I just billed CloudFlare for making me click things all year to prove I am human. This article tells that story.
Fellow humans, when you are made by a website to click a bunch of things in a pop-up window to prove you are human, do you realize you are working for someone for free? This phenomenon, known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), is designed to differentiate between human users and bots. But what is really going on? CAPTCHAs are automated systems—a type of surveillance bots designed to manipulate your time to extract work and data. Bots are demanding that you prove you are not a bot, but they are also constantly updating a profile on you by requiring that you check in.
“Where are you now, human number ?”
[We at News i8 assume that something like a base-60 eight digit number identifies every human on the planet–such a code uses digits, upper and lower case characters. This system can give every human for many generations to come a unique number. World population may peak at 10.3 billion in the 2080s, so this identifier giving 1.656 trillion combinations, this eight-digit base-60 identifier system, would provide unique numbers for approximately 160 generations, covering about 4,317 years into the future from now. Back to our story… ]
Have you thought about the irony here (regarding CAPTCHAs)? Bots are demanding proof that you are not a bot! Have you considered how intolerable this situation is? Below is an overview of key points regarding the dehumanizing effects of CAPTCHAs.
The Dehumanizing Nature of CAPTCHAs
Ethical Considerations
– Exploitation of Human Effort: Why do you think you are clicking crosswalks, fire hydrants, busses, motorcycles and bicycles so much in CAPTCHA’s? We can reasonably assume that this information is very valuable for the makers of self-driving cars. In other words, when you complete that type of CAPTCHA, we believe you are likely doing work, unpaid work, for the self driving car industry. The concept of “CAPTCHA farms,” where human workers are paid to solve CAPTCHAs for highlights an ethical dilemma. Why are they paid when you are not? Users are essentially performing unpaid labor under the guise of security measures, further contributing to feelings of dehumanization[10][12].
– Privacy Concerns: The ways you move your mouse and click can be very unique and over time, this can form a digital fingerprint, identifying you as you move around the web. Some newer CAPTCHA systems track user behavior (mouse movements) or require persistent cookies to bypass challenges, raising privacy issues. Users must weigh the convenience of easier access against their right to privacy, which can feel like a coercive trade-off[13][14].
– Legal Ambiguities: While CAPTCHA farms may operate within legal frameworks in some jurisdictions, some engage in activities linked to cybercrime, such as data scraping and spamming. This complicates the legal landscape surrounding these operations and raises questions about accountability[18][19].
Philosophical Perspectives
– Humanity Under Scrutiny: Philosopher Antón Barba-Kay argues that CAPTCHAs force humans to perform acts of humanity in a mechanical way, which threatens the essence of what it means to be human. He suggests that these tests reduce complex human experiences to rote tasks that machines can also perform, leading to a sense of obsolescence for humans in digital spaces[1].
User Experience Challenges
– Frustration and Abandonment: Many users find CAPTCHAs to be frustrating and time-consuming. Complex challenges can lead to abandonment of web pages, as users may leave if they cannot solve a CAPTCHA after several attempts[2][4]. This frustration is compounded by the increasing difficulty of CAPTCHA tasks, which can feel laborious and unnecessary. This not only affects user experience but can also impact businesses by reducing “conversion rates” (getting your email address, getting sales from web visits.)
Ineffectiveness Against Bots: Despite their intended purpose, many CAPTCHAs are increasingly ineffective against sophisticated bots. This raises questions about their actual purpose (eg. training models for self-driving cars), as users are left to navigate frustrating challenges that may not even serve their purported security purpose[10][12].
Accessibility Issues
– Exclusionary Design: Traditional CAPTCHAs often pose significant challenges for individuals with disabilities, particularly those with visual impairments or learning disabilities. Although audio alternatives exist, they still do not fully address the accessibility concerns raised by various user groups[4][8].
– Cognitive Load: CAPTCHAs can impose a heavy cognitive load, particularly for users with learning disabilities. Complex instructions and ambiguous tasks can make it difficult for these individuals to complete the challenges, leading to negative attitudes towards the technology[10][11].
Economic and Labor Concerns
– Uncompensated Labor: The use of CAPTCHAs has sparked discussions about the nature of online labor. A class action lawsuit against Google highlighted concerns over users performing unpaid work by solving CAPTCHAs, which raises ethical questions about how these systems exploit human effort for corporate gain[3].
Technological Implications
– Evolving Bot Detection: As bot technology improves, traditional CAPTCHA methods are becoming less effective at distinguishing between humans and automated systems. This has led to a scenario where the very purpose of CAPTCHAs is undermined, as many bots can now easily bypass these barriers[9].
Societal Reflections
– Digital Dehumanization: The reliance on CAPTCHAs reflects a broader trend in which digital interactions prioritize efficiency over genuine human connection. This transformation risks reducing individuals to mere data points or automated responses, stripping away the nuances of human identity[7].
