Google takes CAPTCHA security to the streets

An experiment with digital images from Street View aims to stymie CAPTCHA-resistant bots

In a move that could make CAPTCHA challenges a bit easier for humans and more difficult for bots, Google is experimenting with using street-number images from Street View to strengthen its reCAPTCHA authentication technology.

Traditionally, CAPTCHA technology works by challenging users with one or more sets of distorted text characters, which they must key in to access areas of website. With the reCAPTCHA experiment, Google presents users with one set of distorted text characters and one random digital picture of a street-address number extracted from Street View, the popular Google map technology that provides a 360-degree view of an area. A user on the BlackHat SEO Forum posted a collection of images of the experimental reCAPTCHA challenges.

Google taps Street View data to strengthen reCAPTCHA security

"We're currently running an experiment in which characters from Street View images are appearing in CAPTCHAs," Google said in a statement. "We often extract data such as street names and traffic signs from Street View imagery to improve Google Maps with useful information like business addresses and locations. Based on the data and results of these reCAPTCHA tests, we'll determine if using imagery might also be an effective way to further refine our tools for fighting machine and bot-related abuse online."

CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, has been proven increasingly easy to circumvent, giving spammers and hackers a means of carrying out their misdeeds. Organizations have tried employing video and audio to strengthen CAPTCHA, but those systems, too, have proven pregnable. A team of researchers last month, for example, devised a method to defeat NuCaptcha, a video-based antispam test.

A Google spokesperson told InfoWorld that the experiment is not indicative of current weaknesses with the company's reCAPTCHA technology. Notably, researchers from Stanford University late last year revealed they'd developed a tool capable of automatically deciphering CAPTCHAs on popular sites like Wikipedia, eBay, and CNN, but it couldn't get through Google's reCAPTCHA defenses. ReCAPTCHA was originally developed by Carnegie Mellon University; Google bought the technology in 2009.

The spokesperson said the experiment is not intended to turn users into data-entry workers by having them fill in gaps in Street View data, nor is it intended to help the company confirm its existing map data. Moreover, Google is not using images of street names or traffic signs for the experiment, just street addresses.

Google's experiment is reminiscent of Facebook's Social Authentication system, through which users who've lost access to Facebook must correctly identify various Friends in randomly selected photos. The user is told that he or she must get all the photo-based questions correct, though Facebook's security and privacy team leader Alex Rice admitted recently that one can get several answers wrong and still pass.

This story, "Google takes CAPTCHA security to the streets," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2012 IDG Communications, Inc.