Old MacDonald Had a CAPTCHA Farm: Inside the World of Human CAPTCHA Solvers

At Are You a Human, when we talk about CAPTCHA cracking, we mostly focus on bots—those nefarious computer programs that create bogus accounts, send out spam, and snap up concert tickets for scalpers, among other things. But there’s another method for bypassing CAPTCHAs that’s been gaining in popularity over the past several years: CAPTCHA farms, where workers in developing countries are paid pennies to solve CAPTCHAs en masse.

beatcaptchas

BeatCaptchas.com, where 1,000 CAPTCHAs can be passed for just eight dollars

CAPTCHA farms like BeatCaptchas and BypassCaptcha fill banks of computer terminals with workers in countries like India and Bangladesh, then build APIs that pass CAPTCHA images to the terminals, where they are quickly decoded by a real person and then passed back. The result? A nefarious developer can create a program that, for example, signs up over and over for bogus email accounts. When the program is confronted with a CAPTCHA, it’s automatically solved by a real person.

But while most CAPTCHAs can be quickly cheated by CAPTCHA farms, PlayThru is not so easily defeated. That’s because unlike traditional text CAPTCHAs, PlayThru isn’t just a test that’s looking for a correct answer. Our games require direct user interaction, so they can’t be passed off over the internet for someone else to “solve.”

Interested in learning more about CAPTCHA farms? Here are two helpful articles:

ZDNet: Inside India’s CAPTCHA solving economy

Ars Technica: CAPTCHAs flummox bots, but may be doomed by CAPTCHA farmers

 
 

5 Comments

  1. Ian Hamilton

    Michael, I think you’ve misunderstood the point of the article. The point is that large volumes of captchas are cracked by humans in warehouses, not bots. So ‘are you a human’ does not help in even a tiny way. All it really does it make the process more long winded, and even more exclusionary, meaning that people with not only visual impairments but now motor impairments are now excluded from being able to complete them. The audio captcha get-out-of-jail-free-card is of no use, as it is difficult to hear, and the leading cause of motor and visual impairments is old age, when you’re also likely to have hearing impairments.

    There is a better way to do it, include more choices such as simple logic question, but really the best approach would be to stop trying to take new approaches at driving down the CAPTCHA dead end and put more effort into more intelligent approaches, such as Askismet.

  2. Max

    Ian, thanks for your feedback. Accessibility is an important point, and we’re aware that it’s an area where we could do better. We’re working on developing audio games so that none of our users are left out of the PlayThru fun.

    To be clear, though, PlayThru is is significantly less vulnerable to being “farmed” than traditional text CAPTCHA because it requires direct interaction. In other words, there’s no one correct “answer” that can be passed back and forth. This independent paper has more details: http://static.usenix.org/event/sec10/tech/full_papers/Motoyama.pdf

Share Your Thoughts