How Does “I Am Not a Robot” CAPTCHA Work?

This is how “I Am Not a Robot” CAPTCHA works.

Have you ever been suspected of being a robot?

So if you want to know why you have been mistaken with a robot, then you’re in the right place.

Let’s dig right in!

Table of Contents

All About “I Am Not a Robot” CAPTCHA

One of the best things about the Internet is that it’s almost limitless. We can find everything and anything on it. 

We can have fun. We can get bored. We can read interesting things or nonsense. It’s all about how we perceive information from different sources.

The World Wide Web is only one click or tap away. It’s the same for everybody, but not everyone has the same intent when surfing the net. Sometimes, some people want to use this incredible tool to do questionable things.

That’s where internet security comes in. The CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is only one of many methods that make the Internet just a little safer. It’s used for security purposes, but it can be quite annoying sometimes. 

So, how secure is the Internet, and what’s the purpose of CAPTCHA?

How Secure Is the Internet?

Security on an open free platform such as the World Wide Web is just a huge question mark. Of course, there are many protocols and software in place that aim to make it a little less dangerous, but it’s not all that bad.

One of the first methods that make websites secure is the HTTPs (HyperText Transfer Protocol secure). This means that when we visit a website that has this at the beginning of its address, the website is somewhat secure.

The HTTPs provides encryption for the data that’s in transit. So basically, when we visit an HTTPs link, our data cannot be grabbed by anything or anybody during the trip.

Close-up of a browser window showing lock icon during SSL connection.

Imagine ordering something online, and it’s on the naughty side of the net. Well, nobody but that website and you will know what you’ve ordered. Plus, the encryption adds security to your personal information as well.

Nevertheless, there are other real threats online. The HTTPs cannot deal with all of them. It simply provides an added layer of encryption to your data.

Let’s See What Kinds of Online Threats Exist

Listed below are a variety of online threats:

Computer Worms

These represent a program that copies itself from one computer to another in the network. It exponentially grows within a network by spreading itself onto other computers.

Most worms don’t cause direct damage to the files on the computer, but they do overload the network and consume a lot of bandwidth. Of course, there are worms that can cause serious damage as well.


We’ve all come across spam messages, whether it’s just unwanted emails and information that we don’t care about or harmful links in our email inbox that prompt downloads of malicious software.

You remember that Nigerian prince that’s your distant relative that only needs a couple thousand bucks, and in return, you get millions if you just send the money. Well, it’s not like that. This is much more serious. Don’t open links you receive from unknown sources.


It’s similar to the long-lost Nigerian prince relative scam. Phishing involves actual people, cybercriminals who send messages or trick us into visiting websites and revealing our sensitive information.

Credit card on a keyboard getting caught by fish hook.

The point of phishing is more or less the same as any other malicious activity on the Internet.


It all comes down to this category. Malware is software designed to damage computers, networks, files, and so forth. There are so many types of malware. You might have heard of some of them:

  • Trojans
  • Spyware
  • Adware
  • Ransomware 

These are just some of the most common threats out there. 

What do any of these have to do with CAPTCHA?

Bots and Botnets

Web bots or internet robots are automated software that repeats tasks that are scheduled or simply act at certain time intervals. These can be both good and bad for us.

The thing is that bots do tasks that are time-consuming and monotonous to us. Search engines have bots working for them that catalog everything on the web. 

Different types or new sources of information from websites, the values of different currencies at any given moment, changing weather forecasts, all of which are collected by bots.

This is how they work, and these are the good bots.

On the other hand, we have malicious bad bots because we have people who figured out these bad boys’ potential. There’s no telling what these can do.

Well, actually, there is. If there’s an unprotected device with a fault in its firewall, these bots install themselves onto it.

They’re bad because the person distributing them can spam you, do despicable things on your device, and basically control it. If you’ve ever heard of DDoS (Distributed Denial of Service), this also happens.

Another thing is when multiple computers form a botnet. A botnet is a network of infected computers controlled by a malicious person that wants to do illegal stuff. Bringing down businesses’ websites is part of it.

What Does CAPTCHA Mean?

The Completely Automated Public Turing test to tell Computers and Humans Apart is quite a long name, so CAPTCHA saves time.

It’s a tool, a test, that distinguishes humans and bots. There are challenges that a computer cannot solve no matter how advanced the AI (Artificial Intelligence) gets.

