“Text-based Captcha is not broken per se, but it is clear that some combinations of features are really hurting the user experience,” says Elie Bursztein, a member of the Stanford team. “Video is certainly an interesting direction to explore–in theory, it contains more information than a fixed image, so if the brain is able to use that, a video Captcha might be easier.” However, Bursztein notes, providing more information could also give attack software more to work with.
NuCaptcha has built added security layers into its system. It tracks individual users and serves up more complex Captchas if any behavior suggests the viewer might be a software bot or someone paid to solve Captchas as part of a spam operation. If the system detects abnormal activity, the text can, for example, be made to move faster across a video, or the string of text can be made longer.
“We try to tell different individuals apart, and based on the pattern of interactions we record, we can adjust the Captcha if we think they are a risk,” says NuCaptcha’s chief technology officer, Christopher Bailey. “What you did yesterday affects what you see today.”
NuCaptcha was first developed as a purely security-focused product, with the advertising element added later. “No one really pays attention to banner [ads] anymore,” says Giasson, who adds that the NuCaptcha approach “ensures publishers and advertisers of the attention of users.” Some studies suggest that people’s recall is improved when they type or write down what they see, he adds.
NuCaptcha’s technology is unlikely to end the arms race with spammers. “Devising a good Captcha comes down to knowing what is hard for computers and easy for humans,” says Bursztein. “As the AI field progresses, the gap between the two becomes narrower and narrower.”