I\'m intrigued that many sites use seemingly random numbers with a random operat

Question

I'm intrigued that many sites use seemingly random numbers with a random operator as a security check to validate that you're not a bot. Forgive my ignorance in captcha technology, but what is stopping the bot from pulling the simple math problem and calculating it on the fly?

Here's a sample I've pulled from a website and brevitized:

<h4>Security Question</h4>
<label for="bp-security-check"> 4 + 8 = </label>
<input type="hidden" name="bp-security-check-id" value="548bb54471083">
<input type="number" name="bp-security-check" required="required">

Explanation / Answer

CAPTCHAs are one area of computer security where "roll-your-own" can be a good idea.

In order to break a CAPTCHA, a bot needs to be programmed to recognize and solve the CAPTCHA. For low-volume, low-value sites, the cost to program a bot to handle even a trivial CAPTCHA such as this is greater than the expected value of breaking it. By the simple expedient of being different, the site operator has eliminated most automated attacks.

Note that a trivial system isn't sufficient to protect a site with any great value, but the benefit of being different remains: a bot operator can't spread the cost of breaking the CAPTCHA over multiple sites.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.