It originated from the Turing test, which is also known as the “Imitation Game.” It tests the ability of a machine to mimic intelligent behavior that’s similar to a human’s.

The main purpose of CAPTCHA is to identify bots, which is good for preventing false registrations or comments. In addition, it can limit fake account registrations, and it’s very useful to provide accurate polls.

How Does CAPTCHA Work?

The test works by getting you to interpret some type of information that is hard for computers to interpret. So, the CAPTCHA traditionally gave us some letters and numbers that are distorted or overlapped. Then, we have to submit them in order by typing them onto a form of some sort.

Now, as humans, we tend to easily recognize new patterns and apply our previous insight to most experiences. Thus, the test is easy for us. You know that because you’ve done it a ton of times.

Woman in the street, looking at her phone with a captcha page.

However, a bot sees a disrupted set of letters and numbers. It’s really difficult for it to recognize these because it works on set patterns that are part of its programming. If that set pattern is not their programming, then it can’t read it. That’s what makes it so difficult for them to overcome the test.

However, some bots use machine learning now, and they’re based on AI that uses pattern recognition algorithms. So, they can solve the test.

This is why it was necessary to develop more CAPTCHA varieties:

  • Mathematical problem test: Probably one of the first forms that most people have encountered. It represents a mathematical equation that needs a solution. We simply type in the solution, and voilà, we’re on the website.
  • Word problem test: This is the one that we described earlier. We need to retype the text correctly, answer a question, or do something similar that involves words. As bots continue to “learn,” these tasks are becoming easier and easier for them.
  • Time-based CAPTCHA: This is one of the best tests out there. It measures the time it takes somebody to fill out a form. If it’s instantaneous, then the test knows that it’s a bot, and it can’t access the site.
  • Social media sign-in: You know this one. This is the easiest and also one of the most secure ways of verifying that you’re human. Bots don’t have social media accounts. At least real bots don’t, so they can’t overcome this CAPTCHA.

Confident CAPTCHA vs. Sweet CAPTCHA

The Confident CAPTCHA uses images. You’ve encountered this one many times, usually on a daily basis.

It’s the one that says, “Click on the images that have cars in them.” The main disadvantage is that this one is terribly frustrating because you have to do it over and over if you fail the first time.

Also, it’s a good way to advertise. You can select the images for your website, such as click on every image that has a “your brand” sign on it.

The Sweet CAPTCHA is quite similar to the previous one. The tasks are more interesting because we have to do something related to the image shown to us. For example, there’s an airplane, and it asks you to put the appropriate luggage in it.

It’s still awful if you fail because you have to repeat it over and over, but it’s good against bots because the bots can’t perform this type of task unless they’ve been taught using machine learning.

Honeypot CAPTCHA

We’ve already mentioned bots that can be used to spam you. These spambots are also used to spam comments with links that will ultimately optimize the website of the person who created the spambots.

So, the person that got the spam bot working probably knows how to go through the previous CAPTCHAs.

But, a Honeypot CAPTCHA is one of the best solutions for our website. We can’t see it, and other users can’t see it either. It’s something in the code of the website.

The Honeypot CAPTCHA is the most convenient one because we don’t have to select all the images with the traffic lights, calculate anything, or rewrite the distorted text.

It’s simply a field placed in the form, and we can’t see it because of the programming, but the bots fill it out anyway, and this is how it gets them. No nasty spambots can trick this honeypot.


The reCAPTCHA test is actually another form of CAPTCHA. It was originally designed to both administer the Turing test and aid the digitization of books.

A lot of old manuscripts, texts, articles, journals, and books were handwritten or typed on a typewriter. Sometimes, it wasn’t easy to decipher the text, and this is where reCAPTCHA helped.

So, instead of only telling a website that you’re not a robot, you also helped digitize a piece of text. Well done!

This is how it worked at first. In 2009, Google acquired reCAPTCHA, and we’ve been in contact with all its versions ever since.

In 2013, Google reCAPTCHA became No CAPTCHA reCAPTCHA. This is the one that has a checkbox next to a piece of text that says, “I’m not a robot.” You simply need to check a box, and you’re in.

This type of CAPTCHA appears if you are evaluated as a low-risk user. There’s also a mobile version where you have to match images or find the images containing the item after we check the box.

The latest version of Google reCAPTCHA is similar to the Honeypot one if the website evaluates the user as very low risk.