When we hear about CAPTCHA protecting our personal information, we usually think about a hacker somewhere using a robot to try and guess our password. I have always thought, though: if they have a robot that can guess our passwords, couldn’t they make one that can complete a CAPTCHA? I know some others also carry this sentiment. I once heard a friend of mine refer to CAPTCHAs as “security theater,” like the TSA. If you did not know, the TSA, the agency tasked with protecting aviation, does not actually do a very good job of this. When being tested on whether bomb material and other weapons would be able to be brought through security in an airport, 67 out of 70 of the dangerous items were let through. This shows that while the TSA sometimes stops the people they need to, most of the time they do not. More so, they create the appearance of security by setting up specific rules, protocols, and checks. This is where the name security theater comes from. I decided to look more into this; here are my findings.
Supposedly, CAPTCHA protects our information by creating images or text that are too incomprehensible for anyone not human to understand. If there is not technology able to crack this, it seems like a great invention. Though if it doesn’t do all it says it does, then it’s a huge waste of time. While it seems CAPTCHA does do a fairly good job of this, there still are some more advanced bots that crack the CAPTCHA. So, while the CAPTCHA can prevent large amounts of bot traffic from entering the common website, there are still some that people use to break through for specific reasons. This is why bots are able to purchase and resell concert tickets and make weird Instagram comments. Though I guess they don’t usually try to guess your password; they usually buy it from other hackers and websites. Whether it’s security or theater is up to you, but it does seem to help.