CAPTCHA, or those boxes of distorted text that appear on many websites before you perform key functions like commenting or editing wikis, may be annoying for users to deal with, but they’re a partial shield against a web dominated by spam. As their full name — “Completely Automated Public Turing test to tell Computers and Humans Apart” — implies, they’re still pretty good at evading solution by bots. Here’s the problem: Humans can still solve them for nefarious ends, and many spammers have discovered that there’s a labor market of people who are willing to do so for dirt cheap.
According to a study (PDF link) recently conducted by UC San Diego researchers, spammers employ many hundreds of people, mostly overseas, to solve CAPTCHAs at the rate of about one dollar per thousand solutions. It takes the average person 14 seconds to solve a CAPTCHA, and the human error rate is ten percent. There are 3600 seconds in an hour, which means roughly 231 solutions per hour per person [(3600/14)(.9)], which means that the foot soldiers of the CAPTCHA-solving army get paid less than 25 cents an hour.
What happens from there? Technology Review breaks it down:
The inventors of CAPTCHAS probably didn’t anticipate this: Hundreds, possibly thousands of laborers working for less than $50 a month to solve an endless stream of CAPTCHAS delivered to them by automated middlemen who sell the results to spammers in real time, so that their spam bots can use those solutions to post to forums and blogs as well as set up fraudulent email accounts…
…For sophisticated spammers, CAPTCHAS aren’t so much a barrier as a cost of doing business.
This doesn’t make CAPTCHA worthless: Adding frictional costs to the spam biz is better than nothing. But it’s yet more proof that when it comes to gaming the system for personal profit and harm and inconvenience to others, you should never underestimate human ingenuity.
Have a tip we should know? [email protected]