This is actually version 2 of Month 09 journal (more accurately, version 1.0, since the other one never made it out of beta;). Version 0.x was about how it’s hard not to become an activist while my research into hackers unveils some truly hard-to-accept truths.
This might end up being a series. Also, everything I write about in this post can easily be found by doing some quick Googling. And, since nothing’s really moving forward in the production of ALGORITHM (Hollywood is about hurrying to wait, even for writer/directors), this is actually ALGORITHM Journal – Month 09
A few years ago Lois von Ahn (a really smart guy) came up with something called CAPTCHA. The problem he faced was how to know the person attempting to access a website was, in fact, a person, and not a computer programed to emulate human activities.
The stakes are huge.
The ability to know the difference between a human and a computer is relatively easy for a human to master, today. In fact, there’s a whole theory about it called The Turing Test. But, teaching a computer to know the difference is very hard. Here’s why that’s important:
Let’s say you visit PayPal. You want to login to your account and change your bank account to another one. A computer can sit and hammer away at the limited variations of available passwords and eventually get through (there are precautions against this technique as well, but that’s a different topic).
A quick solution is to come up with something that people can generally do very easily, but computers can’t do at all. The solution is CAPTCHA. CAPTCHA is a simple collection of 5 to 10 characters. But, they’re blurred, or corrupted in some way, making it nearly impossible for OCRs (Object Character Recognition: a program that can see words in a photo and recognize the letters as letters) to convert to text.
And, that worked. Spectacularly. So well, in fact, that I’d be surprised if you haven’t encountered it already. So well, that Google bought reCAPTCHA (von Ahn’s company) for a lot of money. So well that von Ahn has gone on to much prestige!
And then the hackers found a loophole.
You know all those porn sites that your coworker visits? Have you seen how sometimes she has to solve a CAPTCHA to get access to the site? The porn site doesn’t actually care about the problem CAPTCHA’s trying to solve. Instead, they’ve hired your coworker to solve the CAPTCHA problem for them and they’re paying her in porn.
The hackers, rather than trying to teach a computer to solve CAPTCHAs have simply found a way to capture the image, post it on their site, and your coworker fills it in. They take the solved CAPTCHA and post it in the site that was originally asking for it.
And, that’s how hackers think.