The August 2010 CAPTCHA paper from computer scientists at UC San Diego made it's way to NPR's Weekend Edition on Sunday. Listen to the story, "Spammers Use the Human Touch To Avoic CAPTCHA"
The paper referenced in the NPR story is below:
Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context, by Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage from the Department of Computer Science and Engineering (CSE) at UC San Diego, published in Proceedings of the USENIX Security Symposium, Washington, D.C., August 2010.
Savage talks big picture about CAPTCHAs and hits one of the findings from the paper:
"On the one hand, CAPTCHAs do not keep the bad guys out, but at the same time, they actually are effective at keeping the problem in control," Savage says.
Below is the abstract to the paper Re: CAPTCHAs -- Understanding CAPTCHA-Solving from an Economic Context:
Reverse Turing tests, or CAPTCHAs, have become an ubiquitous defense used to protect open Web resources from being exploited at scale. An effective CAPTCHA resists existing mechanistic software solving, yet can be solved with high probability by a human being. In response, a robust solving ecosystem has emerged, reselling both automated solving technology and realtime human labor to bypass these protections. Thus, CAPTCHAs can increasingly be understood and evaluated in purely economic terms; the market price of a solution vs the monetizable value of the asset being protected.We examine the market-side of this question in depth, analyzing the behavior and dynamics of CAPTCHA-solving service providers, their price performance, and the underlying labor markets driving this economy.