The current landscape of CAPTCHA usage on the web showcases a variety of providers and their respective implementations. Here’s a breakdown of the total CAPTCHAs employed online by source:
Who is to Blame for CAPTCHA Usage? Breakdown by Provider
Approximately 14.96 million websites utilize CAPTCHA technologies across the internet[20].
1. Google reCAPTCHA: – Over 13 million websites use Google reCAPTCHA, making it the most widely adopted CAPTCHA solution[23][24]. For reCAPTCHA v2: Utilized on more than 10 million sites. For reCAPTCHA v3: Implemented on just over 1.2 million sites, focusing on a more seamless user experience without visible challenges[23].
2. hCaptcha: – Gaining traction as a privacy-respecting alternative, hCaptcha is increasingly used but specific numbers are not detailed in the sources. It is noted for its focus on user consent and data protection, appealing to privacy-conscious website owners.
3. Prosopo Procaptcha: – Emerging as a leading provider in 2024, Prosopo emphasizes user privacy and offers innovative solutions that balance security and usability. Exact usage statistics are not provided but it is recognized as a significant player in the CAPTCHA market[21][24].
4. DataDome: – While specific site numbers are not mentioned, DataDome is highlighted for its efficient bot protection and user-friendly CAPTCHA solutions, indicating a growing presence in the market[23].
5. Cloudflare Turnstile: – Although specific usage figures are not available, Cloudflare Turnstile is noted as an alternative CAPTCHA solution that aims to provide user-friendly experiences while preventing bot interactions. Turnstile operates in the background, using a series of non-intrusive JavaScript challenges based on user behavior and telemetry. This means users typically do not have to interact with visual puzzles, significantly reducing friction during their web experience. Users who use a VPN may still need to check a box, however. This takes work too.
The CAPTCHA landscape is dominated by Google reCAPTCHA, which accounts for the majority of implementations across the web. Other providers like hCaptcha and Prosopo are gaining ground, particularly among users seeking enhanced privacy features. The overall trend indicates a significant reliance on CAPTCHA systems to secure online interactions against automated threats while striving to improve user experience.
Who Invented CAPTCHA?
The human person in charge of Google reCAPTCHA is Luis von Ahn. Luis Von Ahn is the genius CEO tricking the world into doing his work[35]. He is a co-inventor of both CAPTCHA and reCAPTCHA and is also the founder and CEO of Duolingo, a popular language-learning platform. Luis von Ahn developed the original CAPTCHA concept while at Carnegie Mellon University and later created reCAPTCHA, which was acquired by Google in 2009[27][33][35].
In 2007, von Ahn invented reCAPTCHA, a new form of CAPTCHA that also helps digitize books. In reCAPTCHA, the images of words displayed to the user come directly from old books that are being digitized; they are words that optical character recognition could not identify and are sent to people throughout the web to be identified. ReCAPTCHA is currently in use by over 100,000 web sites and is transcribing over 40 million words per day.[36]
Below is Luis von Ahn‘s TED talk on how to make learning more fun. In it he admits that most of the money from Duolingo comes from people paying to turn off ads. What a surprise. People hate ads.
[ I hate ads. Getting away from ads are one big reason I created this web site, newsi8.com, as an ad free place. I do not make you pay to avoid ads, I just don’t put any on this site. Mine may be one of the few ad-free web sites on the Internet which does not ever ask for donations. The only other great site I can think of with zero ads is archive.org. The Internet Archive provides free access to a vast collection of digital content without ads, funded primarily through institutional support and grants. Back to our story… ]
Luis von Ahn admits that Snapchat, TikTok, Instagram and other social media apps on cell phones are some of the most addictive digital drugs ever created. [ Spot on. I am currently off of all social media apps. I kicked the habit … again … for now …] Luis von Ahn is very aware of digital exploitation and how it works. He’s an intelligent man who looked at the reality of our technology, cognitive and social situation and, from one perspective, he joined in on the exploitation party. CAPTCHAs are his contribution.
How can I Thank Luis von Ahn for Inventing CAPTHAs?
According to ChatGPT, to contact Luis von Ahn regarding ways to stop exploiting humans with CAPTCHAs, by replacing them with some invisible technology or whatever, you can use the following contact information:
1. Email Him: You can reach out to him via email. His email addresses include biglou@gmail.com and luis@duolingo.com. A thoughtful message expressing your gratitude for his contributions to technology and online security would be appreciated.
2. Write a Blog Post or Article: Consider writing a blog post or article about the impact of CAPTCHAs and how they have shaped online security. Mentioning Luis von Ahn and thanking him in your piece can be a meaningful way to acknowledge his work publicly.
