DOCSLIB.ORG

Re: Captchas – Understanding CAPTCHA-Solving Services in an Economic Context

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Re: Captchas – Understanding CAPTCHA-Solving Services in an Economic Context Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker and Stefan Savage University of California, San Diego fmmotoyam, klevchen, ckanich, dlmccoy, voelker, [email protected] Abstract alphanumeric characters that are distorted in such a way that available computer vision algorithms have difficulty Reverse Turing tests, or CAPTCHAs, have become an segmenting and recognizing the text. At the same time, ubiquitous defense used to protect open Web resources humans, with some effort, have the ability to decipher from being exploited at scale. An effective CAPTCHA the text and thus respond to the challenge correctly. To- resists existing mechanistic software solving, yet can day, CAPTCHAs of various kinds are ubiquitously de- be solved with high probability by a human being. In ployed for guarding account registration, comment post- response, a robust solving ecosystem has emerged, re- ing, and so on. selling both automated solving technology and real- This innovation has, in turn, attached value to the time human labor to bypass these protections. Thus, problem of solving CAPTCHAs and created an indus- CAPTCHAs can increasingly be understood and evaluated trial market. Such commercial CAPTCHA solving comes in purely economic terms; the market price of a solution in two varieties: automated solving and human labor. vs the monetizable value of the asset being protected. We The first approach defines a technical arms race between examine the market-side of this question in depth, ana- those developing solving algorithms and those who de- lyzing the behavior and dynamics of CAPTCHA-solving velop ever more obfuscated CAPTCHA challenges in re- service providers, their price performance, and the un- sponse. However, unlike similar arms races that revolve derlying labor markets driving this economy. around spam or malware, we will argue that the underly- ing cost structure favors the defender, and consequently, 1 Introduction the conscientious defender has largely won the war. The second approach has been transformative, since Questions of Internet security frequently reflect under- the use of human labor to solve CAPTCHAs effectively lying economic forces that create both opportunities and side-steps their design point. Moreover, the combination incentives for exploitation. For example, much of today’s of cheap Internet access and the commodity nature of Internet economy revolves around advertising revenue, today’s CAPTCHAs has globalized the solving market; and consequently, a vast array of services—including e- in fact, wholesale cost has dropped rapidly as providers mail, social networking, blogging—are now available to have recruited workers from the lowest cost labor mar- new users on a basis that is both free and largely anony- kets. Today, there are many service providers that can mous. The implicit compact underlying this model is that solve large numbers of CAPTCHAs via on-demand ser- the users of these services are individuals and thus are vices with retail prices as low as $1 per thousand. effectively “paying” for services indirectly through their In either case, we argue that the security of CAPTCHAs unique exposure to ad content. Unsurprisingly, attack- can now be considered in an economic light. This prop- ers have sought to exploit this same freedom and acquire erty pits the underlying cost of CAPTCHA solving, ei- large numbers of resources under singular control, which ther in amortized development time for software solvers can in turn be monetized (e.g., via thousands of free Web or piece-meal in the global labor market, against the mail accounts for sourcing spam e-mail messages). value of the asset it protects. While the very existence of CAPTCHAs were developed as a means to limit the CAPTCHA-solving services tells us that the value of the ability of attackers to scale their activities using auto- associated assets (e.g., an e-mail account) is worth more mated means. In its most common implementation, a to some attackers than the cost of solving the CAPTCHA, CAPTCHA consists of a visual challenge in the form of the overall shape of the market is poorly understood. Ab- (a) Aol. (b) mail.ru (c) phpBB 3.0 (d) Simple Machines Forum (e) Yahoo! (f) youku Figure 1: Examples of CAPTCHAs from various Internet properties. sent this understanding, it is difficult to reason about the data collection approach and then presenting our experi- security value that CAPTCHAs offer us. ments to measure key qualities such as response time, ac- This paper investigates this issue in depth and, where curacy, and capacity. Section6 describes the demograph- possible, on a empirical basis. We document the commer- ics of the CAPTCHA-solving labor pool. Finally, we dis- cial evolution of automated solving tools (particularly via cuss the implications of our results in Section7 along the successful Xrumer forum spamming