As I browse the web in 2025, I rarely encounter captchas anymore. There’s no slanted text to discern. No image grid of stoplights to identify.
And on the rare occasion that I am asked to complete some bot-deterring task, the experience almost always feels surreal. A colleague shared recent tests where they were presented with images of dogs and ducks wearing hats, from bowler caps to French berets. The security questions ignored the animal’s hats, rudely, asking them to select the photos that showed animals with four legs.
Other puzzles are hyper-specific to their audience. For example, the captcha for Sniffies, a gay hookup site, has users slide a jockstrap across their smartphone screen to find the matching pair of underwear.
So, where have all the captchas gone? And why are the few existing challenges so damn weird? I spoke with cybersecurity experts to better understand the current state of these vanishing challenges and why the future will probably look even more peculiar.
Bot Friction, Human Frustration
“When the captcha was first invented, the idea was that this was literally a task a computer could not do,” says Reid Tatoris, who leads Cloudflare’s application security detection team. The term captcha—Completely Automatic Public Turing test to tell Computers and Humans Apart—was coined by researchers in 2000 and presented as a way to protect websites from malicious, nonhuman users.
The initial test most users saw online contained funky characters, usually a combo of warped letters and numbers you had to replicate by typing them into a text field. Computers couldn’t see what the characters were; humans could, even if most of us had to squint to get it right.
Financial companies like PayPal and email providers like Yahoo used this iteration to ward off automated bots. More websites eventually added audio readouts of the correct answer after receiving pressure from Blind and low-vision advocacy groups, whose members were indeed humans browsing the web but could not complete a vision-based challenge.
What if, rather than just a test to keep out bots, the challenge could generate useful data? That was a core idea behind the release of reCaptcha in 2007. With reCaptcha, users identified words that machine learning algorithms could not read at the time. This sped up the process of transferring print media into an online form. The tech was quickly acquired by Google, and reCaptcha was instrumental in the company’s efforts to digitize books.
As machine learning capabilities improved—and they learned to read funky text—online security checkpoints adapted to be more difficult for malicious bots to circumvent. The next iteration reCaptcha challenges included grids of images where users were asked to select specific options, like photos containing a motorcyclist. Google used the data collected here to improve its online maps.