Surveillance State
One thing CAPTCHAs have enabled is our current surveillance state. Be aware that in 2024 everything is monitored by a constant flow of telemetry from countless devices and sensors, not to mention eyes in the skies. It is down to everyone at this point, with a cell phone or not, being a dot on a map in real-time with an amazingly complete personality profile, health, politics, sexual orientation, religious views, contacts, everything, even current mood forecast and expected behaviors for the week.
Would-be independent revolutionaries: don’t bother. You aren’t going to change the way things online in any meaningful way because constant monitoring and social engineering will prevent that. If you want to self-destruct by thinking of doing something negative, you are a fool, and you will learn just how locked down the world is, if you go off. However, if you can, instead, come up with a constructive way to get rid of CAPTCHAs, like inventing some better technology where humans are not exploited, please do!
How to Reduce CAPTCHAs
- Rotate User-Agent Strings: Changing the User-Agent string in browser settings can help disguise automated requests as legitimate user traffic. This tactic can reduce the chances of being flagged by websites that use CAPTCHAs.
- Engage with Websites Responsibly: Avoid rapid-fire requests to websites, as this behavior is often associated with bots and can lead to CAPTCHA prompts. Instead, interact with sites at a more moderate pace.
- Provide Feedback: If possible, provide feedback to website administrators about the user experience related to CAPTCHAs. Highlighting the frustration they cause may encourage site owners to explore more user-friendly security measures.
- Use CAPTCHA Alternatives: Advocate for websites to implement alternatives to traditional CAPTCHAs, such as honeypots or advanced bot protection solutions that do not require user interaction. These methods can effectively block bots while preserving a smoother experience for genuine users.
Billing CloudFlare for My Work
Here’s my angle on this annoyance. If you are prompted to solve CAPTCHAs approximately 5 times a day, you would spend around 16.22 hours over the course of a year dealing with these verifications. My hourly rate for 2024 is $250/hr so I’m sending CloudFlare an invoice, my bill for $4,055.00. What address would I send the Invoice to? I tried a few and found an email address that worked.
Added wrinkle: In California, employers cannot legally pay employees for work periods shorter than two hours, even if the work is done online. I am attempting to be fair. If I were to bill Cloudflare for completing only one of these challenges per week, at the 2 hours lawful minimum employment, that would be 52 weeks * 2 hours or 104 hours. At my rate of $250/hr, this is a total of $26,000.00 for 2024.
Invoice #9472024
Issue Date: December 17, 2024
FROM
(My Address)
TO
CLOUDFLARE INC
One Penn’s Way
New Castle, DE 19720, USA
Dear CloudFlare (Accounts Payable),
As a free citizen of the United States of America, I am entitled to compensation for my labor. I work as a technical consultant. The requirement to click your verification system an average of five times per day to use the World Wide Web for my work and hobbies (eg. on sites such as perplexity.ai) has amounted to 16.22 hours of labor on my part which has benefited your company in allowing you to determine for your clients that I am human. My current labor rate is $250/hour and thus I am including for your convenient payment, this invoice.
Time per CAPTCHA: On average, completing a CAPTCHA takes about 32 seconds [ from your blog https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/%5D. I spend a good deal of time online and I complete your challenges an average of 5 times per day. This is how I determined my having done 16.22 hours of work for the 2024 year (Dec 15, 2023 to Dec 15, 2024). This proof of humanity is particularly demeaning, distracting and mind-numbing work as well, so I am charging my full rate. Just as your customers like GoDaddy appreciate your services, I assume you appreciate my service to your business, as evidenced by your continuing to provide me with work opportunities to complete your web challenges.
I believe this is more than fair. If I were, for example, to bill Cloudflare for completing these challenges during one 2 hours lawful minimum online employment period in California, that would be 365 days * 2 hours or 730 hours, and at my consulting rate of $250/hr, a total of $182,500.00 due for my online consulting services. This hardly seems reasonable, however, so I will cap this Invoice at 16.22 hours, on the assumption that I have a legal right to provide 713.78 complementary hours to CloudFlare as part of my consulting service.
Thank you for prompt payment. Please note that Late fees of 1.5% per month will apply after 30 days.
Service Provided: Human Verification
Time Period: December 15, 2023 to December 15, 2024
Hours Worked: California Legal 730 hrs – Minus Discount = 16.22 billed hrs
Rate: $250/hr
AMOUNT DUE: $4,055.00.
Please send payment via PayPal to (my billing email)
Hi Enterprise Customer,
Thanks for reaching out to Cloudflare Accounts Receivable Department. The following ticket (334826) has been created for the Cloudflare Accounts Receivable Department.
If you are requesting your invoices or requesting to update your billing email and you are not a Cloudflare reseller, you can now download your associated invoices and update your billing email from your Cloudflare dashboard:
1. Log in to your enterprise Cloudflare account on the [Cloudflare Dashboard](https://dash.cloudflare.com) as a user with an admin role.
