How nCaptcha Fights Spam

(2,566 nL)
7 min read
To Share and +4 nLEARNs

“nCaptcha” is Learn Near Club’s latest product, providing a web3 version of the classic CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). In this blog, we will first learn how the traditional CAPTCHA works and then see how nCaptcha flips it on its head.

How does CAPTCHA work?

Image Credit

You must have come across the image above during your surfing sessions. CAPTCHA was built as a security measure to help protect users from spam and password decryption.

Funnily enough, the history of CAPTCHA is tied to hackers, the very group it aims to stave off today. In the late 1980s and early 1990s, early internet forum users inadvertently laid the foundation for CAPTCHAs. Realizing that moderator programs monitored certain sensitive keywords, they devised a method to circumvent this scrutiny. These users replaced specific letters in sensitive keywords with numbers or symbols, effectively tricking the bots. This strategy eventually evolved into a form of jargon known as leetspeak.

However, the real turning point for CAPTCHAs came in the late 1990s when computer scientists noted the potential of these text distortions in thwarting scammer algorithms. The concept took a more formal shape when two separate teams – one from Carnegie Mellon University and another from cybersecurity company Sanctum – developed methods to impede bots using distorted text in 1997. This marked the dawn of the modern CAPTCHA, a key security tool that helps prevent data theft by providing a barrier to automated programs while allowing human users to pass through.

Ok, but how does CAPTCHA work?

The system accomplishes this by requiring users to pass a straightforward test, verifying that they are humans, not computers attempting to breach a password-secured account. This test consists of two parts:

  • A randomly generated, distorted sequence of characters in image form.
  • A text input box.

Users must identify and reproduce the characters shown in the image to reproduce the characters in a text box. This requires a certain level of cognitive ability that’s pretty straightforward for a human but exceedingly complex for bots. This is because we have the ability to interpret letters in different fonts and handwriting. Since bots are unable to do so, they fail the test and get blocked from interacting with the application or website.

Google and CAPTCHA

Google implements CAPTCHA via its reCAPTCHA system. You might encounter these Google-powered CAPTCHA under the following circumstances:

  • Registering for a new Google service (like Gmail, Blogger, or YouTube)
  • Subscribing to any version of a Google Workspace Account
  • Altering the password on an existing account
  • Configuring Google services for a third-party device or application (such as iPhone, Outlook, ActiveSync, etc.)

Google uses CAPTCHA to safeguard user data and maintain its service integrity. Google isn’t the only web2 giant leveraging CAPTCHA. It is pretty much everywhere and extensively used.

There is no doubt that CAPTCHA has been a powerful security measure. However, their recent effectiveness and utility have been called into question.

What is the primary method used by nCaptcha to prevent spam?

Correct! Wrong!

Are CAPTCHAs No Longer Effective?

The entire premise of CAPTCHAs is that a machine should not have the cognitive ability of a normal human to decipher these messages. CAPTCHAs rely on a partially behavioral-based approach. Besides assessing a user’s ability to solve the given puzzle, these tools also monitor actions like webpage navigation speed and mouse movement curvature. However, over the past decade, machine learning and artificial intelligence capabilities have evolved significantly, becoming more human-like and, in some cases, surpassing human abilities in solving complex puzzles. Machines, with their extensive memory and multi-tasking capabilities, can often breeze through single puzzles like CAPTCHAs.

Moreover, the emergence of CAPTCHA-solving farms – human-operated services that decode CAPTCHAs for bots – poses another challenge. Through these farms, bots can resolve CAPTCHAs within a matter of seconds, bypassing this layer of security with minimal expense and effort.

So, how do you mitigate this?

The most logical way to mitigate CAPTCHA-breaking is by increasing the complexity of the task itself. However, there is a problem here. When you increase the complexity of CAPTCHAs, you are making it difficult, or worse, annoying for humans to solve it as well. According to Sandy Carielli, a principal analyst for Forrester, CAPTCHAs can negatively impact the human experience. As per Carielli’s report, around 19% of US adults have deserted their online transactions over the last year due to complex CAPTCHAs.

Image credit

Plus, here is the kicker. Complicating the CAPTCHA may not even work.

In 2014, Google pitted an algorithm against one of its most complicated CAPTCHAs. The algorithm successfully cracked the CAPTCHA, while only 33% of human users were able to solve it.

So, what’s the solution?

Tamer Hassan, co-founder and CEO of cybersecurity firm HUMAN Security, has this to say:

“We shouldn’t be testing our humans; we shouldn’t be treating our humans like they’re the fraudsters. We should be testing the bots in different ways, and so increasing friction on humans is not the way to go.”

