CAPTCHA is Becoming Obsolete. What Will Take Its Place?

CAPTCHA window
Written by Wilbur Woodham

Everyone who uses the Internet knows what CAPTCHA is, even without knowing what exactly this abbreviation stands for. Actually, CAPTCHA means “Completely Automated Public Turing test to tell Computers and Humans Apart.” It comes as a little window you have to deal with before you’re allowed to proceed to the website. In that window, you prove that you are not a robot by performing a task simple for a human but impossible for bots… up until neural networks showed up.

CAPTCHA And Its Problems

CAPTCHA used to be an effective tool for filtering bots and avoiding automatized attacks, such as DDoS. However, hackers gradually overcome some of the procedures, leaving fewer of them unbeatable. It forces developers to make the puzzles more burdensome for users and more technically complex on the inside.

Neural Networks Beat CAPTCHA

But, as neural networks came about, it turned out that computers can pass the CAPTCHA sieve alright! Moreover, upon learning, a Google-developed neural network did it even better than an average human, reaching up to 99.8% accuracy. And that was so almost ten years ago already!


Different CAPTCHA puzzles as they are.

Click Farms Beat CAPTCHA

Alright, maybe it is not that easy to automatize neural network usage, or perhaps hackers can’t get easy access to it, you might presume. But when high-end tech is unavailable, people often achieve the same goal with the opposite approach. Thus, click farms are the alternative to high-end neural networks.

As stupid as it may be, they work, therefore they exist. Click farms are jobs where people are paid only for solving CAPTCHA puzzles. Special APIs have been developed that allow bots to send pictures that they get in the test to human solvers. As a result, solvers do not even know why they let bots into the site. It is clear that not for something good, though.

CAPTCHAs Are Getting Annoying

Since CAPTCHA technology is both beatable and soon to be obsolete, now it is allowed to talk about its negative influence on customer retention. CAPTCHA is a user experience disaster. It can turn off an impatient customer, let alone a person with a disability or who does not speak the language in which the CAPTCHA suggests entering the text from the picture.

To summarize, let’s list the problems of CAPTCHA:

  • Its puzzles are no longer a problem for powerful neural networks;
  • CAPTCHAs get beaten on an industrial scale by the bots’ human aides working as clickers;
  • CAPTCHAs are an annoying enemy of user experience;
  • Some CAPTCHA puzzles are hard to beat by people with disabilities and people who speak a different language.

Private Access Tokens Are a Good Replacement

The upcoming candidate to replace CAPTCHA is an invention supported by Apple. It is called Privacy Access Token (PAT.) and the browser extension called Privacy Pass (released in 2018.)

The point is that users can prove that they are human not to websites, stopping like on road checkpoints, but to the browsers. In addition, the browser has more time and better tools to verify the user’s natural behavior. But the main thing is that the user doesn’t need to spend time proving to robots that he or she is not a robot. The browser registers behavior automatically while the user surfs around. As soon as the user is verified as a human, the browser issues a cryptographic token that will be immediately produced at a CAPTCHA checkpoint with its subsequent instant passing.

What does it have to do with Apple? Apple has made Privacy Pass mainstream by including it in the upcoming iOS16 and macOS Ventura. Cloudflare, a CAPTCHA-employing anti-DDoS protection company, has already announced the acceptance of PATs.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Wilbur Woodham

I was a technical writer from early in my career, and consider IT Security one of my foundational skills. I’m sharing my experience here, and I hope you find it useful.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.