reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows. Check out our paper in Science about it (or read more below).
A CAPTCHA is a program that can tell whether its user is a human or a computer. You’ve probably seen them — colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from “bots,” or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.
About 200 million CAPTCHAs are solved by humans around the world every day. In each case, roughly ten seconds of human time are being spent. Individually, that’s not a lot of time, but in aggregate these little puzzles consume more than 150,000 hours of work each day. What if we could make positive use of this human effort? reCAPTCHA does exactly that by channeling the effort spent solving CAPTCHAs online into “reading” books.
To archive human knowledge and to make information more accessible to the world, multiple projects are currently digitizing physical books that were written before the computer age. The book pages are being photographically scanned, and then transformed into text using “Optical Character Recognition” (OCR). The transformation into text is useful because scanning a book produces images, which are difficult to store on small devices, expensive to download, and cannot be searched. The problem is that OCR is not perfect.
reCAPTCHA has the highest security standards. Many other implementations of CAPTCHAs use undistorted text, or text with only minor distortions. These implementations are vulnerable to simple automated attacks. Others, such as MAPTCHA, consist of asking text-based arithmetic questions like “what is 1+1″. These can be trivially broken by an attacker.
To protect your site, reCAPTCHA uses two layers of security when generating images. It starts with images that can’t be read by computers, and then distorts them even more:
reCAPTCHA is a Web service. That means that all the images are generated and graded by our servers. In addition to the convenience that this provides (you don’t have to run costly image generation scripts on your own servers), this also provides an extra level of protection: our CAPTCHAs can be automatically updated whenever a security vulnerability is found. For example, if somebody writes a program that can read our distorted images, we can add more distortions in very little time, and without Web masters having to change anything on their side. This is significantly more secure (and convenient) than having to re-install a CAPTCHA every time a vulnerability is found.
IP Address Detection
Our service also includes IP address filtering and detection. If we determine that a given IP address is successfully solving too many CAPTCHAs in a certain period of time, the address is immediately flagged for review. In addition, by providing CAPTCHA services to many customers we obtain a global view of spamming attacks, allowing us to react quickly to security threats.