Monday, June 2, 2014

Man vs. Machine: The Importance of Captcha Security

As a music fanatic, I have been aware of both Captcha software and the existence of "bots" for several years now.  I can still remember the "scandal" that occurred in 2008 when Avril Lavigne used bots to force the video for her new single at the time, "Girlfriend", to become the most viewed Youtube video of all time.  To understand both my confusion and disgust, let's revisit this cinematic gem:

I'm confused...is she saying she doesn't like her music either?  

I'll forgive those of you out there that didn't make it passed the first thirty seconds.  Not only is the song itself a rip off of several other far better songs, but the video seems to glorify bullying. It's trite garbage and for a brief moment after discovering that it had gone on to break some insane record (it still currently stands with a staggering 238 million + views to date), I completely lost faith in the youth of America.  

To be fair, the video and the song are not targeted at me, but it also appears to use a fairly common formula. Over-produced "punk" guitar-riff and lyrics that are meant to pander to over-emotional teenage girls.  I'll stop myself there, because this post is not about the death of mainstream music, but rather the deceitful and conniving lengths that artists and labels will go to convince our culture that something is more popular than it truly is.  

Last year, Youtube docked large labels like RCA, Sony, & RCA over 2 billion views that were falsely generated using bots.

"Using multiple proxy servers, anyone in the world can pump up their videos with hundreds of thousands plays, and is just as easy and lucrative as buying Facebook likes and Instagram followers." (Via.

What's even more mind-blowing about this is the fact that the majority of these "artists" are just terrible.  Among the names are such radio staples as Justin Bieber, Chris Brown, Rihanna, and of course Avril Lavigne.  The point is that honest artists are being left behind by big name labels with fat check books and the consumers are paying the price.  

Let me propose a situation for a minute.  A song comes on the radio, you don't care for it so you change the station.  A few minutes later, the other station begins playing the same song.  Irritated, you move on to a third station, and wouldn't you know it?  The song comes on again!  Are you losing your mind?  Is this some sort of conspiracy.  Absolutely not.  The large labels are paying the radio stations to play this and many other terrible songs to convince you that they have value.  And scientifically speaking, after a certain number of plays (depending on how bad the song is), there is a strong likelihood that the song will cease to annoy you.  In fact, you might even begin to enjoy it.  And when it's playing everywhere, it becomes inescapable and will most certainly get stuck in your head whether you like it or not.  

So let's get back to the issue at hand, because we don't have the power to destroy the radio business model, but we can battle these "bots" that are doing quite a bit of damage themselves, or can we?  It is a constant battle to stay ahead.  A few years ago, some Stanford researches discovered that the Captcha software being used by big firms such as eBay, Blizzard Entertainment, and Visa.net, were at risk of being easily decoded.  Of course, these firms took action to increase security (they no doubt have a team working around the clock to detect bugs), but the point is that there are an entire army of hackers out there looking to determine where these systems are vulnerable and defraud their user bases, send out spam, falsely increase user bases, and even steal valuable information.  

Captcha examples

By definition, Captchas are tested to ensure that users are humans and not robots.  Being aware of this software as a consumer or business professional is critical in generating accurate statistics.  It's scary to think that you could be outbid by a robot on eBay or that, even though you sat in front of the computer for 2 hours to get tickets to Bruce Springsteen, you lost out because some jerks had hundreds of different bots running to snatch them up for resale.  But these are the facts.  The biggest takeaway here is to question the systems that are in place, constantly test them for accuracy, and most importantly, venture outside of the norm.  Just because you're being told something is popular, doesn't necessarily mean it is.