CAPTCHA, Cookies, and Data Security

The action of the European Commission to strengthen data protection and enhance the rights of citizens by reforming privacy policies resulted in the creation of the General Data Protection Regulation (GDPR), taking effect 25th May 2018. This evolution in internet privacy and rights is a much-needed one after severe breaches in online privacy have been occurring in the past several years.

But before the General Data Protection Regulation—which concerns EU citizens, those under the European Economic Area (EEA), and those who interact with EU citizens—there were already several online security measures such as Cloud Encryption, Firewalling and the likes. But when explicitly referring to security measures in dealing with personal information, the most common of all would be to prevent users from adopting weak passwords by requiring them to use alphanumeric, case-sensitive codes and special characters. Aside from this, the next primary security measure would be to use two-factor authentication, two-step verification or a multi-factor authentication tool which requires further details necessary to proceed with your intentions.

It is through this two-factor or multi-factor verification that people are asking whether tools such as CAPTCHA and reCAPTCHA and even the use of Cookies are compliant to GDPR. For as the GDPR requires, users should first be given the option to consent on data collection and where these shall be used, before providing their personal information for the website owner and third parties to use. It is because of that, doing site maintenance through fixes and updates are necessary not only to fulfil GDPR requirements but more so to keep the websites in top shape and therefore incorruptible and invulnerable to security breaches where possible.

Completely Automated Public Test to tell Computers and Humans Apart, or most commonly known as CAPTCHA, is a system which differentiates humans from computer bots and blocks the latter from accessing forms and getting inside the system. The differentiation is done through a challenge or a series of tests with numbers and images that only humans and not bots can read, understand and solve.

A CAPTCHA can be used in a lot of ways, but its two primary purposes include Blocking Spam Mails and Blocking Spam Comments. Spam Mails are those unsolicited bulk messages that usually use email addresses gathered as part of distribution lists. Some spammed emails and comments are legitimate, but most are from fake businesses whose intention is to harm the email recipient be it by spreading a computer virus or by luring the person into a scam such as Fraud.

There are various types of CAPTCHA available so that bots with the intention to spam your email won’t be able to recognise a particular pattern in the software or the plugin that shall make them breach security. From Mathematical Equations to Alphanumeric Characters and Image Recognition, all these CAPTCHAs are to eliminate submissions by computers from humans ones and safeguarding data, especially submitted personal information. Some types of CAPTCHA include the following:

On the other hand, reCAPTCHA s a web service created by Google which serves the same functions as a CAPTCHA but with the addition of being able to assist in the digitisation of text, an annotation of images, and in building datasets for learning machines. This system evolved from the Distorted Word or Number with the Audio Option, to the I’m Not a Robot option which is now more commonly known as the No CAPTCHA reCAPTCHA by Google.

Another method commonly used by websites are Cookies which is a small tracking identifier so companies can  gather information and form statistics so that websites can display a customised or a personalised view for their users. When a user goes online and does its searches, the web browser will gather information and check Cookies for websites that the user visits so that they can create a personal profile that can be used for things such as advertments to the user upon its next visit.

Cookies do not scan your computer to gather information, but they can store data from what a user inputs through forms they submit in a website. It is because of this that websites have pop-up notifications to alert users and give them the option to consent to their site’s use of Cookies and to where data can be shared with and used afterwards.

Cookies are also used for efficiency—mainly to make websites function properly by allowing a site to cross reference choices and options a visitor has selected so as to create a user-friendly web experience. Aside from that, websites also use Cookies for Business Analytics so that they can be used study the data and improve on their services; such is the case of Cookies used in the European Union as guided by GDPR.

Without the use of Cookies most sites would not be able to remember things such as previous visits you have made or viewing patterns to see what you are interested in. Every visit you make, without a Cookie, would be ‘new’ to the site so it could not assist you with things like remembering usernames and such.

CAPTCHA, reCAPTCHA, Cookies, and similar tools can be tools for data security provided that they administer options for consent before proceeding with gathering data for their two-factor authentication, their multi-factor verification, or for their personalised content. As long as CAPTCHAs are kept updated with the latest dynamic versions, they tool can surely serve as the front line of defence when it comes to computer bots wanting to access personal information which they can use for malicious or harmful purposes.

With the continuous research and development to make the online experience a user-friendly one while still safeguarding data privacy and security, Google’s No CAPTCHA reCAPTCHA can still be used as tools for data security since the system still fulfils its primary function which is to differentiate between humans and robots so that it can block spam comments and spam emails. But when talking about No CAPTCHA reCAPTCHA as the perfect program to use for data security, Google still has some points to improve on especially in terms of disclosing information before having users consent to their features.

So long as users are given information as to what types of Cookies are used by browsers and to what extent these are used, Cookies can be considered as tools for Data Security since websites tailor their search results or their advertisements to only things that the user is concerned with and therefore lessening the probability of encountering harmful points in the internet. Users should be given the option to opt-out of using Cookies so that the site wouldn’t leave a trace behind that could used to run an analytics of sites visited or such (think banking portals!).

Having these security measures do not guarantee invulnerability when maintenance or updates to these tools and features are not checked regularly and implemented correctly. Site Administrators must do regular updates to these software or plugins as necessary, especially since new updates are done for the purpose of patching problems which deal with protecting the system , visitor privacy and safeguarding your security.

When using CAPTCHA—especially one that is free and not from a paid program—it is necessary to be aware of what the plugin can cause when not properly maintained. When CAPTCHAs expire, need updates, or are experiencing errors, a website is vulnerable to computer bots which can spam comments and send spam emails. Due to this, it is necessary for website owners to have their sites updated to avoid threats to security. This includes making sure that the implementation is dynamic and changes – not just asking the same question every time like ‘what is 1 + 1?’

When building a website, it is necessary to have your software and your plugins match the platform from where your site is built so that a website will not only be structured and functional, but it’ll also be secured and protected. In WordPress, using a CAPTCHA is highly recommended for it not only secures your forms, it reduces administration of ‘spam’ comments and entries and keeps any statistics ‘clean’. In WordPress, CAPTCHA can be used in Contact Forms, Registration Forms, WordPress Login, and Password Recovery for example.

At Bureauserv, not only do we do website maintenance but we also make sure that existing and new websites are equipped with the appropriate tools necessary for correct operation and SEO friendly. Our various packages cater to different degrees of site maintenance but all with the intention of having your website be up to date with the latest versions of programs, plugins and the like. We ensure that we are subscribing to the latest features and tools to make sure that the websites we manage are not only SEO or user-friendly but are also secured.