"I’m Not a Robot”: A Blind Spot of Malaysia’s Costly Built COVID-19 Vaccine Registration System
Malaysian Covid-19 Vaccine Supply Committee（JKJAV）spent RM 70 million to set up a vaccine registration website, However, the website was crashed on May 26, 2021, due to a large volume of traffic right after the government opened the registration of the second dose of AstraZeneca's vaccine.
Users were hindered from registering for vaccines in various ways, like being unable to choose their locations because of computer crashes, and having to repeatedly submit applications and solve reCAPTCHA puzzles. People countlessly clicked the "I'm not a robot" button, and endlessly recognized numerous bridges, traffic lights, tractors, buses, cars from the image selection challenges.
As a result,people who set up an alarm clock for vaccine registration were all stood up by the website due to its vulnerable system. It's unknown whether people got the vaccine or not. Instead, it took nearly two hours to prove that "I’m not a robot."
Unsurprisingly, grievances are everywhere. Some people complain that it is too hard to get a vaccine; some say that the government only made a fool of Malaysians; people even complain about their "finger cramps". Quite a few people point out that although bugs are inevitable, there should be at least an emergency plan to avoid website and server crashes.
Software engineers of the website should think about the details of the content delivery network, server, web interface, and other details in advance, instead of letting netizens watch the suspended page constantly refresh, which will cause the server busier that already suffering highest traffic.
The consideration caused by this incident is not just about vaccine registration. In the era of science and technology, CAPTCHA has long been flooded with human daily life.
As reported by Cloudflare, a US-based technology company, it takes an average of 32 seconds for cyber users to complete a CAPTCHA, and there are 4.6 billion internet users worldwide. Assuming that each internet users sees a CAPTCHA every ten days, the sum of everyone's time spent on a single day to fight against bots and protect cyber environment equals up to 500 years.
Why do companies in the data age need to build a security system for websites to control web attacks? There are two main and plain reasons. Firstly, to protect your website and prevent database collision attacks; at the same time, it also protects users' personal information and gives users the ultimate experience. A complete interactive security service provider not only builds a safety net for enterprises but also has a mission to improve website user experience.
The internet also gave birth to a large-scale underground industry with its rapid development while providing convenience to human life. According to statistics, the number of employees in the underground industry was over 400,000 in 2015. However, CAPTCHA, as the first line of defense to protect network resources,should have ensured real users access to the internet and blocked out malicious activities in turn. Enterprises, governments, and major platforms or websites are all shouldering heavy responsibilities.
Comprehensive interactive security services are more important to protect website information and ensure user experience when daily purchases are carried out online.
Take the online shopping platform as an example, the information that consumers fill in when shopping online includes basic information like name, phone number, delivery address, credit card, online banking details, etc.Even if one false move would end in personal information leakage or monetary loss.
From the perspective of users, an online shopping platform with a security system would be reassuring for them to use without worrying about account security issues. From the view of online shopping platforms, a security system can not only ensure website resources security, but also offer analyses of website traffic and users behavior data, thus to obtain more accurate data for business expansion.
In addition to online shopping platforms, the same advantages and user experience apply to other platforms such as takeout, e-hailing, hotel, and air ticket booking, telecommunications companies, social media, banking, and finance, etc., for the same reason.
Pros and Cons of Replacing legacy CAPTCHA with CAPTCHA checkbox - convenient while sacrificing personal privacy
Looking back at the development process of CAPTCHA, the earliest traditional CAPTCHA is generally in simple and easy-to-understand forms that are no challenge for humans to distinguish the content, but extremely easy to be cracked by hackers.
With the improvement of the ability of machines to recognize pictures, CAPTCHA has been upgraded and renewed gradually. The text in pictures is distorted and interferes with the line of sight to avoid recognition by machines, but it is time-consuming and inefficient for humans.
(Image source: Imperva)
With the rise of "de-verification" technology, humans only need to “tick” a button to "prove" that they are not a robot, which is the common "I am not a robot" nowadays;
After checking, the system will follow up the user's current network situation to determine whether to "verify successfully" or continue to enter boring reCAPTCHA.Ticking is far easier than filling in, however, this ease comes at the expense of personal privacy. A huge number of users' IP addresses and behavioral data are leaked, and even become a tool for advertising traffic.
At the same time, users have mocked how boring the form of reCAPTCHA is, as seen by the Malaysian vaccination registration event.
If the CAPTCHA service of each company’s website could focus on user information security and improve the user experience, users can benefit from technical convenience and gain the ideal Internet experience.
Only the simple “check” action of a button proves that “I’m not a robot” ,the fact is that the calculation logic behind it is more complicated and the cost of this convenience is personal privacy.
(Image source: Google screenshot)
Slide CAPTCHA, a combination of both information security and high user experience
The traditional CAPTCHA can be easily cracked technically, meanwhile, the increasingly falling from grace of reCAPTCHA due to extremely worse user experience, hence, different from reCAPTCHA, "Slide CAPTCHA" of GeeTest was launched in 2012. The "slide CAPTCHA" technology initiated by the Chinese interactive security service provider GeeTest is the first to use biometrics and artificial intelligence to solve interactive security issues and lead the trend of verification reform.
"Slide CAPTCHA" means that users only need to drag the slider to simply complete the verification steps. (Image source: GeeTest)
According to the experience in the use of CAPTCHA, the confusing point is whether the more complex verification step, the safer the website. The answer is no. It is the technology behind the CAPTCHA product that matters. Take GeeTest slide CAPTCHA as an example, GeeTest analyzes the user's behavior,where a comparative analysis of humans and bot would be conducted based on human-bot behavior detection models, in order to block out bots and secure the website and its users.GeeTest has achieved a great user experience while ensuring the safety of the website.
Currently, a majority of companies and platforms are using Geetest's slide CAPTCHA service, including e-commerce brands Xiaomi and Nike, popular games like "Genshin Impact" of Mihoyo and “Rise of kingdoms” of Lilith, and banks, governments, universities, etc.
When it comes to GeeTest, the first impression always is a CAPTCHA provider. CAPTCHA is one of the most significant and representative products of GeeTest for sure, but in addition, GeeTest also provides a complete set of interactive and secure solutions for corporate websites and applications, including a network-wide joint defense system, huge real-time behavioral data, and powerful computing ability, etc.
GeeTest's business covers China, Southeast Asia, and North America markets, including internationally renowned brands. You may not have heard of GeeTest, but it has always been a reliable guardian of the network security of all brands in the world.(Image source: GeeTest)