“nCaptcha” is Learn Near Club’s latest product, providing a web3 version of the classic CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). In this blog, we will first learn how the traditional CAPTCHA works and then see how nCaptcha flips it on its head.
You must have come across the image above during your surfing sessions. CAPTCHA was built as a security measure to help protect users from spam and password decryption.
Funnily enough, the history of CAPTCHA is tied to hackers, the very group it aims to stave off today. In the late 1980s and early 1990s, early internet forum users inadvertently laid the foundation for CAPTCHAs. Realizing that moderator programs monitored certain sensitive keywords, they devised a method to circumvent this scrutiny. These users replaced specific letters in sensitive keywords with numbers or symbols, effectively tricking the bots. This strategy eventually evolved into a form of jargon known as leetspeak.
However, the real turning point for CAPTCHAs came in the late 1990s when computer scientists noted the potential of these text distortions in thwarting scammer algorithms. The concept took a more formal shape when two separate teams – one from Carnegie Mellon University and another from cybersecurity company Sanctum – developed methods to impede bots using distorted text in 1997. This marked the dawn of the modern CAPTCHA, a key security tool that helps prevent data theft by providing a barrier to automated programs while allowing human users to pass through.
The system accomplishes this by requiring users to pass a straightforward test, verifying that they are humans, not computers attempting to breach a password-secured account. This test consists of two parts:
- A randomly generated, distorted sequence of characters in image form.
- A text input box.
Users must identify and reproduce the characters shown in the image to reproduce the characters in a text box. This requires a certain level of cognitive ability that’s pretty straightforward for a human but exceedingly complex for bots. This is because we have the ability to interpret letters in different fonts and handwriting. Since bots are unable to do so, they fail the test and get blocked from interacting with the application or website.
Google implements CAPTCHA via its reCAPTCHA system. You might encounter these Google-powered CAPTCHA under the following circumstances:
- Registering for a new Google service (like Gmail, Blogger, or YouTube)
- Subscribing to any version of a Google Workspace Account
- Altering the password on an existing account
- Configuring Google services for a third-party device or application (such as iPhone, Outlook, ActiveSync, etc.)
Google uses CAPTCHA to safeguard user data and maintain its service integrity. Google isn’t the only web2 giant leveraging CAPTCHA. It is pretty much everywhere and extensively used.
There is no doubt that CAPTCHA has been a powerful security measure. However, their recent effectiveness and utility have been called into question.
What is the primary method used by nCaptcha to prevent spam?
The entire premise of CAPTCHAs is that a machine should not have the cognitive ability of a normal human to decipher these messages. CAPTCHAs rely on a partially behavioral-based approach. Besides assessing a user’s ability to solve the given puzzle, these tools also monitor actions like webpage navigation speed and mouse movement curvature. However, over the past decade, machine learning and artificial intelligence capabilities have evolved significantly, becoming more human-like and, in some cases, surpassing human abilities in solving complex puzzles. Machines, with their extensive memory and multi-tasking capabilities, can often breeze through single puzzles like CAPTCHAs.
Moreover, the emergence of CAPTCHA-solving farms – human-operated services that decode CAPTCHAs for bots – poses another challenge. Through these farms, bots can resolve CAPTCHAs within a matter of seconds, bypassing this layer of security with minimal expense and effort.
The most logical way to mitigate CAPTCHA-breaking is by increasing the complexity of the task itself. However, there is a problem here. When you increase the complexity of CAPTCHAs, you are making it difficult, or worse, annoying for humans to solve it as well. According to Sandy Carielli, a principal analyst for Forrester, CAPTCHAs can negatively impact the human experience. As per Carielli’s report, around 19% of US adults have deserted their online transactions over the last year due to complex CAPTCHAs.
Plus, here is the kicker. Complicating the CAPTCHA may not even work.
In 2014, Google pitted an algorithm against one of its most complicated CAPTCHAs. The algorithm successfully cracked the CAPTCHA, while only 33% of human users were able to solve it.
So, what’s the solution?
Tamer Hassan, co-founder and CEO of cybersecurity firm HUMAN Security, has this to say:
“We shouldn’t be testing our humans; we shouldn’t be treating our humans like they’re the fraudsters. We should be testing the bots in different ways, and so increasing friction on humans is not the way to go.”
Let’s turn to web3 to find a solution.
nCaptcha – Fighting Spam With web3
Learn Near Club’s nCaptcha is an innovative and efficient solution designed to combat website spam. Unlike traditional CAPTCHA systems, where you end up annoying your users with complicated texts and images, nCaptcha leverages the capabilities of web3 and blockchain technology for human authentication.
As a website owner, using nCaptcha is very straightforward. After integrating it into your website, your users do a microtransaction worth 0.01 NEAR. Half of it goes to nCaptcha, and the other half to you, the website owner.
nCaptcha deters spammers by using a combination of the following:
- Requiring mini-deposits for form submissions. This mini-deposit system works as a vetting mechanism that is both simple for genuine users and extremely effective in deterring spammers, who would need to make countless micro-transactions, thereby rendering spamming efforts inefficient and expensive.
- Establishing an on-chain, transparent, and immutable user reputation score.
Here are a few other things to keep in mind about nCaptcha:
- You need to have a NEAR account to use nCaptcha.
- It integrates seamlessly with WordPress, with a dedicated comments plugin, making it versatile and accessible to a wide range of web applications.
- It also has high compatibility with various web2 platforms, bridging the gap between conventional internet infrastructure and blockchain-based applications.
- Its decentralized backend makes it robust and resistant to attacks or disruptions common in centralized systems.
- It’s also available as an NPM package, mobile-ready, fully responsive, and doesn’t require any smart contracts, making it even more straightforward for developers to implement.
What major drawback of traditional CAPTCHAs does nCaptcha address?
Let’s see nCaptcha in action.
To use nCaptcha, you must first have a named Near wallet account like Satoshi.near or xyz.near. It shouldn’t just be your public address. Go to Lean Near and log in using your wallet. Now, go to the Contact Us page.
Scroll down to see the nCaptcha widget.
As you can see, instead of dealing with an annoying Captcha, you just need to verify using a microtransaction.
Click on “Verify with nCaptcha” to get redirected to the following:
Click on “Approve” and finish your verification.
Once verification is done, you may click on “Transaction” to get redirected to Near Explorer so we can see what’s going on behind the scenes.
The first half of the 0.01 verification transaction goes to the website (in this case Learn Near).
The second half goes to nCaptcha.
This way, we have a system that benefits everyone:
- User: No time wasted in looking through stupid images.
- The website owner: No user drop off from complicated images and earning NEAR from verification fees.
- nCaptcha: Earning verification fees.
This win-win-win philosophy is the very ethos of web3.
The effectiveness of nCaptcha lies in its simplicity and innovative use of web3 micro-transactions. CAPTCHAs have proven themselves to be increasingly complicated and ineffective. nCaptchas provide an elegant alternative.