A Paradigm Shift for the CAPTCHA Race: Adding Uncertainty to the Process

CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) challenges are often correctly solved by software but have increasingly become too difficult for humans to pass. If the correct response to a challenge remains the same, robots can gather invaluable information from accidental successes and will easily defeat future challenges through heuristic learning. Introducing uncertainty to the challenges will fundamentally change the rules of image-based CAPTCHA systems. This new approach temporarily excludes some images from a challenge's results, assigning them a neutral role. However, future challenges might include these images. So, successful responses might differ between challenges even though the challenges use the same images, thereby eliminating the threat of heuristic attacks. To further reduce the chance of robots accidently passing a challenge, this approach analyzes the decisions made on neutral images. If the outcome would have been different had the challenge results included the neutral images, those images are added to a 'trap'' database and included in future challenges. In experiments, this approach almost always defeated powerful robots (for example, robots using heuristic learning or a search engine), but humans could still easily pass the challenges.