If you have been surfing the internet for longer than a week, then you must have encountered an “I am not a robot” task. They come in many shapes and forms, but they all serve the same purpose – making us prove ourselves as humans. However, that might not be the only thing it does! A recently resurfaced clip from 2020 reveals the shocking truth behind this apparent “safety” check.
The clip is from one of Sandi Toksvig’s QI episodes. Wippa and Fitzy, presenters on Australian radio recently reposted it on TikTok. The views quickly rose to over 3 million. So what was in the clip?
“I am not a robot” Works in a Peculiar Way
In the clip, Toksvig explains the information behind these “I am not a robot” tests while talking to his guests Holly Walsh, Maisie Adams, David Mitchell, and Alan Davies. He explains that ticking the tiny box or circle beside the “I am not a robot” sentence is not the main focus. Rather, the test focuses on and analyses our behavior prior to ticking it.
He admits that he cannot tell every detail since they are kept confidential in order to prevent people from cheating on the test. However, generally, ticking the box prompts the site to go through our browsing history. The site then uses this to determine that we truly are humans.
As Toksvig explains: “So let us say, for example, before you tick the box you watched a couple of cat videos and you liked a tweet about Greta Thunberg, you checked your Gmail account before you got down to work – all of that makes them think that you must be a human. And checking the box can even spur it to analyse the way in which you moved your mouse across screen. It’s slightly spooky, I think.”
Basically, by ticking the box we give the site permission to look through our data to assess our humanity. If this information is not sufficient, the site then proceeds to make us identify fire hydrants, street lamps, etc.
Comments of disbelief flooded the TikTok clip. One of them did their own research and confirmed it: “The first I hear this. Done a quick research, unfortunately it appears true.” Another one stated the irony of the situation: “So a robot is checking if I’m a robot?” A third pointed out an alarming fact: “Feels like invasion of privacy tbh.”
What Are These Tests Actually Supposed To Do?
These “I am not a robot” tests have a proper name: CAPTCHA. It stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart”. They are designed to prevent a computer from hacking passwords.
A computer or “bot” hacks passwords by inputting millions of possible password combinations in a short period of time until it finds the one that works. However, if there is a CAPTCHA present with every password attempt, the task becomes nigh impossible for any computer. After all, identifying a fire hydrant in a collage of images becomes an extremely complex issue involving image recognition, color processing, and more.
According to John Lloyd, Casaba Security’s Chief Technology Officer, after filling out a CAPTCHA, “the API then looks at the user’s cookies, location, and cached browser data before sending a score back to the web application.” A bot will not be able to behave similarly to a human as well as carry out the tasks they are usually designed for. Moreover, once the system recognizes a bot, every other site is immediately alerted of its identity which prevents it from doing anything more.
So what do you think of this tradeoff of privacy for security?