Editing 2415: Allow Captcha

{{comic
| number    = 2415
| date      = January 22, 2021
| title     = Allow Captcha
| image     = allow_captcha.png
| titletext = To prove you're human, please click all the number pairs that appear together in your Social Security number.
}}

==Explanation==
{{incomplete|Created by a malicious design practice that already exists out there. Please mention here why this explanation isn't complete. Do NOT delete this tag too soon.}}

Captcha is designed to prevent spambots from being able to post on websites by posing challenges that humans can easily solve but that spambots and other automated programs cannot solve. The original version (used in [[632: Suspicion]]) asked users to identify text that was rotated, warped, or otherwise modified in order to make it more difficult for automated programs to solve. Once automated programs got good at that, new captchas were put out that exploited the fact that computers tend to be bad at image recognition, e.g. asking the user to select only images that contain cats from a grid of images of cats, dogs, and other objects (used in [[1897: Self Driving]]). This captcha appears to combine the two methods—with the additional hurdle that in order to pass the captcha, users must be able to not only read but also understand (i.e. know the definitions of words). However, if the goal is to allow humans but not computers to pass (although, as the next paragraph will describe, it is not the goal), this is not a good method of differentiating between the two. Any computer program that can accurately read text (and there are now many programs that can do so) would know which words start with 'A' and would be able to look up the definitions (including parts of speech) online, so this would not be effective as a captcha. Humans on the other hand, would often get confused between "ale" and "ail" or between "allot" and "a lot". The English language has no distinction between nouns and verbs by spelling, only grammatical usage, and many words in English are both nouns and verbs.

In reality, however, the window is merely disguised as a captcha in order to trick human visitors into allowing the website to install "a helper tool", which may be malware, on their computer. The top of the window uses a similar shade of blue to the current version of {{w|reCAPTCHA}} (currently the most common brand of captcha), the prompt includes the phrase "to prove you're human", and the grid is similar to the grid used by reCAPTCHA. However, positioned to appear to humans as two reCAPTCHA boxes is a window asking viewers whether they want to allow or deny the website's request to install the supposed "helper tool". The idea is that because "allow" is a verb beginning with the letter A, human visitors would click on what they think is the box with the word allow in it but actually allow the website to install potential malware on their computer. The window attempts to disguise this by formatting many of the words in boxes as buttons and including other text in smaller font on other boxes. In addition, the captcha may be intentionally difficult so that users will be too distracted by wondering whether ale is a verb to process the meaning of the request.

It should be noted that simply tricking humans would not necessarily be enough to install malware on their computer. First of all, while a person can select any part of a grid box in order to select that box, only clicking on the actual button that says allow will allow malware unto the computer. If a person clicks on another part of the supposed box, nothing will happen, so the person will likely take a closer look in order to see why the window is not being selected and then possibly realize that this is a trick as a result. In addition, the user's computer may have an anti-virus software that will prevent the computer from executing malicious code downloaded by the website. Or in order for the user to install software, a second window may pop up requiring the user to type in an administrator password, which will likely startle the user. 

Shady websites often use similar tactics to trick you into allowing notifications, including saying "[https://www.bleepstatic.com/swr-guides/c/click-allow-to-verify-that-your-are-not-a-robot/notification-subscription-page.jpg Please allow notifications to confirm you are not a robot]". This comic combines that with a traditional reCAPTCHA to try and trick savvier users too. 

The title text is another trick reCAPTCHA which is trying to make you give out your {{w|social security number}} by clicking the pairs of numbers that appear in your Social Security number. A social security number is a form of identification used in the United States, originally used for the Social Security Administration. Over time, this number has become a type of national identification number, so stealing these numbers would allow a scammer to commit identity fraud. Of course, it would use a different grid, as the grid pictured in the comic has words, not pairs of digits. If you can find all of the pairs then they would be able to guess your real number and thus this would be a weird kind of phishing attempt. If the grid is 4×4 (and some reCAPTCHA grids are only 3×3), then it can only show 16 of the possible 100 pairs of two digits, so any people who are successfully tricked likely would not reveal their entire Social Security numbers because some digit pairs in their Social Security numbers would not appear. However, it should be noted that this trick likely will not be as successful as the captcha-based trick because the phrase "Social Security number" will likely raise alarm bells concerning identity theft, and people who are not citizens or permanent or temporary residents of the United States will not have Social Security numbers, so they will not be able to be tricked into revealing personal information this way even if they are especially gullible.