2. Select the account.
3. Under the top-right corner, click [Billing] (https://dash.cloudflare.com/?to=/:account/billing) to see your associated invoices.
If you have a different inquiry, we’ll review your email and get back to you in within 48-72 hours of the creation of the ticket.
To add additional comments, REPLY-ALL to this email.
Best,
Cloudflare AR
Playing with ChatGPT, here is an imagined next reply from Cloudflare. What do you think? Is this what I should expect next?
Cloudflare’s Accounts Receivable Department acknowledges receipt of the invoice and provides the following automated response:
Subject: Invoice Receipt Confirmation – Ticket #334826
Hi Enterprise Customer, Thank you for your submission regarding Invoice #9472024. A ticket has been created for our Accounts Receivable Department to review your request. For inquiries related to invoices or billing updates, please log into your Cloudflare dashboard where you can manage your billing information directly:
- Log in to your enterprise account.
- Select the account.
- Navigate to the Billing section to view associated invoices.
If your inquiry is different, our team will review your email and respond within 48-72 hours. To add more comments or questions, please reply to this email. Best regards,
Cloudflare AR Team This structured approach ensures clarity in communication regarding the services provided and the expectations for payment while also detailing how Cloudflare handles invoice inquiries.
Well, hopefully they won’t send a robot done out to my place to release a box of skunks or something. These big companies can be pretty inventive.
Conclusion
The dehumanizing effects of CAPTCHAs highlight significant tensions between security measures and user experience. As technology continues to evolve, there is a pressing need for more humane approaches that respect user autonomy while effectively addressing security concerns. Engaging in discussions about these issues can help advocate for changes that prioritize both security and the dignity of users in digital spaces.
Read More
[1] https://news.harvard.edu/gazette/story/2024/04/are-you-a-human-select-all-that-apply/
[2] https://www.singaporebrand.com.sg/blog/how-captcha-affects-overall-user-experience/
[3] https://reallifemag.com/bot-or-not/
[4] https://auth0.com/blog/captcha-can-ruin-your-ux-here-s-how-to-use-it-right/
[5] https://news.ycombinator.com/item?id=28101336
[6] https://ux.stackexchange.com/questions/33211/does-captcha-really-affect-ux
[7] https://www.thepublicdiscourse.com/2023/08/89929/
[8] https://arxiv.org/html/2405.18547v1
[9] https://datadome.co/bot-management-protection/impact-of-captcha-on-user-experience/
[10] https://auth0.com/blog/captcha-can-ruin-your-ux-here-s-how-to-use-it-right/
[11] https://www.a11y-collective.com/blog/accessible-captcha/
[12] https://arxiv.org/html/2405.18547v1
[13] https://friendlycaptcha.com/insights/captcha-accessibility/
[14] https://www.w3.org/TR/turingtest/
[15] https://www.digital.govt.nz/standards-and-guidance/design-and-ux/accessibility/captcha-and-accessibility
[16] https://blog.pope.tech/2022/11/08/captcha-challenges-arent-accessible-but-your-website-can-be-accessible-and-secure/
[17] https://supertokens.com/blog/understanding-captcha
[18] https://www.verifiedvisitors.com/threat-research/captcha-farms
[19] https://www.arkoselabs.com/blog/human-assisted-captcha/
[20] https://trends.builtwith.com/widgets/captcha/traffic/Entire-Internet
[21] https://prosopo.io/blog/top-captchas-2024/
[22] https://developers.google.com/recaptcha/docs/analytics
[23] https://datadome.co/guides/captcha/recaptchav2-recaptchav3-efficient-bot-protection/
[24] https://prosopo.io/blog/what-is-the-best-value-captcha-in-2024/
[25] https://backdropcms.org/project/usage/captcha
[26] https://automationchampion.com/2017/09/27/using-googles-recaptcha-with-web-to-lead-form-for-spam-prevention/
[27] https://www.reddit.com/r/IAmA/comments/6bxr2v/i_am_luis_von_ahn_coinventor_of_captcha_recaptcha/
[28] https://cloud.google.com/recaptcha/docs/prepare-environment
[29] https://usercentrics.com/knowledge-hub/googles-recaptcha-what-you-need-to-know-to-be-gdpr-compliant/
[30] https://cloud.google.com/recaptcha/docs/create-key-website
[31] https://datadome.co/guides/captcha/how-does-recaptcha-work/
[32] https://developers.google.com/recaptcha/docs/v3?hl=en
[33] https://en.wikipedia.org/wiki/ReCAPTCHA
[34] https://www.simoahava.com/analytics/recaptcha-v3-server-side-tagging/
[35] https://thehustle.co/the-genius-whos-tricking-the-world-into-doing-his-work-recaptcha
[36] https://en.wikipedia.org/wiki/Luis_von_Ahn