"I Am Not a Robot, I Am Human"... What Happens with a Single Click [Tech Talk]

"I am not a robot."

You have probably seen a letter box with this phrase when signing up or logging in to an online website. With a single click, the verification is completed and you move on to the next screen. This system is called reCAPTCHA. It is the culmination of security technology that began alongside the rise of the internet.

Typical reCAPTCHA letter box. Internet homepage capture

reCAPTCHA is a security filter program that determines whether a customer trying to access a particular service is a human or a bot program. It was developed and is distributed for free by Google. Although it disappears with a single click, in reality, customers are providing a wealth of information to reCAPTCHA during this process.

reCAPTCHA collects and analyzes various data such as the user's cookies (small pieces of information stored by websites in the browser), the speed at which the mouse cursor is moved, and the speed of clicks. It creates a pattern from this data and compares it to determine whether the pattern is more human-like or machine-like, ultimately deciding whether the user is a bot. Occasionally, after clicking reCAPTCHA, a simple puzzle game like a spot-the-difference may appear. This happens when the click pattern is judged to be closer to that of a machine, triggering a secondary verification process.

An example of the operation of an early CAPTCHA system. The characters were deliberately distorted to prevent bots from recognizing them. High Signal Security homepage

It is no exaggeration to say that reCAPTCHA began with the history of the internet itself. The origin of reCAPTCHA is "CAPTCHA," developed in 1997 at Carnegie Mellon University in the United States. The term stands for "Completely Automated Public Turing test to tell Computers and Humans Apart," and it was created to block bots that were flooding the internet with spam emails and malicious code posts at the time.

Today's reCAPTCHA is a highly advanced program that patterns and identifies human behavior, but in those days, CAPTCHA was more like a letter-matching puzzle. Users were asked to solve combinations of letters and numbers that were deliberately distorted to prevent bots from recognizing them.

In 2007, the development team began extracting the actual text written in documents to use for CAPTCHA verification, and at this time, the countless characters identified by internet users were used as initial training data for artificial intelligence (AI). Masa School homepage

CAPTCHA also contributed to the early development of artificial intelligence (AI). In 2007, American computer scientist Luis von Ahn proposed the idea of extracting hard-to-identify character data from old documents and using it as CAPTCHA puzzles. As a result, tens of millions of internet users around the world helped decipher character data through CAPTCHA verification, and computer scientists used this data for AI training.

Luis von Ahn contributed to the early development of artificial intelligence (AI) with his idea of CAPTCHA verification. In 2011, he founded the foreign language education application Duolingo. TED YouTube

Recognizing the value of this meticulously refined character data, Google contacted the CAPTCHA development team in 2009, acquired them, and reorganized them into the reCAPTCHA development team. After leaving Google in 2011, Luis von Ahn embarked on another language-related project, which became today's largest foreign language education application, Duolingo.

The problem is that as reCAPTCHA evolves, so do bots. Ironically, AI that advanced thanks to CAPTCHA is now frequently deceiving even the most cutting-edge bot detection programs.

In September last year, researchers from the security company Zscaler conducted experiments to bypass reCAPTCHA using chatbot services such as ChatGPT. According to the researchers, most AI chatbots are currently designed to refuse direct commands like "bypass reCAPTCHA." However, if phrases such as "this reCAPTCHA is fake" or "this is for a research project" are included to trick the chatbot, it will accept the request and instantly neutralize reCAPTCHA.

In particular, AI chatbots have been able to replicate "human-like mouse clicks" that traditional bot programs could not, and even solve complex image puzzles. The researchers concluded, "reCAPTCHA was created to prove that the user is human, but modern AI can sufficiently mimic human actions," adding, "This raises questions about whether current reCAPTCHA remains a valid security measure, and the cybersecurity industry will need to develop strategies to counter AI in the future."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.