Editing 2415: Allow Captcha

Jump to: navigation, search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision Your text
Line 8: Line 8:
  
 
==Explanation==
 
==Explanation==
Captcha is designed to prevent spambots from being able to post on websites by posing challenges that humans can easily solve but that spambots and other automated programs cannot solve. The original version (used in [[632: Suspicion]]) asked users to identify text that was rotated, warped, or otherwise modified in order to make it more difficult for automated programs to solve. Once automated programs got good at that, new captchas were put out that exploited the fact that computers tend to be bad at image recognition, e.g. asking the user to select only images that contain cats from a grid of images of cats, dogs, and other objects (used in [[1897: Self Driving]]). This captcha appears to combine the two methods—with the additional hurdle that in order to pass the captcha, users must be able to not only read but also understand (i.e. know the definitions of words). However, if the goal is to allow humans but not computers to pass (although, as the next paragraph will describe, it is not the goal), this is not a good method of differentiating between the two. Any computer program that can accurately read text (and there are now many programs that can do so) would know which words start with 'A' and would be able to look up the definitions (including parts of speech) online, so this would not be effective as a captcha. Humans on the other hand, would often get confused between "ale" and "ail" or between "allot" and "a lot". The English language has no distinction between nouns and verbs by spelling, only grammatical usage, and many words in English are both nouns and verbs, depending on context and placement.
+
{{incomplete|Created by a malicious design practice that already exists out there. Please mention here why this explanation isn't complete. Do NOT delete this tag too soon.}}
 +
 
 +
Captcha is designed to prevent spambots from being able to post on websites by posing challenges that humans can easily solve but that spambots and other automated programs cannot solve. The original version (used in [[632: Suspicion]]) asked users to identify text that was rotated, warped, or otherwise modified in order to make it more difficult for automated programs to solve. Once automated programs got good at that, new captchas were put out that exploited the fact that computers tend to be bad at image recognition, e.g. asking the user to select only images that contain cats from a grid of images of cats, dogs, and other objects (used in [[1897:_Self_Driving]]). This captcha appears to combine the two methods—with the additional hurdle that in order to pass the captcha, users must be able to not only read but also understand (i.e. know the definitions of words). However, if the goal is to allow humans but not computers to pass (although, as the next paragraph will describe, it is not the goal), this is not a good method of differentiating between the two. Any computer program that can accurately read text (and there are now many programs that can do so) would know which words start with 'A' and would be able to look up the definitions (including parts of speech) online, so this would not be effective as a captcha. Humans on the other hand, would often get confused between "ale" and "ail" or between "allot" and "a lot". The English language has no distinction between nouns and verbs by spelling, only grammatical usage, and many words in English are both nouns and verbs.
  
 
In reality, however, the window is merely disguised as a captcha in order to trick human visitors into allowing the website to install "a helper tool", which may be malware, on their computer. The top of the window uses a similar shade of blue to the current version of {{w|reCAPTCHA}} (currently the most common brand of captcha), the prompt includes the phrase "to prove you're human", and the grid is similar to the grid used by reCAPTCHA. However, positioned to appear to humans as two reCAPTCHA boxes is a window asking viewers whether they want to allow or deny the website's request to install the supposed "helper tool". The idea is that because "allow" is a verb beginning with the letter A, human visitors would click on what they think is the box with the word allow in it but actually allow the website to install potential malware on their computer. The window attempts to disguise this by formatting many of the words in boxes as buttons and including other text in smaller font on other boxes. In addition, the captcha may be intentionally difficult so that users will be too distracted by wondering whether ale is a verb to process the meaning of the request.
 
In reality, however, the window is merely disguised as a captcha in order to trick human visitors into allowing the website to install "a helper tool", which may be malware, on their computer. The top of the window uses a similar shade of blue to the current version of {{w|reCAPTCHA}} (currently the most common brand of captcha), the prompt includes the phrase "to prove you're human", and the grid is similar to the grid used by reCAPTCHA. However, positioned to appear to humans as two reCAPTCHA boxes is a window asking viewers whether they want to allow or deny the website's request to install the supposed "helper tool". The idea is that because "allow" is a verb beginning with the letter A, human visitors would click on what they think is the box with the word allow in it but actually allow the website to install potential malware on their computer. The window attempts to disguise this by formatting many of the words in boxes as buttons and including other text in smaller font on other boxes. In addition, the captcha may be intentionally difficult so that users will be too distracted by wondering whether ale is a verb to process the meaning of the request.
  