package) and with potential directions for future research. how they have been largely eclipsed by the emergence of the human-based CAPTCHA-solving market. To char- 2 Background acterize this latter development, our approach is to en- gage the retail CAPTCHA-solving market on both the sup- The term “CAPTCHA” was first introduced in 2000 by ply side and the demand side, as both a client and as von Ahn et al. [21], describing a test that can differentiate “workers for hire.” In addition to these empirical mea- humans from computers. Under common definitions [4], surements, we also interviewed the owner and operator the test must be: of a successful CAPTCHA-solving service (MR. E), who has provided us both validation and insight into the less • Easily solved by humans, visible aspects of the underlying business processes.1 In • Easily generated and evaluated, but the course of our analysis, we attempt to address key • Not easily solved by computer. questions such as which CAPTCHAs are most heavily tar- geted, the rough solving capacity of the market leaders, Over the past decade, a number of different techniques the relationship of service quality to price, the impact for generating CAPTCHAs have been developed, each of market transparency and arbitrage, the demographics satisfying the properties described above to varying de- of the underlying workforce and the adaptability of ser- grees. The most commonly found CAPTCHAs are visual challenges that require the user to identify alphanumeric vice offerings to changes in CAPTCHA content. We be- characters present in an image obfuscated by some com- lieve our findings, or at least our methodology, provide 2 a context for reasoning about the net value provided by bination of noise and distortion. Figure1 shows ex- amples of such visual CAPTCHAs. The basic challenge CAPTCHAs under existing threats and offer some direc- tions for future development. in designing these obfuscations is to make them easy The remainder of this paper is organized as fol- enough that users are not dissuaded from attempting a so- lution, yet still too difficult to solve using available com- lows: Section2 reviews CAPTCHA design and provides puter vision algorithms. a qualitative history and overview of the CAPTCHA- solving ecosystem. Next, in Section3 we empirically The issue of usability has been studied on a functional characterize two automated solver systems, the popular level—focusing on differences in expected accuracy and Xrumer package and a specialized reCaptcha solver. In response time [3, 19, 22, 26]—but the ultimate effect of Sections4 and5 we then characterize today’s human- CAPTCHA difficulty on legitimate goal-oriented users is not well documented in the literature. That said, Elson et powered CAPTCHA-solving services, first describing our al. provide anecdotal evidence that “even relatively sim- ple challenges can drive away a substantial number of po- 1By agreement, we do not identify MR. E or the particular service he runs. While we cannot validate all of his statements, when we tested 2There exists a range of non-textual and even non-visual CAPTCHAs his service empirically our results for measures such as response time, that have been created but, excepting Microsoft’s Asirra [9], we do not accuracy, capacity and labor makeup were consistent with his reports, consider them here as they play a small role in the current CAPTCHA- supporting his veracity. solving ecosystem. 2 tential customers” [9], suggesting CAPTCHA design re- Xrumer flects a real trade-off between protection and usability. The second challenge, defeating automation, has re- Xrumer [24] is a well-known forum spamming tool, ceived far more attention and has kicked off a competi- widely described on “blackhat” SEO forums as being one tion of sorts between those building ever more sophisti- of the most advanced tools for bypassing many differ- ent anti-spam mechanisms, including CAPTCHAs. It has cated algorithms for breaking CAPTCHAs and those cre- been commercially available since 2006 and currently re- ating new, more obfuscated CAPTCHAs in response [7, 11, 16, 17, 18, 25]. In the next section we examine this tails for $540, and we purchased a copy from the au- issue in more depth and explain why, for economic rea- thor at this price for experimentation. While we would sons, automated solving has been relegated to a niche have liked to include several other well known spamming status in the open market. tools (SEnuke, AutoPligg, ScrapeBox, etc), the cost of these packages range from $97 to $297, which would Finally, an alternative regime for solving CAPTCHAs is to outsource the problem to human workers. Indeed, render this study prohibitively expensive. this labor-based approach has been commoditized and Xrumer’s market success in turn led to a surge of today a broad range of providers operate to buy and sell spam postings causing most service providers targeted by Xrumer to update their CAPTCHAs. This development CAPTCHA-solving service in bulk. We are by no means the first to identify the growth of this activity.
