Google’s No CAPTCHA reCAPTCHA, what we think
After looking at the new reCAPTCHA from Google, No CAPTCHA, it was interesting to get someone else’s insight.
The human element
This post contains some nice technical analysis, but the main point is one that we wholeheartedly agree with; recaptcha may help against automated attacks but won’t help against human based brute force “teams”.
Add to this the paper given at the international machine learning conference in Edinburgh in July where they created a program that could identify humans, dogs and cats from images with over 75% accuracy. The Building high-level features using large scale unsupervised learning paper shows that machines can easily learn to recognise common concepts quite quickly given the available resource, which in this case is the internet and google picture search.
We are but human
I think where we are going is that reCAPTCHA doesn’t solve the problem of “something you have” or “something you are” and relies solely on “something you know” or more importantly “something you can work out” Computers will always be able to surpass humans in that respect given time and resource. We as a species fail to accept this (alpha bias) but it is true and has been true for a while.
reCAPTCHA is a band aid that provides an acceptable human solution to a fundamental problem; people are by their nature insecure (in every sense of that word). We try to get them to be more secure but you are working against human nature.
CAPTCHA gives the idea this is a solution because it allows the viewer to think they are outsmarting a machine or applying some form of higher learning that we (humans) believe is beyond the remit of a machine. For what it’s worth I wrote a machine that could read sheet music in 1990 and it was old technology then. We watch as machines recognise missiles in flight from a glimpse some 4 miles away and could react and take action in under 0.5 of a second, we see rudimentary machine learning of facial expressions.
The unique identifier
What is needed is a unique identifier for everyone. This is being implemented as we speak, mobile phones, laptops and source machines such as routers can provide that form of single identity. Humanity doesn’t like it when a machine removes their secret, so it’s being pushed on us by approaching our animal desires, form and function and status.
The solution was presented many, many years back in the form of an “ID Token” which was carried by individuals that had the ability to recognise its human owner by remote biometrics and was stored inside a tamper proof sealed unit that could recharge either via power source or akin to kinetic watches.
The issue will be getting humans to accept anything that will uniquely identify them all the time… even when they don’t want to be.