Chrome to Cut Down on CAPTCHA Tests

John Lister's picture

Google is testing a Chrome feature that could heavily reduce the time users spend completing CAPTCHA tests. The tests are designed to reduce spam and other automated mischief but can irritate genuine human users.

CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart". It's designed to use a test that's relatively simple for a human to do, but difficult for a computer.

Often such tests take advantage of the fact that humans are better at recognizing images and patterns, for example spotting pictures with varying backgrounds that contain a bicycle.

Other tests look for human "frailties" such as ones where the user simply has to click in a box. These rely on the fact that a human won't move the cursor in a perfectly straight line or at a completely consistent speed.

Tedious Repetition

Some CAPTCHA tests are more frustrating than others to complete - for example, when the instructions use a term that varies between forms of English used in different countries. However, one of the most common criticisms is the sheer number of times people have to complete a CAPTCH every day.

Google's solution is relatively simple: an "auto-verify" system. If a site supports the system and the user passes a CAPTCHA test, it will use a setting similar to a cookie to record the "pass". On future visits to the site, the user will be automatically approved and not need to see a CAPTCHA.

What would make the feature particularly useful is that other websites would be able to see the setting as well. They could then use this to decide whether to use their own CAPTCHA or automatically approve the user. (Source: mobilesyrup.com)

Privacy Addressed

The precise details of how it works are still unclear, but it appears Google is looking for a balance between usability and privacy. It says that sites "can share a small amount of information as part of the verification" but also notes that it works "without identifying you or allowing sites to see your browsing history." (Source: androidpolice.com)

The feature is currently available as an opt-in test for people running Google Canary. That's the version of Chrome that gets the earliest access to new features and those in testing, though is also much more likely to suffer performance and stability problems.

Potential for Abuse

One potential abuse of the auto-verify feature is that it could allow bad actors to bypass CAPTCHAs on websites that have not implemented the system. This could enable them to automate spamming, phishing, and other malicious activities that rely on automated bots. This could potentially result in an increase in the number of attacks on websites and a decrease in their overall security.

For example, a spammer could use the auto-verify feature to create multiple accounts on a website and automate spamming. This could be particularly problematic for websites that rely on user-generated content, such as forums and social media platforms, as it could result in a flood of spam that makes it difficult for genuine users to engage with the site.

Another potential abuse of the feature is that it could enable advertisers to track users across different websites without their consent. This could potentially violate users' privacy and lead to targeted advertising that some users find intrusive.

To mitigate these risks, Google will need to implement strong security measures to ensure that the feature cannot be abused by bad actors. This could include monitoring for suspicious activity and implementing mechanisms to prevent automated attacks and spamming.

In addition, Google will need to be transparent about how the feature works and what data is shared between websites. This will help to build user trust and ensure that users are aware of how their data is being used.

Overall, the auto-verify feature has the potential to significantly improve the user experience when browsing the web. However, it will be important for Google to address potential security and privacy risks associated with the feature to ensure that it is not abused by bad actors.

What's Your Opinion

Do you find CAPTCHA's frustrating? Would you be happy to use this feature if it reduced the number of times you had to perform such tests? Do you trust the feature won't affect your privacy?

Rate this article: 
Average: 5 (2 votes)

Comments

doulosg's picture

I am surprised at the frustration over "sheer number of times...every day." Really? I see maybe one or two a week, and most of the time is just a checkbox. My frustration with these is in the implementation, not the frequency. Often, the CAPTCHA appears below the Submit button, so that I don't recognize that the checkbox is even there until the submission is rejected. Or, the interface times out, and the CAPTCHA fails as not completed.
My frustration with the image-based CAPTCHAs is that my eye and the CAPTCHA may disagree on whether the target item is actually in the picture: Does that little corner of a traffic signal qualify as contained in the image or not?

Draq's picture

Another point of irritation when it comes to CAPTCHAs is that they can fail to meet the needs of people with disabilities. It's probably a lot less common now, but it can still happen.

Since most CAPTCHAs are images, a partially sighted person may have trouble figuring out the contents and a totally blind person won't be able to solve one at all without assistance. When an audio option is available, sometimes the audio is severely and intentionally garbled. This can make it nearly impossible to solve for someone who is hard of hearing.

It may take time for websites to support this proposed system, but hopefully it'll make things easier for those of us who often feel frustrated when accessibility is an afterthought.

Unrecognised's picture

True. Even for reading glasses wearers. Still, nope to 'small cookie-like pieces of info' left on my machine by them.

Focused100's picture

Some sites will give you six or more captchas even tho you got it right the first time

ehowland's picture

I have seen that too. If there is more than three (figuring maybe I screwed up at first) I leave the site, they loose.

russoule's picture

as Focused says, I have had to answer the CAPTCHA several times, particulsarly when it is letters or numbers mixed on a line. in many cases, those individual letters or numbers jus cannot be determined. another problem is the picture CAPTCHAs wherin the purpose is to have 5 or 6 "good" choices out 10 or 12 total choices. by itelf that works, but only if the poictures are rendered clearly. most are not.

I had a problem with GOOGLE's CAPTCHAs for a while. I had set my system to NOT use hardware acceleration and the CAPTCHAs didn't show on the screen. had to re-set that setting to USE hardware acceleration. but only on CHROME, not on EDGE.

Unrecognised's picture

If privacy CAN be abused, it WILL.