The New Google Recaptcha

Internet DNA Podcast

Beating spam is a never ending story, but google, liking to be helpful in all walks of life have brought out google recaptcha, we discuss here what this is, what it means and how it compares to mud. Yes mud, possibly more interesting than recaptcha.

 

Transcription

(this transcription is written by robots… so don’t be surprised!)

Hello and welcome to this week's episode of internet DNA with me, Abby, 

and me. Dan. This week we're 

going to discuss the new Google recaptcha. 

Or just captcha in general. It 

started with terrible letters and numbers that when you filled out a form, you had to guess what the letters and numbers. 

What happened is that the nefarious people that do these sorts of things built little bots that filled out forms 

and the fairest people.

The spammers. 

They just filled out forms all the time, and sometimes what they were doing when they were filling out those forms was trying to inject bits of code or seeing if there was anything they could do. Lets say you were sending out quite expensive brochures, for example. What you don't want is to be sending hundreds and thousands of these things to people that don't really exist, or at least.

Packing them and getting them ready to go and then realizing that they're not real addresses and just an a terrible waste of time. 

Why were they doing it? It can't be time-wasting. I can't believe that spam is spam just to waste time. It must be that they thought that they might somehow be able to find a back door.

There's a number of reasons why they might do it. Yes. Seeing if they can get into back doors, seeing if they can then identify where in the database they have appeared. Seeing if they could register themselves as users because that way they can then try and upgrade their permissions. So there's a number of reasons why you might do it.

Yeah, exactly. People. So we'll, let's try and stop this. So there are a number of ways that you can do this, but the one that caught on all the very first one was captcha that was basically doing, as you said, terrible letters. 

It was impossible. It may have stopped the robot, but I could never work out what those letters and numbers said.

It didn't seem to mind whether I got them right or wrong. So I was never quite sure how it stopped the robot. 

No, it did matter whether you got them right and wrong, and the way it worked is it would give you a token. You would then fire back whatever the letters were. So we can't tell you what the letters are, but it can tell you that the letters that you entered are correct for that image.

So that worked for awhile, but then obviously like anything, it's a war. So people got better and better. So that machines were better at reading the letters and humans were, and I think that's when you got to you, which is, I can't read these letters myself. 

So then they thought, well, there's different ways of doing this.

You had the number one, 

Oh, everybody loves that one. 

No, I did like that one. Yeah, I can do it. I felt good. 


Then there were, the human ones where they would ask you, or an English language question that you would have to answer. 

I don't remember that. 

And it was always phrased in a weird way, quite difficult.

The color of English mud is. English. And then it would just give you really odd answers like purple, orange, or Brown. So as a human, you're going to know it's going to be Brown because the other answers are completely pointless and not, 

I'm not saying that was an actual question. 

You say the other countries.

Like German muds what? Green and orange. So we'll have different muds. 

Yes, we do. 

So Russian mud, for instance, is much darker than European mud. It's more, yeah, it's more Peaty. I'm actually, if you're getting into modeling, not of the underpants and muscles types, but in the blue paint type, you'll find this loads of paints and scored like European or African clay, African desert, Russian.

steps oh, different colors because. If you're reading through it and you want the authenticity, I'm not there yet with my modeling. Then it matters that that color of mud is actually from Russia, not an English type of model, which is a much more brownie type of month.

 I'm so pleased. I asked, yes, knowledge, but I'm worldly anyway.

The computers, obviously these spambots decided that they could answer that question too. Is that right? Since then, there needed to be a newcaptcha. 

Well then we went through the honeypot phase. 

I didn't know what the honeypot phases. 

So the honeypot phase is that you put a form element into a form that you can't see as a human.

So anybody who fills it in, it's obviously not human 

or the hidden form field. 

It's like a hidden form field. It's not actually hidden. Cause if you say hidden, then the form knows, Oh, I can't answer this to a computer that's just reading through the code. It looks like an actual field, but actually it's not really there.

It's phrased or it's phrased in a way, like 30 times with this question. Well, of course he answers the question cause it's just tick, tick, tick, tick, tick, tick, tick, tick, tick, all the boxes. 

Let's take a step back for a moment. We had all these different types ofcaptchas and then Google comes along and Google likes to do everything and make it simple and to take a lot of data but give us lovely things.

And so what was called a recaptcha there was the Google recaptcha version two so there's the ubiquitous, I'm not a robot chatbox, which I don't understand either because surely a robot can check a check box. 

But it's not a chat box. That's the thing about it. What is it? It doesn't appear to the computer, to the bot that that's something that it should press.

Just as an image. It was very interesting because remember all those crappy words and crappy letters. They're taken from text of books that needed transcribing into a language. So they would give you words that you would write those words out. They might not make any sense to you because they were Latvian, but they were transcribing books.

That's what they were doing. So it was quite a nice, do you remember how the internet used to be quite friendly in that sort of way? 

So next is Google. You use those grid of images and said, which images have traffic lights. And you had to click them. That was my worst type of spam bot because sometimes it might have a tiny bit of a traffic light pole.

Now does that have a traffic light in or not? 

Okay to see that picture, the choose from the grid walkways or cars or trucks or traffic lights, you have to have failed the original part. Recaptca had two has a small part, which goes all they doing. I think that a human would ordinarily do 

I obviously fail them quite a lot.