It should be noted that simply tricking humans would not necessarily be enough to install malware on their computer. First of all, while a person can select any part of a grid box in order to select that box, only clicking on the actual button that says allow will allow malware unto the computer. If a person clicks on another part of the supposed box, nothing will happen, so the person will likely take a closer look in order to see why the window is not being selected and then possibly realize that this is a trick as a result. Further, the website would likely not be able to specify where the permission window appears, so would not be able to fit it into the fake reCAPTCHA. In addition, the user's computer may have an anti-virus software that will prevent the computer from executing malicious code downloaded by the website. Or in order for the user to install software, a second window may pop up requiring the user to type in an administrator password, which will likely startle the user.  
+
It should be noted that simply tricking humans would not necessarily be enough to install malware on their computer. First of all, while a person can select any part of a grid box in order to select that box, only clicking on the actual button that says allow will allow malware unto the computer. If a person clicks on another part of the supposed box, nothing will happen, so the person will likely take a closer look in order to see why the window is not being selected and then possibly realize that this is a trick as a result. In addition, the user's computer may have an anti-virus software that will prevent the computer from executing malicious code downloaded by the website. Or in order for the user to install software, a second window may pop up requiring the user to type in an administrator password, which will likely startle the user.  
  
 
Shady websites often use similar tactics to trick you into allowing notifications, including saying "[https://www.bleepstatic.com/swr-guides/c/click-allow-to-verify-that-your-are-not-a-robot/notification-subscription-page.jpg Please allow notifications to confirm you are not a robot]". This comic combines that with a traditional reCAPTCHA to try and trick savvier users too.  
 
Shady websites often use similar tactics to trick you into allowing notifications, including saying "[https://www.bleepstatic.com/swr-guides/c/click-allow-to-verify-that-your-are-not-a-robot/notification-subscription-page.jpg Please allow notifications to confirm you are not a robot]". This comic combines that with a traditional reCAPTCHA to try and trick savvier users too.  
  
The title text is another trick reCAPTCHA which is trying to make you give out your {{w|social security number}} by clicking the pairs of numbers that appear in your Social Security number. A social security number is a form of identification used in the United States, originally used for the Social Security Administration. Over time, this number has become a type of national identification number, so stealing these numbers would allow a scammer to commit identity fraud. Of course, it would use a different grid, as the grid pictured in the comic has words, not pairs of digits. If you can find all of the pairs then they would be able to guess your real number and thus this would be a weird kind of phishing attempt. If the grid is 4×4 (and some reCAPTCHA grids are only 3×3), then it can only show 16 of the possible 100 pairs of two digits, so any people who are successfully tricked likely would not reveal their entire Social Security numbers because some digit pairs in their Social Security numbers would not appear. However, it should be noted that this trick likely will not be as successful as the captcha-based trick because the phrase "Social Security number" will likely raise alarm bells concerning identity theft, and people who are not citizens or permanent or temporary residents of the United States will not have Social Security numbers, so they will not be able to be tricked into revealing personal information this way even if they are especially gullible.
+
The title text is a another trick reCAPTCHA which is trying to make you give out your {{w|social security number}} by clicking the pairs of numbers that appear in your Social Security number. A social security number is a form of identification used in the United States, originally used for the Social Security Administration. Over time, this number has become a type of national identification number, so stealing these numbers would allow a scammer to commit identity fraud. Of course, it would use a different grid, as the grid pictured in the comic has words, not pairs of digits. If you can find all of the pairs then they would be able to guess your real number and thus this would be a weird kind of phishing attempt. If the grid is 4×4 (and some reCAPTCHA grids are only 3×3), then it can only show 16 of the possible 100 pairs of two digits, so any people who are successfully tricked likely would not reveal their entire Social Security numbers because some digit pairs in their Social Security numbers would not appear. However, it should be noted that this trick likely will not be as successful as the captcha-based trick because the phrase "Social Security number" will likely raise alarm bells concerning identity theft, and people who are not citizens or permanent or temporary residents of the United States will not have Social Security numbers, so they will not be able to be tricked into revealing personal information this way even if they are especially gullible.
  
