Vlogger Tom Scott offers a rather honest look at the history of CAPTCHA, a system designed to determine whether or not a computer user is human. Scott notes how the earlier systems were good, but confusing at times, whereas the more modern versions made it a bit easier to navigate. Unfortunately, this simplicity also made it easier for bots to slip through. One security company reCAPTCHA, which is owned by Google, uses a bit more secure, if not slightly ominous, means of keeping the bots out.
At the end of 2018, Google released reCAPTCHA version 3. And you might have already passed, or failed, one of those without knowing it. There’s no box to tick, no puzzles to solve: when you browse round a site, version 3 works in the background and watches what you do. By the time you’re posting a comment or signing up, it’s already assigned you a score based on how likely you are to be human. And again, Google is being very careful about saying how they’re working that out… The bot makers, of course, are already working on the challenge.
Scott appropriately likens this constant challenge as an “arms race”.
Bots are becoming more and more indistinguishable from humans. Successful CAPTCHA methods are having to be more and more intrusive. The arms race continues, as it has done for twenty years or more.