All of these developments clearly indicate the demand and supply for CAPTCHA breaking services, as well as the potential for abusing the clean domain reputation of the most popular email providers whose continuous emphasis on usability, namely coming up with more user friendly CAPTCHAs, often results in the easy of which the process can be automated.[From Microsoft’s CAPTCHA successfully broken | Zero Day | ZDNet.com]
But look at the second comment on the story, which makes a point that occurred to me as I was reading the story. I was thinking "hey, can I get some of that software to make life easier for me when I’m posting blog comments?". More than once I’ve had a quick thought while reading someone’s blog post, clicked on "comment", typed in a quick note and then given up when I’ve typed in the wobbly writing incorrectly a couple of times. As the commenter points out, if the cracking software can read the codes better than many people can, so there will be a demand for that software from people who want to use it for legitimate access!
And, by the way, if you authenticate yourself with OpenID, as I just did on Faster Future, why should you need to read the wobbly writing at all? Surely one of the most important attributes that OpenID could share is "is_a_real_person" or something similar.
You can’t help wondering if the "test" line of thinking isn’t going down a "Turing test" blind alley. As systems get smarter, it will become increasingly difficult to tell that they are systems by setting them challenges that are presumed to be too difficult for computers to meet, such as reading wobbly writing or playing chess.
The only way that a system will be able to tell whether it is being accessed by a person or by another system will be by seeing some form of secure credential to attest to the fact: I might set this blog, for example, to only accept 2FA OpenID logins, and only accept 2FA credentials issued by major banks, whose "know your customer" obligations presumably include determining whether the customer is a person or a bot.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]