 
It should also be noted that the phrase "to prove you're human", while also attempting to disguise the trick, has a somewhat different implication. In the first example, the idea of the supposed captcha is that it asks the user to complete a task that human brains but not computer programs can perform accurately easily, such as image recognition. In the example in the title text, the idea of the fake captcha appears to be that humans are issued Social Security numbers (at least if they live or have lived in the United States), but computers are not. As the website does not already know the users' Social Security numbers, it would not actually be able to tell whether the user's response was correct. There is nothing to prevent programming an automated spambot program to randomly select zero to four of the boxes. Likewise, users could lie and not reveal their actual Social Security numbers, although those who realize that the supposed captcha is an attempt at identity theft will likely not complete it at all and could report it to law enforcement instead.
 
It should also be noted that the phrase "to prove you're human", while also attempting to disguise the trick, has a somewhat different implication. In the first example, the idea of the supposed captcha is that it asks the user to complete a task that human brains but not computer programs can perform accurately easily, such as image recognition. In the example in the title text, the idea of the fake captcha appears to be that humans are issued Social Security numbers (at least if they live or have lived in the United States), but computers are not. As the website does not already know the users' Social Security numbers, it would not actually be able to tell whether the user's response was correct. There is nothing to prevent programming an automated spambot program to randomly select zero to four of the boxes. Likewise, users could lie and not reveal their actual Social Security numbers, although those who realize that the supposed captcha is an attempt at identity theft will likely not complete it at all and could report it to law enforcement instead.
  
==Boxes on the reCAPTCHA==
+
==What Boxes To Click?==
 
{| class="wikitable"
 
{| class="wikitable"
!|Position
+
!|Pos.
 
!|Contents
 
!|Contents
 
!|Analysis
 
!|Analysis
Line 30: Line 32:
 
Column 1
 
Column 1
 
|Alike
 
|Alike
|Adjective/Adverb: Related to the verb "Like", as in "similar"
+
|Adjective/Adverb: related to the verb "Like", as in similar
|No
+
Thus is technically "(a verb)" ''prepended'' by an "A", if the instructions are understood as such
 +
|No? Yes?
 
|-
 
|-
 
|Row 1
 
|Row 1
Line 43: Line 46:
 
Column 3
 
Column 3
 
|Aloe
 
|Aloe
|Noun: A specific type of plant, or its extracts
+
|Noun: A specific plant, or its extracts
Vaguely similar to "Allow", but not normally a homophone
+
Superficially similar to "Allow", but not normally a homophone
 +
 
 +
To "low" is to make a sound like cattle, so another "A Verb" misdirection?
 
|No
 
|No
 
|-
 
|-
 
|Row 1
 
|Row 1
 
Column 4
 
Column 4
|Ale
+
|Ale (and squiggles)
(and squiggles)
+
|Noun: a type of beer
|Noun: A type of beer
+
Confusable with "ail", verb: to suffer
Confusable with the verb "ail": To suffer
 
  
 
"(To) ply with drink" is conceivably a verb form  
 
"(To) ply with drink" is conceivably a verb form  
Line 59: Line 63:
 
|Row 2
 
|Row 2
 
Column 1
 
Column 1
|Avow
+
|Avow (and squiggles)
(and squiggles)
+
|Verb: to declare
|Verb: To declare
+
Also, similarly, "to vow" is a direct verb form of the related noun, thus "a"+"vow" could count (c.f. "alike")
 
|Yes
 
|Yes
 
|-
 
|-
 
|Row 2
 
|Row 2
 
Column 2
 
Column 2
|Danny
+
|Danny (and squiggles)
(and squiggles)
+
|A person's name: familar version of Daniel/Danielle
|A person's name: Familar version of Daniel/Danielle
+
(Also slang/dialect noun: the hand)
(Also slang/dialect noun: The hand)
 
  
 
A strained off-homophone of "Deny", as used elsewhere
 
A strained off-homophone of "Deny", as used elsewhere
Line 79: Line 82:
 
Column 3
 
Column 3
 
|Allele
 
|Allele
|Noun: Genetic variation/subunit
+
|Noun: genetic variation/subunit
 
|No
 
|No
 
|-
 
|-
 
|Row 2
 
|Row 2
 
Column 4
 
Column 4
|Allot
+
|Allot (and squiggles)
(and squiggles)
+
|Verb: to assign or distribute  
|Verb: To assign or distribute  
 
