UC Irvine

Currently, Turing tests (notably in the form of CAPTCHAs) are used as a claimed barrieragainst bots on the Internet. During the last 20+ years, both CAPTCHAs and attacks against them have evolved in sophistication, in the course of a seemingly endless “arms race”. Many problems that were considered as being hard for AI are now trivial to solve automatically, such as OCR and image labeling. Consequently, most types of modern CAPTCHAs have become ineffective. This prompts a natural question: Is it possible to remotely determine whether an interaction is performed by a human or a computer?

In this dissertation, we conduct three large-scale user studies of modern CAPTCHAs. Thefirst investigates comparative performance of ten popular CAPTCHA types with 1,400 MTurk participants. The second study is a long-term (over a year long) experiment with Google’s reCAPTCHAv2 deployed in a real-world scenario with over 3,600 live and unaware participants. Finally, the third study – with over 1,400 participants – focuses on CAPTCHA-induced activity abandonment. Results from the three studies show that CAPTCHAS:

• are solved slower by humans than bots on average.• have consumed billions of hours of human time. • are generally disliked and cause users to quit. • should be deprecated.