Load more

Recommended publications
  • Recaptcha: Human-Based Character Recognition Via Web Security
    REPORTS on September 12, 2008 and blogs. For example, CAPTCHAs prevent www.sciencemag.org reCAPTCHA: Human-Based Character ticket scalpers from using computer programs to buy large numbers of concert tickets, only to re Recognition via Web Security Measures sell them at an inflated price. Sites such as Gmail and Yahoo Mail use CAPTCHAs to stop spam Luis von Ahn,* Benjamin Maurer, Colin McMillen, David Abraham, Manuel Blum mers from obtaining millions of free e mail accounts, which they would use to send spam CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are e mail. Downloaded from widespread security measures on the World Wide Web that prevent automated programs from According to our estimates, humans around abusing online services. They do so by asking humans to perform a task that computers cannot yet the world type more than 100 million CAPTCHAs perform, such as deciphering distorted characters. Our research explored whether such human every day (see supporting online text), in each case effort can be channeled into a useful purpose: helping to digitize old printed material by asking spending a few seconds typing the distorted char users to decipher scanned words from books that computerized optical character recognition failed acters. In aggregate, this amounts to hundreds of to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, thousands of human hours per day. We report on matching the guarantee of professional human transcribers. Our apparatus is deployed in more an experiment that attempts to make positive use than 40,000 Web sites and has transcribed over 440 million words.
    [Show full text]
  • Symantec Report on Rogue Security Software July 08 – June 09
    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
    [Show full text]
  • I Am Not a Robot: an Overview on Google's Captcha
    I AM NOT A ROBOT: - AN OVERVIEW ON GOOGLE’S CAPTCHA A Thesis Presented to the Faculty of California State Polytechnic University, Pomona In Partial Fulfillment Of the Requirements for the Degree Master of Science In Computer Science By Uday Prabhala 2016 SIGNATURE PAGE THESIS: I AM NOT A ROBOT: - AN OVERVIEW ON GOOGLE’S CAPTCHA AUTHOR: Uday Prabhala DATE SUBMITTED: Summer 2016 Computer Science Department. Dr. Gilbert Young ___________________________________________ Thesis Committee Chair Computer Science Dr. Fang D. Tang ___________________________________________ Computer Science Dr. Yu Sun ___________________________________________ Computer Science ii ACKNOWLEDGEMENTS I would like to express my deepest gratitude to my family members, Yashoda, Lucky, and Diskey, as well as my girlfriend Siri, who helped make this endeavor possible. Their limitless support, assistance, and encouragement during the times when I was close to giving up were greatly helpful, and I wouldn’t have been able to overcome the obstacles without them. I would also like to send my appreciation and gratitude to the Professors who were part of my thesis committee. Most notably, I would like to thank Professor Gilbert Young, chair of the committee, for his support, patience, guidance, and sharing of knowledge throughout the program. I would also like to thank Professor Tang and Professor Yusun for reviewing my paper and attending my presentation. The above three Professors not only helped me to complete my program, but also served as an excellent example by exercising professionalism, versatility, and commitment to the developing engineering students at California State Polytechnic University, Pomona. iii ABSTRACT I am not a Robot Overview on Google’s Captcha Uday Kiran Prabhala Computers are one of the greatest inventions done by humans; these devices not only made our work easy, but could also be misused in various ways.
