I’ve recently done quite a bit of research around using CAPTCHA’s to protect against automated form submissions on web pages. Unfortunately CAPTCHA’s are a thing of the past and it’s my belief that interactive advertising is next big alternative.
CAPTCHA’s have been common place on logon and registration forms for almost a decade now. However recent research conducted by industry leaders has shown that CAPTCHA’s are no longer very effective. In fact, there are several company’s that now offer CAPTCHA solving as a service, where humans will solve them for pennies. In fact just this year Google’s Recaptcha service moved from a user input driven model to a completely data analytic model for verification. This change was largely because of one of Google’s own research fellows released a paper describing how to programmatically beat the recaptcha over 70% of the time.
So what’s next? It’s my belief that one of the new interactive advertising firm on the internet will likely soon pull through as a leader in automated form submission protection. This may sound like an unusual combination, but it really does make since. With the payouts for conventional advertising online dropping rapidly, due to increased add relestate, site owners are looking for more ways to supplement hosting costs. Advertisers are also looking for new ways to engage their audience and new social science research shows that getting people to interact with your brand makes them more likely to buy.
I guess the the other question is will interactive advertising really protect against programmatic form submissions and increase the overall security of said website? I believe if site owns force users to participate in the add and only process form submissions once they have validated with the adds API. It should still stop rapid form submissions from being processed and make it significantly harder for attackers to find injection vulnerabilities.
The only question that remains to be answered is will these interactive advertising provide enough entropy and data analytics to ensure that they can’t easily be solved or bypassed.