Let’s turn to web3 to find a solution.

nCaptcha – Fighting Spam With web3

Learn Near Club’s nCaptcha is an innovative and efficient solution designed to combat website spam. Unlike traditional CAPTCHA systems, where you end up annoying your users with complicated texts and images, nCaptcha leverages the capabilities of web3 and blockchain technology for human authentication.

As a website owner, using nCaptcha is very straightforward. After integrating it into your website, your users do a microtransaction worth 0.01 NEAR. Half of it goes to nCaptcha, and the other half to you, the website owner.

nCaptcha deters spammers by using a combination of the following:

  • Requiring mini-deposits for form submissions. This mini-deposit system works as a vetting mechanism that is both simple for genuine users and extremely effective in deterring spammers, who would need to make countless micro-transactions, thereby rendering spamming efforts inefficient and expensive.
  • Establishing an on-chain, transparent, and immutable user reputation score.

Here are a few other things to keep in mind about nCaptcha:

  • You need to have a NEAR account to use nCaptcha.
  • It integrates seamlessly with WordPress, with a dedicated comments plugin, making it versatile and accessible to a wide range of web applications.
  • It also has high compatibility with various web2 platforms, bridging the gap between conventional internet infrastructure and blockchain-based applications.
  • Its decentralized backend makes it robust and resistant to attacks or disruptions common in centralized systems.
  • Built on JavaScript, it is supported by popular browsers, thereby offering a user-friendly interface for website owners and visitors alike.
  • It’s also available as an NPM package, mobile-ready, fully responsive, and doesn’t require any smart contracts, making it even more straightforward for developers to implement.

What major drawback of traditional CAPTCHAs does nCaptcha address?

Correct! Wrong!

So, how does it work?

Let’s see nCaptcha in action.

To use nCaptcha, you must first have a named Near wallet account like Satoshi.near or xyz.near. It shouldn’t just be your public address. Go to Lean Near and log in using your wallet. Now, go to the Contact Us page.

Scroll down to see the nCaptcha widget.

As you can see, instead of dealing with an annoying Captcha, you just need to verify using a microtransaction.

Click on “Verify with nCaptcha” to get redirected to the following:

Click on “Approve” and finish your verification.

Once verification is done, you may click on “Transaction” to get redirected to Near Explorer so we can see what’s going on behind the scenes.

 

The first half of the 0.01 verification transaction goes to the website (in this case Learn Near).

The second half goes to nCaptcha.

This way, we have a system that benefits everyone:

  • User: No time wasted in looking through stupid images.
  • The website owner: No user drop off from complicated images and earning NEAR from verification fees.
  • nCaptcha: Earning verification fees.

This win-win-win philosophy is the very ethos of web3.

Changing The Spam Game With nCaptcha

The effectiveness of nCaptcha lies in its simplicity and innovative use of web3 micro-transactions. CAPTCHAs have proven themselves to be increasingly complicated and ineffective. nCaptchas provide an elegant alternative.

You may download nCaptcha and get more information here.

What do you need to use nCaptcha?

Correct! Wrong!

Please login to see this form


Generate comment with AI 2 nL
8

29 thoughts on “How nCaptcha Fights Spam”

  1. Top comment

    onixm.near (12 nL)

    I think nCaptcha is a great and up-to-date solution for spam protection. But users should always be aware of the risks when sites and modules interact with their wallet. The main risk is a possible failure on the side of the site, which may not count your transaction, and then, passing a spam check several times, you risk spending more than 0.01NEAR. When solving a regular Captcha, in case of failure or error, you can repeat the steps several times, and when using nCaptcha, this option can be expensive. Also, there is a question of trust in the owner of the site on which the nCaptcha module is installed, since he can change 0.01 NEAR at any time, for example, to 10 NEAR for each click.
    There is a suggestion, when making requests through nCaptcha, do not write off the amount, but check the balance of the wallet for the presence of a certain amount of NEAR on the balance. For example, if there is more than 0.5 or 1 NEAR, then confirm the wallet and consider it not a bot. The number of requests from one wallet can always be limited on the server side. It will be safer and more trustworthy. If the goal of nCaptcha is to fight requests from different wallets, then even if spammers want to figure out 0.5 NEAR between wallets, they need to pay a commission for transactions and creating a wallet, which will work as a protection because it is not profitable.

    Show replies
  2. While I agree that Captcha's are cumbersome, outdated, and ineffective, I do not believe that nCaptcha is the solution. I would consider it more of a stop gap. There are microtransactions for nearly every action taken in web3. This gets just as frustrating as Captcha, especially when the transaction continuously fails.  fellow commenter onixm.near may be on to something. 

    Show replies

Leave a Comment

Hire AI to help with Comment

To leave a comment you should to:


Scroll to Top
October Redeem to NEAR
This is default text for notification bar