Shiba Inu in a beret and turtleneck generated by DALL-E 2
What Alan Turing and internet spam have in common
It’s been 70 years since the brilliant mathematician Alan Turing formulated a test to answer the question, ‘can a machine think?’
Based on a dialogue between judges and an unseen interlocutor, the idea is that both parties use natural language. If there is a machine on the other side and it is not recognised, this is supposed to be evidence of its ability to think. According to Turing, the criterion for success was to deceive 30% of the judges during a 5 minute conversation.
Turing was aware that the test raised emotions and questions from the beginning. He pointed to 3 arguments questioning its validity. The first related to consciousness (the possibility for a machine to create a work of art), the second saying that it is impossible to imitate the human nervous system and finally the theological argument that God made man the only thinking being.
The first attempts at simple conversation showed that the bar was set high. The machines started a dialogue, but it soon became clear that they were not up to the challenge. There was still a long way to go to pass the test. Tests were run with a conversation program called Eliza. Then came Cleverbot. Many attempts were made but the machines were still unable to pass the test. Finally, an algorithm named Eugene Gootsman in 2014, pretending to be a teenager, passed the test. He convinced a third of the judges.
Finally, in 2022, in the age of artificial intelligence, the line between humans and AI is beginning to blur. An AI system called DALL-E 2 is capable of creating art, generating photo-realistic photos and artwork from a text-based description.
What does this have to do with blocking spam and protecting your website forms, you ask?
New sophisticated web crawlers, whether based on artificial intelligence or not, can do a much better job of fooling the human recognition algorithms like Google reCAPTCHA used to block spam and filter out forms submitted by robots. It doesn’t matter what spam-blocking solution you choose, it’s only going to block spam to a degree and possibly also make it harder for the actual users to get past them. Also, they’re not going to help with manual form submissions or manually sent emails.
What are the possible solutions to this challenge?
Google reCAPTCHA v2 or v3 can help to some extent. reCAPTCHA v2 protects your website by adding a “I’m not a robot” tickbox widget or serving an image recognition challenge. reCAPTCHA v3 works in the background and is based on a user behaviour score. The higher the score, the bigger the chance a user is human. Neither of them is good at blocking bots. reCAPTCHA v3 is more user friendly than v2, but it’s harder to implement correctly which translates to longer development time. There are many alternatives like hCAPTCHA but most of them work in a similar way and suffer from similar flaws. There are other more complex and effective solutions like DataDome but they come with a hefty price tag.
What can be done to mitigate this problem?
- Encode your email address in the contact details section of your website
- Limit web forms to a minimum
- Protect all web forms with Google reCAPTCHA or other alternatives
- Use the “Honeypot Method”, this involves adding additional fields to forms that will only be visible to bots, which may allow easier detection if these fields are filled in, since they won’t be visible to humans
- Disallow links in your webforms