Humans are Stealing Jobs From Bots!
We’ve all heard the doomsday prophecies about robots taking all of our jobs, climbing up the corporate ladder and leaving us humans with mere scraps. Well, that’s definitely a possibility in the long-term; but at the moment it seems like it’s actually the robots who should be worried about their jobs being taken by human beings.
Wait, don’t leave yet! Let me explain where I’m coming from.
The Death of CAPTCHA
Bots are nothing new - they’ve been around for more than half a century. When it comes to the WWW, pretty much ever since someone decided to put their online service behind a registration form, someone else thought it might be a good idea to use bots to bypass that registration form, usually in order to obfuscate some kind of sketchy behavior or to abuse the limitations of a free subscription model.
At Webhose.io, our bot problem began about two weeks ago. Up until then, we were allowing users to open freemium accounts, which entitle them to make 1,000 API calls to our web data-as-a-service platform, with only their name and email account.
The reasoning behind this was that we wanted people to experience the platform firsthand, without harassing them with too many entry barriers - especially developers and students.
However, as we grew, and along with our tens of thousands of legitimate users who were leveraging the API for research, analysis, business, etc. - we began to attract a less agreeable crowd. We were seeing dozens of Webhose accounts being opened from generic, spammy-looking email addresses - albeit from valid providers such as Yahoo, Outlook, etc. - maxing out their freemium accounts before moving on to the next one.
Clearly, we were being attacked by an army of bots. Again, not a big surprise in itself, but I was somewhat perplexed because we did have the most basic security measure in place - namely CAPTCHA (or more specifically - Google reCaptcha), a mechanism that exists specifically to tell humans and robots apart and keep the latter out.
In case you haven’t been around the internet for the past decade or so, CAPTCHA is the annoying system that asks you to identify barely eligible text, select the street sign, etc. - with the idea being that these tasks are very simple for humans, but very difficult for bots. However, the bots attacking Webhose.io were strolling right past the CAPTCHA, probably having a hearty laugh as they went along. What was going on? Had bots outsmarted CAPTCHA?
The Human API
Investigating this issue led me down the rabbit hole of CAPTCHA solving services (no link because I have no interest in helping market these unsavoury vendors, but you can easily find them through Google), which I found to be kind of amazing.
Apparently, CAPTCHA was still a very effective system for keeping bots out. However, the hackers looking for ways around it have found a way to do so - by means of human labor. There are rooms full of people solving CAPTCHAs, and their services are being sold for just a few cents online.
What’s more, there’s an API connection! The very first result in Google offers various APIs with which to use this service, allowing you to automatically send solved CAPTCHAs through a variety of clients. Thus human labor is automatically put in service of massive account registration (by bots). Verifying email addresses wouldn’t cut it because the very same technique is used to create valid email accounts from legitimate providers, en masse.
And there you have it: instead of bots bypassing registration forms for human use, humans bypassing registration forms for bots. And it’s all done through a completely automatic, hands-free API.
Truly a worrying state of affair for thousands of soon-to-be jobless bots!
And I, for one, welcome our new bots overlords.
P.S.
What with all these bot troubles, we did have to tighten our authentication a bit - but creating a Webhose.io account is still free, doesn’t require a credit card, and is just a short form away. Go try it!