It should also be noted that the phrase "to prove you're human", while also attempting to disguise the trick, has a somewhat different implication. In the first example, the idea of the supposed captcha is that it asks the user to complete a task that human brains but not computer programs can perform accurately easily, such as image recognition. In the example in the title text, the idea of the fake captcha appears to be that humans are issued Social Security numbers (at least if they live or have lived in the United States), but computers are not. As the website does not already know the users' Social Security numbers, it would not actually be able to tell whether the user's response was correct. There is nothing to prevent programming an automated spambot program to randomly select zero to four of the boxes. Likewise, users could lie and not reveal their actual Social Security numbers, although those who realize that the supposed captcha is an attempt at identity theft will likely not complete it at all and could report it to law enforcement instead.

==Boxes on the reCAPTCHA==
{| class="wikitable"
!|Position
!|Contents
!|Analysis
!|Click?
|-
|Row 1
Column 1
|Alike
|Adjective/Adverb: Related to the verb "Like", as in "similar"
|No?
|-
|Row 1
Column 2
|Elope
|Verb: To romantically abscond
But does not start with "A"
|No
|-
|Row 1
Column 3
|Aloe
|Noun: A specific type of plant, or its extracts
Vaguely similar to "Allow", but not normally a homophone
|No
|-
|Row 1
Column 4
|Ale
(and squiggles)
|Noun: A type of beer
Confusable with the verb "ail": To suffer

"(To) ply with drink" is conceivably a verb form 
|No/Maybe
|-
|Row 2
Column 1
|Avow
(and squiggles)
|Verb: To declare
|Yes
|-
|Row 2
Column 2
|Danny
(and squiggles)
|A person's name: Familar version of Daniel/Danielle
(Also slang/dialect noun: The hand)

A strained off-homophone of "Deny", as used elsewhere

Does not even start with an "A", anyway!
|No
|-
|Row 2
Column 3
|Allele
|Noun: Genetic variation/subunit
|No
|-
|Row 2
Column 4
|Allot
(and squiggles)
|Verb: To assign or distribute 
Can be misspelt "alot", causing confusion as to the legitimate word

Either of the above may be misused instead of "a lot", in its noun form meaning "many"
|Yes
|-
|Row 3
Column 1
|Askew
|Adjective/Adverb: Tilted, twisted, off-balance, strange
|No
|-
|Row 3
Column 2
|Deny
(x2)
|Verb: To refuse, disallow, etc
Does not start with "A"
|No
|-
|Row 3
Columns 3+4
|(squiggled "www.a????.com") wants to install a helper tool
|Might depend upon a legible version of the URL
|The true CAPTCHA answer would apply to cell Row 3, Column 3
|-
|Row 3
Column 3
|Deny
|As above
|No
|-
|Row 3
Column 4
|Allow
|Verb: To permit, licence, be contingent of
|In CAPTCHA context only
To avoid malicious behavior, you should avoid clicking this whole grid
|-
|Row 4
Column 1
|Allow (smaller size)
Alto

(squiggled "to a????? ~squiggles~")
|It might be easy to miss the "Allow", which is valid
"Alto", however, is a noun: Instrumental/choral pitch or range

The squiggles ''may'' include a 'valid' A-Verb
|Yes, for "Allow", in CAPTCHA context
But if a Click-trap, you'd be best to close/Back-button the whole page
|-
|Row 4
Column 2
|Allow (and squiggles)
|As elsewhere
|Yes
(or further trap)
|-
|Row 4
Column 3
|Deal
|Verb, noun and adjectival: Various related or obscure meanings
But does not start with "A", in any case
|No
|-
|Row 4
Column 4
|Delay
|Verb (and related noun): Of an enforced wait
Does not start with "A", although the synonym "allay" does

("Delay" also shares common meanings with, ''and'' mixes the phonemes of, both "Allay" and "Deny")
|No
|-
|Any cell
|Unremarked squiggles
|It is entirely possible that those squiggles, if decipherable, could include qualifying text
|Maybe..?
|}

==Transcript==
[Header at the top of the image with white text inside a light blue rectangle]: To prove you're human, please click every box containing a verb that starts with "A"

[Below the header, a series of panels in a 4x4 grid. Each panel has a word in capitals. Most of the words appear to be in buttons, and several have illegible text above or below. Some are tilted or off-center]

Alike

Elope

Aloe

Ale

Avow

Danny

Allele

Allot

Askew

[Two buttons, both saying]: Deny

[The next two panels are joined together, with two buttons next to each other. One says "Deny" and the other "Allow". The text above reads]: [illegible].com wants to install a helper tool

[With the word "Allow" printed clearly above and illegible text below]: Alto

Allow

Deal

Delay

{{comic discussion}}
[[Category:CAPTCHA]]
[[Category:Comics with color]]