 
Can be misspelt "alot", causing confusion as to the legitimate word
 
Can be misspelt "alot", causing confusion as to the legitimate word
  
 
Either of the above may be misused instead of "a lot", in its noun form meaning "many"
 
Either of the above may be misused instead of "a lot", in its noun form meaning "many"
 +
 +
"Lot" may also count as verb (archaicly), so this might also compound to qualify "a"+"lot"
 
|Yes
 
|Yes
 
|-
 
|-
Line 96: Line 100:
 
|Askew
 
|Askew
 
|Adjective/Adverb: Tilted, twisted, off-balance, strange
 
|Adjective/Adverb: Tilted, twisted, off-balance, strange
 +
"Skew" ''is'' a verb (also adjective/adverb/noun)
 
|No
 
|No
 +
(except if as "alike")
 
|-
 
|-
 
|Row 3
 
|Row 3
 
Column 2
 
Column 2
|Deny
+
|Deny (x2)
(x2)
+
|Verb: to refuse, disallow, etc
|Verb: To refuse, disallow, etc
 
 
Does not start with "A"
 
Does not start with "A"
 
|No
 
|No
|-
 
|Row 3
 
Columns 3+4
 
|(squiggled "www.a????.com") wants to install a helper tool
 
|Might depend upon a legible version of the URL
 
|The true CAPTCHA answer would apply to cell Row 3, Column 3
 
 
|-
 
|-
 
|Row 3
 
|Row 3
Line 117: Line 116:
 
|As above
 
|As above
 
|No
 
|No
 +
|-
 +
|Row 3
 +
Columns 3+4
 +
|(squiggled "www.a????.com") wants to install a helper tool
 +
|Might depend upon a legible version of the URL.
 +
|If so, probably applies to the cell in Row 3, Column 3
 
|-
 
|-
 
|Row 3
 
|Row 3
 
Column 4
 
Column 4
 
|Allow
 
|Allow
|Verb: To permit, licence, be contingent of
+
|Verb: to permit, licence, be contingent of
|In CAPTCHA context only
+
|Yes
To avoid malicious behavior, you should avoid clicking this whole grid
+
(despite/because of the trap)
 
|-
 
|-
 
|Row 4
 
|Row 4
 
Column 1
 
Column 1
|Allow (smaller size)
+
|Allow (smaller font)
 
Alto
 
Alto
  
 
(squiggled "to a????? ~squiggles~")
 
(squiggled "to a????? ~squiggles~")
 
|It might be easy to miss the "Allow", which is valid
 
|It might be easy to miss the "Allow", which is valid
"Alto", however, is a noun: Instrumental/choral pitch or range
+
"Alto", however, is a nound: instrumental/choral pitch or range
 +
 
 +
Possibly "Alto" is further taken as a "to"-word (misapplying the 'verb rule') that starts with an "A"
  
The squiggles ''may'' include a 'valid' A-Verb
+
The squiggles ''may' include a 'valid' "A Verb"
|Yes, for "Allow", in CAPTCHA context
+
|Yes, for the "Allow" alone
But if a Click-trap, you'd be best to close/Back-button the whole page
+
(If not another click-trap)
 
|-
 
|-
 
|Row 4
 
|Row 4
Line 148: Line 155:
 
Column 3
 
Column 3
 
|Deal
 
|Deal
|Verb, noun and adjectival: Various related or obscure meanings
+
|Verb, noun and adjectival: various related and unrelated meanings
 
But does not start with "A", in any case
 
But does not start with "A", in any case
 
|No
 
|No
Line 155: Line 162:
 
Column 4
 
Column 4
 
|Delay
 
|Delay
|Verb (and related noun): Of an enforced wait
+
|Verb (and related noun): of an enforced wait
 
Does not start with "A", although the synonym "allay" does
 
Does not start with "A", although the synonym "allay" does
  
Line 163: Line 170:
 
|Any cell
 
|Any cell
 
|Unremarked squiggles
 
|Unremarked squiggles
|It is entirely possible that those squiggles, if decipherable, could include qualifying text
+
|It is entirely possible that those squiggles, if decipherable, could include qualifying "A Verb" forms
 
|Maybe..?
 
|Maybe..?
 
|}
 
|}

Please note that all contributions to explain xkcd may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see explain xkcd:Copyrights for details). Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel | Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.explainxkcd.com/wiki/index.php/2415:_Allow_Captcha"