    [Show full text]
  • Received Citations As a Main SEO Factor of Google Scholar Results Ranking
    RECEIVED CITATIONS AS A MAIN SEO FACTOR OF GOOGLE SCHOLAR RESULTS RANKING Las citas recibidas como principal factor de posicionamiento SEO en la ordenación de resultados de Google Scholar Cristòfol Rovira, Frederic Guerrero-Solé and Lluís Codina Nota: Este artículo se puede leer en español en: http://www.elprofesionaldelainformacion.com/contenidos/2018/may/09_esp.pdf Cristòfol Rovira, associate professor at Pompeu Fabra University (UPF), teaches in the Depart- ments of Journalism and Advertising. He is director of the master’s degree in Digital Documenta- tion (UPF) and the master’s degree in Search Engines (UPF). He has a degree in Educational Scien- ces, as well as in Library and Information Science. He is an engineer in Computer Science and has a master’s degree in Free Software. He is conducting research in web positioning (SEO), usability, search engine marketing and conceptual maps with eyetracking techniques. https://orcid.org/0000-0002-6463-3216 [email protected] Frederic Guerrero-Solé has a bachelor’s in Physics from the University of Barcelona (UB) and a PhD in Public Communication obtained at Universitat Pompeu Fabra (UPF). He has been teaching at the Faculty of Communication at the UPF since 2008, where he is a lecturer in Sociology of Communi- cation. He is a member of the research group Audiovisual Communication Research Unit (Unica). https://orcid.org/0000-0001-8145-8707 [email protected] Lluís Codina is an associate professor in the Department of Communication at the School of Com- munication, Universitat Pompeu Fabra (UPF), Barcelona, Spain, where he has taught information science courses in the areas of Journalism and Media Studies for more than 25 years.
    [Show full text]
  • Modern Password Security for System Designers What to Consider When Building a Password-Based Authentication System
    Modern password security for system designers What to consider when building a password-based authentication system By Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects This whitepaper describes and models modern password guidance and recommendations for the designers and engineers who create secure online applications. A related whitepaper, Password security ​ for users, offers guidance for end users. This whitepaper covers the wide range of options to consider ​ when building a password-based authentication system. It also establishes a set of user-focused recommendations for password policies and storage, including the balance of password strength and usability. The technology world has been trying to improve on the password since the early days of computing. Shared-knowledge authentication is problematic because information can fall into the wrong hands or be forgotten. The problem is magnified by systems that don't support real-world secure use cases and by the frequent decision of users to take shortcuts. According to a 2019 Yubico/Ponemon study, 69 percent of respondents admit to sharing passwords with ​ ​ their colleagues to access accounts. More than half of respondents (51 percent) reuse an average of five passwords across their business and personal accounts. Furthermore, two-factor authentication is not widely used, even though it adds protection beyond a username and password. Of the respondents, 67 percent don’t use any form of two-factor authentication in their personal life, and 55 percent don’t use it at work. Password systems often allow, or even encourage, users to use insecure passwords. Systems that allow only single-factor credentials and that implement ineffective security policies add to the problem.
    [Show full text]
  • Xrumer Manual
    XRumer manual © Botmaster Labs, 2006 - 2010 2 XRumer manual Table of Contents Foreword 0 Part I Introduction 6 1 About XRumer................................................................................................................................... 6 2 How to start ................................................................................................................................... 7 3 Interface ................................................................................................................................... 7 4 Interface sleep................................................................................................................................... mode 11 5 Files structure................................................................................................................................... 12 6 Tools ................................................................................................................................... 12 7 Traffic saving................................................................................................................................... algorithm 19 Part II Program settings 21 1 Proxy checking................................................................................................................................... settings 21 2 Speed & success................................................................................................................................... rate 23 3 AntiSpam system..................................................................................................................................
