Completely Automated Public Turing Test To Tell Computers And Humans Apart (CAPTCHA) is sometimes referred to as a reverse Turing Test, since a computer is trying to determine if you are human as opposed to the other way around. In the 1950s, Alan Turing proposed a test to determine if a computer could trick a human into thinking it was human: "Are there imaginable digital computers which would do well in the imitation game?," aka imitating human behavior. CAPTCHAs, on the other hand, are trying to get you to prove you're human. The ostensible purpose of these tests is to reduce spam from online bots and otherwise improve digital security.
Captchas suck! |
The CAPTCHA Arms Race and Inaccessibility
In so far as there is an incentive to spam or find security vulnerabilities (which there always will be), there is an incentive to try to crack the best CAPCHAs. Earlier versions of CAPTCHA were fairly easy to trick by training simple machine learning models. This leads to a indefinite arms race, where CAPTCHA models improve the difficulty levels so bots can't easily crack them, and the bots retaliate by improving and eventually cracking the newest versions. The problem is that this arms race also makes it harder for humans to pass, and they are notoriously difficult for blind and deaf people.
Google's response is ReCaptcha, an attempt to make CAPTCHAs "hard on bots, easy on humans." It uses pictures instead of words, since images are harder for a machine to interpret but easy for a human. This has the added benefit of advancing the field of machine learning, since Google can use our ReCaptcha answers to improve its products.
Additionally, ReCaptcha is tracking behavior as soon as a user arrives on a site, looking at as relevant metrics as mouse movements, prior site visits, and the speed of the browser interaction. That's how ReCaptcha attempts to be invisible, but even so, it is surprisingly easy to beat.
Beating Google with Google
Next time ReCaptcha wants you to pick some signs, trees, cars, street lights, etc., see if Google's own product, Vision, can beat it. You can simply take a screenshot and drag the image to the "Try the API" section for free without creating an account.
Here's my results from the above image, clearly indicating that Google knows this is a sign (from itself- God, I mean Google):
If the Vision approach doesn't work, there's also the audio approach: use Google's Speech Recognition API to break the audio challenge. It would also probably be easy to train a bot to emulate human mouse movements and speed, so inevitably this approach will also fail. Perhaps the next step is video clips with questions about context, but eventually Vision will have these capabilities too.
Google could introduce adversarial attacks to their own ReCaptcha, but that too is at best a short term solution. Actually, come to think of it, that would be an amazing way to improve Vision's API. Step 1: Trick Vision V1 using adversarial attacks which simply introduce static noise to an image like below in order to manipulate the confidence of the model's prediction. Step 2: Train Vision V2 on human solved Recaptcha puzzles with trained noise applied, since a human would still recognize a panda over a (what's a) gibbon. Vision V2 will then be more robust to adversarial attacks than V1 and repeat. Wait... Google, are you already doing this?
Retreat from the Battles, Face the Coming War
Burden on the User vs Burden on the Business
The reason I struggle with recycling is because I wish that trash and recycling companies could be better at filtering and automatically recycling my trash; why do I have to do all the work for them sorting my trash and recycling in advance? Likewise, many have argued that CAPTCHA approaches put too much burden on the user. Perhaps instead businesses should focus on building secure systems that are robust to spam and other bots. While there are likely improvements to be made on this front, it is an optimistic view. Many applications, whether financial, healthcare, or government related, will always need users to prove their humanity.
In the Long Run We're all Human
Eventually, we will need some way to digitally prove we are homo sapiens. That might start with text verification, but it will likely need a biometric approach. For now, only humans have eyes, fingerprints, and human DNA. Yet, can we ensure this information won't be spoofed? That may prove impossible. An ideal PostCaptcha system, however, will likely use these metrics and others to conduct a reverse Turing Test.
Additionally, to ensure privacy protection and efficiency, these approaches will need to be anonymous, provide simple mechanisms to generate new users, but also remain difficult for a bot to abuse through emulation. It is possible that a centralized government based solution will be necessary long term; however, it is worth entertaining the possibility of a decentralized approach.
