Why Are Bots Unable to Check "I Am Not a Robot" Checkboxes?

iStock.com/Oleksandr Hruts
iStock.com/Oleksandr Hruts

Oliver Emberton:

How complicated can one little checkbox be? You can't even imagine!

For starters, Google invented an entire virtual machine—essentially a simulated computer inside a computer—just to run that checkbox.

That virtual machine uses Google's own language, which they then encrypt. Twice.

But this is no simple encryption. Normally, when you password protect something, you might use a key to decode it. Google’s invented language is decoded with a key that is changed by the process of reading the language, and the language also changes as it is read.

Google combines (or hashes) that key with the web address you’re visiting, so you can’t use a CAPTCHA from one website to bypass another. It further combines that with “fingerprints” from your browser, catching microscopic variations in your computer that a bot would struggle to replicate (such as CSS rules).

All of this is done just to make it hard for you to understand what Google is even doing. You need to write tools just to analyze it. (Fortunately people did just that).

It turns out that these checkboxes record and analyze a lot of data, including: Your computer’s timezone and time; your IP address and rough location; your screen size and resolution; the browser you’re using; the plugins you’re using; how long the page took to display; how many key presses, mouse clicks, and tap/scrolls were made; and ... some other stuff we don’t quite understand.

We also know that these boxes ask your browser to draw an invisible image [PDF] and send it to Google for verification. The image contains things like a nonsense font, which (depending on your computer) will fall back to a system font and be drawn very differently. They then add to this a 3D image with a special texture, which is drawn in such a way that the result varies between computers.

Finally, these seemingly simple little checkboxes combine all of this data with their knowledge of the person using the computer. Almost everyone on the Internet uses something owned by Google—search, mail, ads, maps—and as you know, Google Tracks All Of Your Things™️. When you click that checkbox, Google reviews your browser history to see if it looks convincingly human.

This is easy for them, because they’re constantly observing the behavior of billions of real people.

How exactly they check all this information is impossible to know, but they’re almost certainly using machine learning (or AI) on their private servers, which is impossible for an outsider to replicate. I wouldn’t be surprised if they also built an adversarial AI to try to beat their own AI, and have both learn from each other.

So why is all this hard for a bot to beat? Because now you’ve got a ridiculous amount of messy human behaviors to simulate, and they’re almost unknowable, and they keep changing, and you can’t tell when. Your bot might have to sign up for a Google service and use it convincingly on a single computer, which should look different from the computers of other bots, in ways you don’t understand. It might need convincing delays and stumbles between key presses, scrolling and mouse movements. This is all incredibly difficult to crack and teach a computer, and complexity comes at a financial cost for the spammer. They might break it for a while, but if it costs them (say) $1 per successful attempt, it’s usually not worth them bothering.

Still, people do break Google’s protection [PDF]. CAPTCHAs are an ongoing arms race that neither side will ever win. The AI technology that makes Google’s approach so hard to fool is the same technology that is adapted to fool it.

Just wait until that AI is convincing enough to fool you.

Sweet dreams, human.

This post originally appeared on Quora. Click here to view.

Why Are There 10 Hot Dogs to a Pack But Only 8 Buns?

tacar/iStock via Getty Images
tacar/iStock via Getty Images

Watching competitive eating champion Joey Chestnut cram dozens of hot dogs down his throat would make anyone crave a grilled log of processed meat this summer. But shopping for hot dogs can be a confusing experience. The dogs are typically sold in packs of 10, but the buns are sold in packs of eight. What's behind this strange dog and bun inequality?

According to the National Hot Dog and Sausage Council—yes, there is a National Hot Dog and Sausage Council—there’s a good reason for the discrepancy. For starters, distributors of hot dogs are almost always different from manufacturers of baked goods like rolls. The hot dogs are sold in packs of 10 because producers of meat (or meat-like) products selected that quantity when hot dogs started to sell at retail grocery stores in the 1940s. Oscar Mayer, which led the charge into direct-to-consumer hot dog packaging, sold hot dogs by the pound in accordance with how meat is typically priced. Having 10 dogs that weighed 1.6 ounces each seemed like the ideal distribution of weight.

Bakeries, meanwhile, have standards of their own. Buns and sandwich rolls are usually sold eight to a pack because the baking trays for the elongated buns are typically sized to fit that number. Two sets of four buns come off the tray, which is the reason why buns are often still attached to one another when you open a bag.

These standards were created independently of one another: Bakeries weren’t too preoccupied with hot dogs when they were settling on a four-roll tray standard, and hot dog manufacturers weren’t thinking about how difficult it would be for bakeries to break from their conveyor system to offer 10 buns to a pack.

It can be frustrating if you buy just one or two packages of each, but if you’re hosting a big enough party, the uneven number doesn’t matter. You just need to buy five packages of buns and four packages of hot dogs to have 40 matching pairs. No complicated calculations required.

Have you got a Big Question you'd like us to answer? If so, let us know by emailing us at bigquestions@mentalfloss.com.

When Are the Dog Days of Summer?

Dorottya_Mathe/iStock via Getty Images
Dorottya_Mathe/iStock via Getty Images

The official “dog days” of summer begin on July 3 and end on August 11. So how did this time frame earn its canine nickname? It turns out the phrase has nothing to do with the poor pooches who are forever seeking shade in the July heat, and everything to do with the nighttime sky.

Sirius, the Dog Star, is the brightest star in the sky. The ancient Greeks noticed that in the summer months, Sirius rose and set with the Sun, and they theorized that it was the bright, glowing Dog Star that was adding extra heat to the Earth in July and August.

Have you got a Big Question you'd like us to answer? If so, let us know by emailing us at bigquestions@mentalfloss.com.

SECTIONS

arrow
LIVE SMARTER