    [Show full text]
  • 'Order Denying the Motion to Dismiss As to the Merits Of
    Case 5:15-cv-04062-LHK Document 49 Filed 08/12/16 Page 1 of 38 1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 NORTHERN DISTRICT OF CALIFORNIA 10 SAN JOSE DIVISION 11 12 DANIEL MATERA, Case No. 15-CV-04062-LHK 13 Plaintiff, ORDER DENYING MOTION TO DISMISS AS TO THE MERITS OF 14 v. PLAINTIFF’S CLAIMS 15 GOOGLE INC., Re: Dkt. No. 20 16 Defendant. 17 United States District Court District United States Northern District of California District Northern 18 Plaintiff Daniel Matera (“Plaintiff”), individually and on behalf of those similarly situated, 19 alleges that Defendant Google Inc. (“Google”) violated federal and state wiretapping laws in its 20 operation of Gmail, an email service. ECF No. 1 (“Compl.”).1 Before the Court is Google’s 21 motion to dismiss for failure to state a claim. ECF No. 20. Having considered the parties’ 22 submissions, the relevant law, and the record in this case, the Court DENIES Google’s motion to 23 dismiss as to the merits of Plaintiff’s claims. The Court will issue a separate order on standing 24 issues. 25 26 1 27 Unless otherwise noted, all ECF references are to the docket of 15-CV-04062 in the Northern District of California. 28 1 Case No. 15-CV-04062-LHK ORDER DENYING MOTION TO DISMISS AS TO THE MERITS OF PLAINTIFF’S CLAIMS Case 5:15-cv-04062-LHK Document 49 Filed 08/12/16 Page 2 of 38 I. BACKGROUND 1 A. Factual Background 2 1. In re Google Inc.
    [Show full text]
  • Check Point Threat Intelligence Bulletin
    December 31, 2018 – January 6, 2019 VS. CISCO IRON PORT YOUR CHECK POINT THREAT INTELLIGENCE REPORT TOP ATTACKS AND BREACHES Highly-sensitive personal data of more than 100 German politicians, including German Chancellor Angela Merkel, has been leaked in a recent attack. While the identity of the attackers and the method used are still unknown, the leaked data appears to have been collected from their personal smartphones. The popular browser-based game ‘Town of Salem’ has suffered a major data breach, exposing account data of more than 7.6 million players. The breached database contained players’ email addresses, hashed passwords, IP addresses and some payment information. The Ryuk ransomware has hit the cloud hosting provider “Dataresolution.net”, after the attackers used a hacked login account. The Ryuk campaign was studied last August by Check Point’s research team, who associated it with the notorious North Korean APT Lazarus Group. Check Point SandBlast and Anti-Bot blades provide protection against this threat (Trojan-Ransom.Win32.Ryuk) A new campaign targeting Chromecast adapters has been launched in order to promote the popular YouTube channel “PewDiePie”. The hackers utilized the Universal Plug and Play (UPnP) feature in Chromecasts that allows routers to forward public Internet ports to internal adapters and used it to connect to the device and display YouTube content. A data leak has affected over 2.4 million users of Blur, the password manager application. The leak potentially exposed users’ email addresses, password hashes, IP addresses and, in some cases, full names and password hints. The official website of Dublin’s tram system, the Luas, has been hacked and defaced.
    [Show full text]
  • Dspin: Detecting Automatically Spun Content on the Web
    DSpin: Detecting Automatically Spun Content on the Web Qing Zhang David Y. Wang Geoffrey M. Voelker University of California, San Diego University of California, San Diego University of California, San Diego [email protected] [email protected] [email protected] Abstract—Web spam is an abusive search engine optimization promoted. The belief is that these “backlinks”, as well as technique that artificially boosts the search result rank of pages keywords, will increase the page rank of the promoted sites promoted in the spam content. A popular form of Web spam in Web search results, and consequently attract more traffic to today relies upon automated spinning to avoid duplicate detection. the promoted sites. Search engines seek to identify duplicate Spinning replaces words or phrases in an input article to pages with artificial backlinks to penalize them in the page create new versions with vaguely similar meaning but sufficiently rank calculation, but spinning evades detection by producing different appearance to avoid plagiarism detectors. With just a few clicks, spammers can use automated tools to spin a selected artificial content that masquerades as original. article thousands of times and then use posting services via There are two ways content can be spun. The first is to proxies to spam the spun content on hundreds of target sites. employ humans to spin the content, as exemplified by the The goal of this paper is to develop effective techniques to detect automatically spun content on the Web. Our approach is directly many spinning jobs listed on pay-for-hire Web sites such as tied to the underlying mechanism used by automated spinning Fiverr and Freelancer [26].
