News, news analysis, and commentary on the latest trends in cybersecurity technology.
CAPTCHAs Easy for Humans, Hard for Bots
Proton is aiming for the sweet spot between security, privacy, and accessibility with its CAPTCHA.
Proton, the company behind the end-to-end encrypted Proton Mail, has released PRoton CAPTCHA, a layered system to differentiate between humans and bots.
For the past decade-and-a-half, CAPTCHAs and reCAPTCHAs have served as resource gatekeepers to deter bots from creating fake accounts, spamming forms, and executing brute-force attacks to guess usernames and passwords. The idea is to set a task that must be completed before granting access — and to make it easy for a human to do but very difficult for a bot.
However, visual challenges with CAPTCHA, such as having to transcribe a set of distorted characters or selecting all images with traffic lights, have become vulnerable to advanced image-analysis tools and human-solver services, while remaining annoying to legitimate users. Organizations concerned about potential privacy issues may not be comfortable with reCAPTCHAs (the "I am not a robot" checkbox) because they rely on behavioral analysis and the server examining user history to winnow out suspicious users. Scammers are including CAPTCHA-solving services in their automated attacks, plus the increased use of large language models (LLMs) is also worrying: A technical report on GPT-4's capabilities revealed that the LLM was able to persuade a human TaskRabbit worker to complete a visual CAPTCHA puzzle.
Proton CAPTCHA visual puzzles. (Source: Proton)
Proton CAPTCHA consists of three levels of discernment: computational proof-of-work tasks, visual challenges, and bot detection that the company says preserves user privacy. The system presents proof-of-work challenges for the user's device to solve in the background, without bothering the user. Meanwhile, it also runs detection tests to look for botlike identifiers. Friendly Captcha and mCAPTCHA also perform those two steps. What Proton CAPTCHA adds is a visual puzzle to solve, akin to the original CAPTCHA. The combination of the three actions makes it more expensive for automated account creation and abuse, Proton says.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024