How PlayThru stops the bots

At Are You a Human, our approach to stopping spam is different from CAPTCHA, so I wanted to take some time to explain how it works.

We set out to get rid of those squiggly text CAPTCHAs that everyone hates. We could not just get people to remove them and be done. Those distorted words are there to keep spammers out. We needed to find a way to make it easier for humans but still difficult for computer programs.

Our games were developed with that in mind. They are quick and simple, 10 second challenges with elements that make it difficult for automated attacks. We place multiple images in our game and ask users to interact with them by dragging the correct shapes into the right location. These shapes are generally floating around in the game play area. This means that a  computer must accurately identify the correct shape, find it on the screen, move it to the correct location. If there are any errors, we take that into account.

We maintain a variety of games and are always releasing more. These games have different sets of images, mechanics and game play. This keeps it fun for people and helps keep it difficult to create a single program to bypass PlayThru.

The difficulty of these games can be adjusted by adding more shapes, having the objects move faster, lowering the failure threshold and several other factors. Once all of the shapes are dragged in correctly, we end the game by showing a game complete screen.

However, getting to this point does not indicate success or failure. Passing the game is more than just playing the game correctly. We also track user (or bot) interaction with the game, like mouse movement. The data from this interaction is fed into our algorithm that determines a score for how likely it is to be human. This score for the game play is then stored. Once a user submits the game to a site, that site can request information about the success of that particular game. Each site can have different thresholds and settings, and we tell them whether the overall game should pass or fail based on their preferences.

Because our focus is on usability, we keep our games relatively simple and the pass threshold low by default, but we maintain the ability to increase these as needed. We also have multiple games, which makes solving one not as meaningful.

This flexibility is what makes PlayThru so powerful.  It is not a one size fits all tool, and we have the ability to evolve our scoring system over time.  This flexibility also allows us to constantly add new games, and breaking one game does not break the entire system.

We are always working to improve our scoring system to make it easier for people while keeping the bots at bay.  Part of that includes writing bots of our own. However, we welcome those that want to create these bots in collaboration. The more data, we have the smarter the system can be. If you are interested, please email us at support (at) areyouahuman (dot) com, or send us a message in our forum.



  1. Johnny Cumsdaily

    Nice! But how does multiple games stop a computer program if they can click the refresh icon on the captcha until they get whatever game they want?

    • bcblackmer

      Thanks for the comment.

      Using the refresh button is something we track that goes into our algorithm to determine humans. If it is used to often, it can affect the user’s humanness score.

  2. Iniyan Paramasivam

    But will it be really difficult to write a program to catch the moving objects and drop it in all the places inside that play area. (Using brute force method.. )?

  3. Max

    Hi Iniyan,
    As we explain in this post, we actually analyze your movements during gameplay, not just whether or not you drag the objects into the correct area. So a brute force attack would still be detected as a bot.

  4. Leslie Brown

    I have not received one spammed out form since implementing this on December 23rd, 2012.

    Prior to this, I was getting up to about 10 spam registrations/form submissions per day.


Share Your Thoughts