- From: Lionel Wolberger <lionel@userway.org>
- Date: Thu, 24 Aug 2023 20:17:18 +0300
- To: RQTF <public-rqtf@w3.org>
- Message-ID: <CAHOHNHeTOHjc4TTaX=P5Ve8uDhe1KaDeh4Y_wx2+ZuWkknNi-g@mail.gmail.com>
Recent article regarding Captcha, has some interesting perspective on user perception of difficulty vs actual difficulty. - L https://arxiv.org/abs/2307.12108 [Submitted on 22 Jul 2023] An Empirical Study & Evaluation of Modern CAPTCHAs Andrew Searles, Yoshimichi Nakatsuka, Ercan Ozturk, Andrew Paverd, Gene Tsudik, Ai Enkoji For nearly two decades, CAPTCHAs have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAs have continued to improve. Meanwhile, CAPTCHAs have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAs, and how they are perceived by those users. In this work, we explore CAPTCHAs in the wild by evaluating users' solving performance and perceptions of unmodified currently-deployed CAPTCHAs. We obtain this data through manual inspection of popular websites and user studies in which 1,400 participants collectively solved 14,000 CAPTCHAs. Results show significant differences between the most popular types of CAPTCHAs: surprisingly, solving time and user perception are not always correlated. We performed a comparative study to investigate the effect of experimental context -- specifically the difference between solving CAPTCHAs directly versus solving them as part of a more natural task, such as account creation. Whilst there were several potential confounding factors, our results show that experimental context could have an impact on this task, and must be taken into account in future CAPTCHA studies. Finally, we investigate CAPTCHA-induced user task abandonment by analyzing participants who start and do not complete the task. Comments: Accepted at USENIX Security 2023 Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2307.12108 [cs.CR] (or arXiv:2307.12108v1 [cs.CR] for this version) https://doi.org/10.48550/arXiv.2307.12108 Focus to learn more Submission history From: Yoshimichi Nakatsuka [view email] [v1] Sat, 22 Jul 2023 15:36:13 UTC (1,815 KB)
Received on Thursday, 24 August 2023 17:17:48 UTC