Yeah, but that might be because you're as a web developer, you're going and doing strange things on websites that normal people don't do like refreshing pages over and over again, so then you fail. Then you get the, it's always an American word, isn't it? So it's always with sidewalks in it or with pedestrian crossings, they don't call it pedestrian crossings, whatever they call it.

Again, you don't have to get a hundred percent. If you get 80% you're going to pass. 

I watched a brilliant new series on Netflix called upload, and it's similar to the book I'm reading by Neil Stevenson. It's all about uploading once your dead. Anyway, guy was trying to get to his funeral. He had been up  loaded and to get into his own funeral, he had to click the cat.

Pictures. I'm one of those electronic person or a robot or an algorithm in this uploaded world. And he's dressed as bell boy and he'd be standing there for ages like clicking away, couldn't understand why he couldn't get it, cause he couldn't work out which one had the cats in. And the guy comes in and clicks the cat and he gets to his own funeral.

That made me laugh. So that's kind of where we are now. But the new one is the, actually you can pass and you'll never see that one. Because the politics of it is hidden, that it's seeing, are you doing normal human things? Yes, you are. That's fine. Well, it's probably actually framed in, are you doing non-ordinary human things on this page?

Yes, you are right. Show them the grid 

before you move on to the final ones. The recaptcha version to be invisible. recaptcha badge validates requests in the background. Instead of you having to click the, I am not a robot badge, it works on you clicking a different button on that page. So it might be the submit button or something else that you've had to click on and it works.

Using that. So it's making it invisible and it's one step better, but it's not as good as three. 

And the thing was three, it does away with the grid completely. I mean you either fail or you don't because it's using AI. It learns all the time, the kind of ways that computers do it. So it gets better and better.

So it's a learning. algorithm

So the reason that I wanted to do this podcast was because I'm starting to put recaptchas onto forms, onto websites, and a client came back and said, where's my recaptcha that I've paid for? And I was like, well, it's the invisible. It i a new thing. People aren't knowing that it's there.

So recaptcha version three is completely invisible and it's done in the background, which makes me laugh slightly because it's done by robots to stop robots to anything you do at all. Or it's just by the very fact that you. dont Touch something.

It's got nothing to do with what you touch. It's actually looking at how the mouse moves, how the cursor moves, how you travel through the form.

You've done the form in a hundredth of a millisecond. Your, human being, I mean, I've given you a really obvious one because the bots get clever or they fill it in slowly. They enter in the letters one by one.  What it's doing is it's learning by the way that you feel the format and all you are, all you know about it.

There's no new hidden fields or weird click things that you're not meant to click or you aren't meant to click. It's actually looking at the way you fill out the form and the way you act on the page and where you move your mouse and it's saying that is a human way of dealing with it. Not a computer.

Well, that's a good thing. It's a good thing that we don't have to be in charge of saying that we're not a robot, but it's good for now, isn't it? I mean, it might be annoying later. Why? Well, you wouldn't want to be told that you're not a human by a computer. 

That's great. I mean, as a designer of forms cI an go back  to making it  nice.

People arent having to spend extra time and people like me that get it wrong and end up with grids and get really upset. We're not going to have that issue 

And dont like clicking cats and lampposts we've become too like a computer and then we'll get into trouble again. So what happens if you don't pass? 

It doesn't submit the form. 

Oh, that would be annoying.

It would be especially annoying if it was something you needed. Maybe like your bank and you're not a human. You can't have your money. No, but I am a human. We don't think you are. A whole new level of computer says no, 

and there's no way of disabling it. I mean, I suppose the point is it's made for spams, so they've worked very hard to make sure that you can't just disable it and carry on.

Absolutely. You can't actually submit the form without getting a positive. 

In the steps forward as technology goes and things change, and often you're like, okay, but I think this is a really good step forward and I hope that the people will start to be used to it and we should start to change all forms in this direction.

There is a convergence on this, which is the computers get cleverer. And eventually you'll get to a point where it's almost impossible to distinguish a human from a bot or a piece of programming. We call them bots, but there'll be a little bit more advanced by then, and then you do run into a problem, especially when we end up augmenting ourselves in becoming computers and bots ourselves, 

all that bots display more human features than humans and actually start locking humans out because humans can't act human enough.

To keep up with the bot. That's where you start to run into where did we end up here? But I'm guessing we stopped filling out forms. Really? We just plug it 

People wil be able to read up mine. 

Data is our DNA, you know, from our DNA that that is all the answers that you'll ever need from us. 

It's definitely the way its going to go that you have to authenticate it with your DNA or use blockchain wrapping bits of your own personal identity.

A bit like fingerprinting that you are who you are. Im Abi Fawcus and I allow you to have my name and address. 

But in the meantime, when we're updating your forms to be invisible, we promise we're not charging you for the Emperors  new clothes. We are doing what we say, we're doing some invisible clothes sir. And that's exactly what you've got. 

Well, where are you going to end it there this week? And even if we haven't helped you at all with recaptcha. So I hope that we've educated you in different colored mud. I look forward to speaking to you next week. 

Goodbye for me. 

Bye for me.

β€”

Dan & Abi work, talk & dream in tech. If you would like to discuss any speaking opportunity contact us.