Why Are Bots Unable to Check "I Am Not a Robot" Checkboxes?

iStock.com/Oleksandr Hruts
iStock.com/Oleksandr Hruts

Oliver Emberton:

How complicated can one little checkbox be? You can't even imagine!

For starters, Google invented an entire virtual machine—essentially a simulated computer inside a computer—just to run that checkbox.

That virtual machine uses Google's own language, which they then encrypt. Twice.

But this is no simple encryption. Normally, when you password protect something, you might use a key to decode it. Google’s invented language is decoded with a key that is changed by the process of reading the language, and the language also changes as it is read.

Google combines (or hashes) that key with the web address you’re visiting, so you can’t use a CAPTCHA from one website to bypass another. It further combines that with “fingerprints” from your browser, catching microscopic variations in your computer that a bot would struggle to replicate (such as CSS rules).

All of this is done just to make it hard for you to understand what Google is even doing. You need to write tools just to analyze it. (Fortunately people did just that).

It turns out that these checkboxes record and analyze a lot of data, including: Your computer’s timezone and time; your IP address and rough location; your screen size and resolution; the browser you’re using; the plugins you’re using; how long the page took to display; how many key presses, mouse clicks, and tap/scrolls were made; and ... some other stuff we don’t quite understand.

We also know that these boxes ask your browser to draw an invisible image [PDF] and send it to Google for verification. The image contains things like a nonsense font, which (depending on your computer) will fall back to a system font and be drawn very differently. They then add to this a 3D image with a special texture, which is drawn in such a way that the result varies between computers.

Finally, these seemingly simple little checkboxes combine all of this data with their knowledge of the person using the computer. Almost everyone on the Internet uses something owned by Google—search, mail, ads, maps—and as you know, Google Tracks All Of Your Things™️. When you click that checkbox, Google reviews your browser history to see if it looks convincingly human.

This is easy for them, because they’re constantly observing the behavior of billions of real people.

How exactly they check all this information is impossible to know, but they’re almost certainly using machine learning (or AI) on their private servers, which is impossible for an outsider to replicate. I wouldn’t be surprised if they also built an adversarial AI to try to beat their own AI, and have both learn from each other.

So why is all this hard for a bot to beat? Because now you’ve got a ridiculous amount of messy human behaviors to simulate, and they’re almost unknowable, and they keep changing, and you can’t tell when. Your bot might have to sign up for a Google service and use it convincingly on a single computer, which should look different from the computers of other bots, in ways you don’t understand. It might need convincing delays and stumbles between key presses, scrolling and mouse movements. This is all incredibly difficult to crack and teach a computer, and complexity comes at a financial cost for the spammer. They might break it for a while, but if it costs them (say) $1 per successful attempt, it’s usually not worth them bothering.

Still, people do break Google’s protection [PDF]. CAPTCHAs are an ongoing arms race that neither side will ever win. The AI technology that makes Google’s approach so hard to fool is the same technology that is adapted to fool it.

Just wait until that AI is convincing enough to fool you.

Sweet dreams, human.

This post originally appeared on Quora. Click here to view.

What Do the Numbers and Letters on a Boarding Pass Mean?

iStock.com/Laurence Dutton
iStock.com/Laurence Dutton

Picture this: You're about to embark on a vacation or business trip, and you have to fly to reach your destination. You get to the airport, make it through the security checkpoint, and breathe a sigh of relief. What do you do next? After putting your shoes back on, you'll probably look at your boarding pass to double-check your gate number and boarding time. You might scan the information screen for your flight number to see if your plane will arrive on schedule, and at some point before boarding, you'll also probably check your zone and seat numbers.

Aside from these key nuggets of information, the other letters and numbers on your boarding pass might seem like gobbledygook. If you find this layout confusing, you're not the only one. Designer and creative director Tyler Thompson once commented that it was almost as if "someone put on a blindfold, drank a fifth of whiskey, spun around 100 times, got kicked in the face by a mule … and then just started puking numbers and letters onto the boarding pass at random."

Of course, these seemingly secret codes aren't exactly secret, and they aren't random either. So let's break it down, starting with the six-character code you'll see somewhere on your boarding pass. This is your Passenger Name Reference (or PNR for short). On some boarding passes—like the one shown below—it may be referred to as a record locator or reservation code.

A boarding pass
Piergiuliano Chesi, Wikimedia Commons // Public domain

These alphanumeric codes are randomly generated, but they're also unique to your personal travel itinerary. They give airlines access to key information about your contact information and reservation—even your meal preferences. This is why it's ill-advised to post a photo of your boarding pass to social media while waiting at your airport gate. A hacker could theoretically use that PNR to access your account, and from there they could claim your frequent flier miles, change your flight details, or cancel your trip altogether.

