As if you needed more evidence from me that CAPTCHA is a bad idea, here’s some more: Amazon has just made automated Turing tests obsolete.
Witness Mechanical Turk, which creates an open market for humans to solve tasks which are “extraordinarily difficult for computers, but simple for humans to answer.” Sound familiar? It was already a known fact that spammers had used cash (not to mention porn) as an incentive to get people to solve CAPTCHAs. Mechanical Turk now disintermediates the spammer-to-solver equation.
I would say that this is a decent way for blind users to get someone to solve a CAPTCHA that is in their way. But I know how things are going to go: spammers will use Mechanical Turk in droves, flooding it with high-value Turing tests. They will load the system with tests, something which will be particularly easy for them to do since it has hooks to Amazon’s Web Services API. They will often masquerade as blind users to attract sympathetic solvers. And they’ll offer the vast majority of the tasks on the site, at low prices, which will threaten the community of solvers unless Amazon gets involved in a serious way to weed them out pre-emptively. In essence, Amazon will have to be able to disqualify CAPTCHA-collectors worldwide, and make it stick, in order to keep solvers coming back, and major Web companies from suing Amazon for contributing to their access-control problems.
In other words, this whole thing, cool as it seems, is doomed from the start. But it’s going to take visual Turing tests along with it. No matter how hard the tests are to solve, Mechanical Turk is a magic bullet for anyone who wants to pay to get past it. It’s not as threatening for bloggers (who shouldn’t be using CAPTCHA anyway, since Bayesian filtering is as effective and less obtrusive) as it is for the Hotmails, Googles and Yahoos of the world, whose resources are worth much more than a ten-cent investment in solving a Turing test. It’s just a much easier method for attacking a weak authentication scheme.