is used where a captcha that consists in recognizing three-dimensional models of objects and animals. Shows this image with three objects, and for each of them, select similar between this set of objects object. Another captcha alternative is proposed “NuCaptcha Engage”, where is used a captcha like we are accustomed, but instead of using an image, a video is used. Let’s take a look at how it works. We go to the page of “NuCaptcha Engage” and here we have the captcha based on video. On a video shown certain text in motion. And we, what we have to do is to write the three letters that appear in red. Finally, another proposal is that have developed some Google engineers and that was presented in the World Wide Web Conference in 2009 which was held in Madrid.

Captcha test

In this proposal, the captcha consists in identifying the correct orientation of a photograph. A scroll bar that rotates 360 degree image that has to guide is used to do this. It is clear that this solution is not accessible, since people with visual impairment may not answer it. In short, we have seen that the captcha currently used are inaccessible to certain groups of users. The same happens with the new captcha that they are proposing. But it is that also the new captcha are becoming more complex, more difficult to understand. And, of course, in some of them there is the language barrier, as we have seen, not only affecting people with disabilities. And this ended this video tutorial in which I have explained what the accessibility problems posed by the captcha. In the next part of this video tutorial, we’ll see what solutions there are to the non-accessible captcha. If you need more information or want to contact me, here are the details.

Captcha solving

In this second part will see that you solutions there are to make the captcha accessible. The World Wide Web Consortium, the international consortium that develops recommendations for the Web, such as HTML or CSS, published in 2005 a note where he analyzed the problem of the captcha and proposed six possible solutions. Unfortunately, these solutions are not the panacea (therefore proposes six solutions) and some are very difficult to obtain. On the other hand, there are developers who have proposed some alternatives to captcha Visual. These alternatives are based on the use of textual captcha instead of visual.

captcha-solving

Developers who propose these captcha claim that they are accessible, though this is not entirely true, as we shall see below. For example, the dedicated Discapnet portal to persons with disabilities, uses a captcha where the answer to a simple mathematical operation must be introduced. This captcha presents an accessibility problem, since persons with cognitive or intellectual disabilities may have problems. In addition, is a bad solution, since it is easy to overcome: isn’t hard to make a program that calculate the result of the mathematical operation. On the website manualdeusuario.es, used a captcha where you have to answer a simple question like what is the color of grass or what color is snow. Again, this solution raises several problems.

First, again persons with cognitive or intellectual disabilities may have problems to solve the captcha. In addition, as we can see this same example, there is the problem of the language barrier. And finally, how many questions is can create? A good captcha must have an unlimited number of questions, which should be easy to create, and preferably an automatic mode. This type of captcha only allows a limited set of questions. We can find another example of accessible captcha attempt in the alzado.org website, which used various types of captcha. For example, in this, it is necessary to type the word appearing in the table at the specified coordinates. In this case, it would be the word pea. And in this otherwise, should be answering the question of general culture which is performed. In this case it is asked. Photo monument is located in the country of… As the photo shows the Eiffel Tower, we must answer France.

Captcha bypass

Some problems presented by this solution are similar to previous proposals: there may be problems with the level of culture, people with cognitive disabilities may also have problems and there is still the problem of the barrier of the language. Another proposal is the so-called Heyes Captcha, in which the user has to press a series of keys for a number of seconds to show that he is a human being. We are going to try it. We go to the browser. We are here on the website of Heyes Captcha. And, the instructions tell us that we have to press the key for 4 seconds. Therefore ourselves on this box and press the E key see as moving towards the counter and when you get to 4, let go. Now we are told that we must press the J key for 5 seconds. So we repeat the operation, press the J key for 5 seconds. And now the key is pressed for 2 seconds, and we see that we have passed the test. Unfortunately, such a system is a problem of accessibility for those who suffer from some type of physical disability involving disabilities, such as cerebral palsy or muscular dystrophy, and prevents a precise control user interfaces. The most original idea and, perhaps, which further has, is that we find in the so-called Honeypot Captcha, the honey jar .captcha… In computer science is called honeypot a system is actually a trap, and whose intention is to attract potential attackers of a system that you want to protect. The idea of the Honeypot Captcha is to offer to the bots a taro of honey, to come to him like flies to honey. However, it is assumed that a human being will not fall into the trap. How does the Honeypot Captcha?

Captcha solutions

Normally, a web page is made up of the two parties: the HTML and CSS code. The HTML code defines the structure and content of the web page, while the CSS code defines the presentation of the website (colors, fonts, positions, etc.). The key of the captcha from the .tarro of honey. It is to exploit the fact that most of the bots current do not interpret the CSS code. Let’s look at a simple example of this trap. On the one hand, we have the HTML code of a form to comment on a blog, that defines a form similar to this. This form consists of the following fields: name, email, comment and a field that should be left empty and that is the .tarro of honey… On the other hand, we have the CSS code that hides the form field which makes the function of the .tarro of honey… As I’ve said before, the key of this trap is to exploit the fact that most of the bots they do not interpret the CSS code.

A human using a normal web browser will see the website with the presentation defined in the CSS, and therefore, the field that there is that you leave empty will not see it and will certainly leave you empty. However, a. bot. you will see the web page without the CSS. You will see the field that should be left empty, and populates it. Therefore, when received a comment on the server, if detected information in the field. This field should be left him empty., be supposed that it is a bot who is the comments submitted, and will be rejected? This solution is very simple and at the same time very good, since it is very easy to implement and is transparent to the user. And by being transparent, it is fully accessible. However, what happens when a user use a browser that does not interpret CSS? The key to this captcha also exploit the fact that nowadays most of the bots they do not interpret the CSS code, but it is not unusual to assume that in the near future they will really do it, and then this captcha will not be useful. Another clever captcha is that it uses WP Hashcash, a. plugin. WordPress, one of the most popular blog platforms. In this case, the key to this captcha is to exploit the fact that most of the bots do not interpret JavaScript code. East. plugin. generates a random-valued function whenever you access a page with a form to leave a comment. When you send a comment, also sent the result of this function. If who tries to post a comment is a. bot., do not execute JavaScript code, will not send the output of this function, and the comment will be rejected. This solution has the same weakness as the captcha of the .tarro of honey.: the bots currently does not execute JavaScript, but it is not unusual to assume that in the near future that will do this and then this captcha will not be useful. However, this captcha has a characteristic more than it resolves this possible future situation.

The spreadsheet that performs the function of JavaScript is what is known as .proof-of-work., translated into Castilian work test… The key to the .proof-of-work. It is their asymmetry: work must be moderately difficult (but feasible) by the client-side, but easy to check on the server side. The customer must spend some time to calculate the result of the work, so it will be a huge penalty to a. bot. trying to send thousands and thousands of comments, and you have to repeat this work thousands and thousands of times. However, for a single user not is a significant penalty, because that will only do so once. In addition, to be asymmetric test work, the server can verify the result in almost no time. The advantages and disadvantages of this proposal are similar to the of the captcha from the .tarro of honey. that uses CSS: is simple, transparent and accessible, whenever the user use a browser that supports JavaScript. To finish. We have seen the accessibility problems posed by the current captcha. The new captcha are being proposed do not solve this problem, since they are still not accessible. Even those who are proposed as accessible, ultimately they are not. The solution is to use some kind of transparent captcha that does not affect the interaction of a user with a web page. We have seen two solutions of this type, one based on the use of CSS, and based on the use of JavaScript. But they are not the complete solution. In reality, it is difficult for you to arrive one day to a total solution, since this is the typical game of cat and mouse, where every time there is a new type of captcha, appears a trick to bypass the captcha.