You might also see a random standalone letter on your boarding pass. This references your booking class. "A" and "F," for instance, are typically used for first-class seats. The letter "Y" generally stands for economy class, while "Q" is an economy ticket purchased at a discounted rate. If you see a "B" you might be in luck—it means you could be eligible for a seat upgrade.

There might be other letters, too. "S/O," which is short for stopover, means you have a layover that lasts longer than four hours in the U.S. or more than 24 hours in another country. Likewise, "STPC" means "stopover paid by carrier," so you'll likely be put up in a hotel free of charge. Score!

One code you probably don’t want to see is "SSSS," which means your chances of getting stopped by TSA agents for a "Secondary Security Screening Selection" are high. For whatever reason, you've been identified as a higher security risk. This could be because you've booked last-minute or international one-way flights, or perhaps you've traveled to a "high-risk country." It could also be completely random.

Still confused? For a visual of what that all these codes look like on a boarding pass, check out this helpful infographic published by Lifehacker.

Have you got a Big Question you'd like us to answer? If so, send it to bigquestions@mentalfloss.com.

Does Having Allergies Mean That You Have A Decreased Immunity?

iStock.com/PeopleImages
iStock.com/PeopleImages

Tirumalai Kamala:

No, allergy isn't a sign of decreased immunity. It is a specific type of immune dysregulation. Autoimmunity, inflammatory disorders such as IBS and IBD, and even cancer are examples of other types of immune dysregulation.

Quality and target of immune responses and not their strength is the core issue in allergy. Let's see how.

—Allergens—substances known to induce allergy—are common. Some such as house dust mite and pollen are even ubiquitous.
—Everyone is exposed to allergens yet only a relative handful are clinically diagnosed with allergy.
—Thus allergens don't inherently trigger allergy. They can but only in those predisposed to allergy, not in everyone.
—Each allergic person makes pathological immune responses to not all but to only one or a few structurally related allergens while the non-allergic don't.
—Those diagnosed with allergy aren't necessarily more susceptible to other diseases.

If the immune response of each allergic person is selectively distorted when responding to specific allergens, what makes someone allergic? Obviously a mix of genetic and environmental factors.

[The] thing is allergy prevalence has spiked in recent decades, especially in developed countries, [which is] too short a time period for purely genetic mutation-based changes to be the sole cause, since that would take multiple generations to have such a population-wide effect. That tilts the balance towards environmental change, but what specifically?

Starting in the 1960s, epidemiologists began reporting a link between infections and allergy—[the] more infections in childhood, [the] less the allergy risk [this is called hygiene hypothesis]. Back then, microbiota weren't even a consideration but now we have learned better, so the hygiene hypothesis has expanded to include them.

Essentially, the idea is that the current Western style of living that rapidly developed over the 20th century fundamentally and dramatically reduced lifetime, and, crucially, early life exposure to environmental microorganisms, many of which would have normally become part of an individual's gut microbiota after they were born.

How could gut microbiota composition changes lead to selective allergies in specific individuals? Genetic predisposition should be taken as a given. However, natural history suggests that such predisposition transitioned to a full fledged clinical condition much more rarely in times past.

Let's briefly consider how that equation might have fundamentally changed in recent times. Consider indoor sanitation, piped chlorinated water, C-sections, milk formula, ultra-processed foods, lack of regular contact with farm animals (as a surrogate for nature) and profligate, ubiquitous, even excessive use of antimicrobial products such as antibiotics, to name just a few important factors.

Though some of these were beneficial in their own way, epidemiological data now suggests that such innovations in living conditions also disrupted the intimate association with the natural world that had been the norm for human societies since time immemorial. In the process such dramatic changes appear to have profoundly reduced human gut microbiota diversity among many, mostly in developed countries.

Unbeknownst to us, an epidemic of absence*, as Moises Velasquez-Manoff evocatively puts it, has thus been invisibly taking place across many human societies over the 20th century in lock-step with specific changes in living standards.

Such sudden and profound reduction in gut microbiota diversity thus emerges as the trigger that flips the normally hidden predisposition in some into clinically overt allergy. Actual mechanics of the process remain the subject of active research.

We (my colleague and I) propose a novel predictive mechanism for how disruption of regulatory T cell** function serves as the decisive and non-negotiable link between loss of specific microbiota and inflammatory disorders such as allergies. Time (and supporting data) will tell if we are right.

* An Epidemic of Absence: A New Way of Understanding Allergies and Autoimmune Diseases Reprint, Moises Velasquez-Manoff

** a small indispensable subset of CD4+ T cells.

This post originally appeared on Quora. Click here to view.

SECTIONS

arrow
LIVE SMARTER