Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

A screenshot of one of NuCaptcha’s puzzles.

It’s been getting harder to prove you’re a human online in recent years. The squiggly letters known as CAPTCHAs that protect websites against spam software have got more distorted, as the software has got better at reading them.

That was why I thought it worth noting when NuCaptcha launched its video CAPTCHAs, which are easier for humans but still secure and have been adopted by sites including Groupon. Now researchers at Stanford suggest they, too will have to become more cryptic.

Elie Bursztein led the research, and explains on his blog how he designed software that compared multiple frames from NuCaptcha’s videos to spot and decode the jiggling letters needed to enter a site protected by a NuCaptcha puzzle. Video CAPTCHAs require the use of techniques not used against the puzzles before to isolate the puzzle amongst everything else in the footage, says Bursztein. But once software has located the string, but also provide multiple copies of the same puzzle, which makes it easier to solve. He reports that software that identifies video frames showing the CAPTCHA then goes back to the video to track the movement of the letters to accurately isolate them for recognition can beat NuCaptcha with close to 100 percent accuracy.

In response (full statement here), NuCaptcha have pointed out that their software tracks computers that solves their puzzles and serves up more complex versions than Bursztein cracked to very active solvers, which may be attackers. However, Bursztein says those harder versions pose little extra difficulty to his methods.

Fortunately, Bursztein also suggests that tweaks could make video CAPTCHAs even more secure than regular ones. If decoy objects designed to confuse video processing algorithms were added then CAPTCHA-cracking bots would not be able to tell which object needed decoding to beat the puzzle. Whether those designs also make it harder for humans to solve the puzzles is another matter. 

Given the gradual increase in the proportion of CAPTCHAs that I need more than one attempt to solve, I’m not optimistic.

10 comments. Share your thoughts »

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me