Next time ReCaptcha wants you to pick some signs, trees, cars, street lights, etc., see if Google's own product, Vision, can beat it. You can simply take a screenshot and drag the image to the "Try the API" section for free without creating an account.
Here's my results from the above image, clearly indicating that Google knows this is a sign (from itself- God, I mean Google):
If the Vision approach doesn't work, there's also the audio approach: use Google's Speech Recognition API to break the audio challenge. It would also probably be easy to train a bot to emulate human mouse movements and speed, so inevitably this approach will also fail. Perhaps the next step is video clips with questions about context, but eventually Vision will have these capabilities too.
Google could introduce adversarial attacks to their own ReCaptcha, but that too is at best a short term solution. Actually, come to think of it, that would be an amazing way to improve Vision's API. Step 1: Trick Vision V1 using adversarial attacks which simply introduce static noise to an image like below in order to manipulate the confidence of the model's prediction. Step 2: Train Vision V2 on human solved Recaptcha puzzles with trained noise applied, since a human would still recognize a panda over a (what's a) gibbon. Vision V2 will then be more robust to adversarial attacks than V1 and repeat. Wait... Google, are you already doing this?
The fact of the matter is that eventually there will come a day very soon when a bot can perfectly emulate online behavior- beat any CAPTCHA, understand all images as well as a human can, emulate mouse behavior, etc. Indeed, training a machine learning model to beat any CAPTCHA, not only a particular one such as ReCaptcha, is a step towards general artificial intelligence. And one day we will get there, so how can we build systems that are robust against bots and preserve the ability to prove you are human? A few considerations will be crucial.
Burden on the User vs Burden on the Business
The reason I struggle with recycling is because I wish that trash and recycling companies could be better at filtering and automatically recycling my trash; why do I have to do all the work for them sorting my trash and recycling in advance? Likewise, many have argued that CAPTCHA approaches put too much burden on the user. Perhaps instead businesses should focus on building secure systems that are robust to spam and other bots. While there are likely improvements to be made on this front, it is an optimistic view. Many applications, whether financial, healthcare, or government related, will always need users to prove their humanity.
In the Long Run We're all Human
Eventually, we will need some way to digitally prove we are homo sapiens. That might start with text verification, but it will likely need a biometric approach. For now, only humans have eyes, fingerprints, and human DNA. Yet, can we ensure this information won't be spoofed? That may prove impossible. An ideal PostCaptcha system, however, will likely use these metrics and others to conduct a reverse Turing Test.
Additionally, to ensure privacy protection and efficiency, these approaches will need to be anonymous, provide simple mechanisms to generate new users, but also remain difficult for a bot to abuse through emulation. It is possible that a centralized government based solution will be necessary long term; however, it is worth entertaining the possibility of a decentralized approach.
Another Blockchain Idea
Perhaps in the near future, there will be a better way to share private information with companies through a blockchain. The idea of a blockchain with time/ event based location permissions is an attractive one; why not extend that to all user identifying information?
Some websites may require lower security and only need a fingerprint, while others, such as financial institutions, may require IDs, selfies, proof of address, medical, and even biometric data. Users could be in charge of which companies and how much data to share, preserving anonymity and control.
Needless to say, a future PostCaptcha system may need much more comprehensive information about a person than we currently require to know they are who they say they are. Whether this approach or another ultimately succeeds, we need to start thinking hard about what a PostCaptcha world will and should look like.
Perhaps in the near future, there will be a better way to share private information with companies through a blockchain. The idea of a blockchain with time/ event based location permissions is an attractive one; why not extend that to all user identifying information?
Some websites may require lower security and only need a fingerprint, while others, such as financial institutions, may require IDs, selfies, proof of address, medical, and even biometric data. Users could be in charge of which companies and how much data to share, preserving anonymity and control.
Needless to say, a future PostCaptcha system may need much more comprehensive information about a person than we currently require to know they are who they say they are. Whether this approach or another ultimately succeeds, we need to start thinking hard about what a PostCaptcha world will and should look like.
No comments:
Post a Comment