    [Show full text]
  • Analysis of the Youtube Channel Recommendation Network
    CS 224W Project Milestone Analysis of the YouTube Channel Recommendation Network Ian Torres [itorres] Jacob Conrad Trinidad [j3nidad] December 8th, 2015 I. Introduction With over a billion users, YouTube is one of the largest online communities on the world wide web. For a user to upload a video on YouTube, they can create a channel. These channels serve as the home page for that account, displaying the account's name, description, and public videos that have been up- loaded to YouTube. In addition to this content, channels can recommend other channels. This can be done in two ways: the user can choose to feature a channel or YouTube can recommend a channel whose content is similar to the current channel. YouTube features both of these types of recommendations in separate sidebars on the user's channel. We are interested analyzing in the structure of this potential network. We have crawled the YouTube site and obtained a dataset totaling 228575 distinct user channels, 400249 user recommendations, and 400249 YouTube recommendations. In this paper, we present a systematic and in-depth analysis on the structure of this network. With this data, we have created detailed visualizations, analyzed different centrality measures on the network, compared their community structures, and performed motif analysis. II. Literature Review As YouTube has been rising in popularity since its creation in 2005, there has been research on the topic of YouTube and discovering the structure behind its network. Thus, there exists much research analyzing YouTube as a social network. Cheng looks at videos as nodes and recommendations to other videos as links [1].
    [Show full text]
  • Russian Underground 101
    Trend Micro Incorporated Research Paper 2012 Russian Underground 101 Max Goncharov Contents Introduction ........................................................................................................................................... 1 File Encryption and Crypting Services ............................................................................................ 1 Crypter Prices ............................................................................................................................... 2 Dedicated Servers................................................................................................................................ 3 Dedicated Server Prices ............................................................................................................. 3 Proxy Servers ....................................................................................................................................... 3 SOCKS Bots ...........................................................................................................................................4 VPN Services ........................................................................................................................................5 VPN Service Prices ......................................................................................................................5 Pay-per-Install Services ......................................................................................................................6 Pay-per-Install
    [Show full text]
  • An Object Detection Based Solver for Google's Image Recaptcha V2
    An Object Detection based Solver for Google’s Image reCAPTCHA v2 Md Imran Hossen∗ Yazhou Tu∗ Md Fazle Rabby∗ Md Nazmul Islam∗ Hui Cao† Xiali Hei∗ ∗University of Louisiana at Lafayette †Xi’an Jiaotong University Abstract have emerged as a superior alternative to text ones as they are considered more robust to automated attacks. Previous work showed that reCAPTCHA v2’s image chal- lenges could be solved by automated programs armed with reCAPTCHA v2, a dominant image CAPTCHA service Deep Neural Network (DNN) image classifiers and vision released by Google in 2014, asks users to perform an im- APIs provided by off-the-shelf image recognition services. age recognition task to verify that they are humans and not In response to emerging threats, Google has made signifi- bots. However, in recent years, deep learning (DL) algorithms cant updates to its image reCAPTCHA v2 challenges that have achieved impressive successes in several complex image can render the prior approaches ineffective to a great extent. recognition tasks, often matching or even outperforming the In this paper, we investigate the robustness of the latest ver- cognitive ability of humans [30]. Consequently, successful sion of reCAPTCHA v2 against advanced object detection attacks against reCAPTCHA v2 that leverage Deep Neural based solvers. We propose a fully automated object detection Network (DNN) image classifier and off-the-shelf (OTS) im- based system that breaks the most advanced challenges of age recognition services have been proposed [44, 50]. reCAPTCHA v2 with an online success rate of 83.25%, the The prior work advanced our understanding of the security highest success rate to date, and it takes only 19.93 seconds issues of image CAPTCHAs and led to better CAPTCHA (including network delays) on average to crack a challenge.
    [Show full text]