This is just one of the stories from our “I’ve Always Wondered” series, where we answer all your business questions, big and small. Have you ever wondered if recycling it’s worth it? Or like private labels stack against Brand names? More from the series Here.

Listener Jake Raskob asks:

Why does CAPTCHA still exist? Some websites require a response to verify human users and block automated bots. Overcoming these challenges often feels like a waste of time and money. Can’t current artificial intelligence technologies “prove” (to a computer) that they are human?

To prove to the internet that you’re a real person, you might have to correctly identify all the fire hydrants in a photo or turn an animal to make sure it’s facing the right direction.

This often frustrating and time-consuming test is known as CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Solving an image-based CAPTCHA test can take 15 to 26 seconds, according to a recent study.

“The original idea was to prevent spam and fraudulent account creation. For example, one way to send spam could be to create 10,000 Gmail accounts,” said Chester Wisniewski, director and global field chief technology officer at cybersecurity firm Sophos. “Corporate email filters won’t block Gmail because they would block too many legitimate emails. So the criminals always want to mix their behavior with authentic behavior.”

CAPTCHAs are inconvenient at best for most visitors and can make the internet less inviting for people with impaired hearing or vision. In many cases, they can be overcome by cybercriminals with the right know-how.

But we will continue to see them because websites are desperately trying to combat spam, Wisniewski said.

New versions of CAPTCHA only work for a short time because malicious actors eventually find ways to solve them, he said. If you want to prevent robots from taking over, you have to define what it means to be human. This existential question has plagued us for millennia.

“With modern, advanced AI, it is becoming increasingly difficult to determine whether something is real,” said Wisniewski.

Wisniewski said any alternative to CAPTCHA he can think of would worsen user privacy. “The only real solution would be to require everyone to have an ID card with biometric data and to have to show their ID every time they want to visit one of these websites,” he said.

A spokesperson for hCaptcha, a leading independent developer of CAPTCHA tests, said that while the tests cannot completely eliminate fraud and abuse on the Internet, they are still “a valuable tool for defenders.”

One drawback of some CAPTCHAs is that visually impaired people may not be able to see the text they must identify, Wisniewski said. But making the test more accessible could defeat the whole purpose of the test, he added.

For example, there could be an audio option that allows visually impaired users to hear the letters they need to type. “But of course it’s quite easy for a computer to hear something like ‘6347,’” Wisniewski said.

Some systems, such as Google’s reCAPTCHA v3, do not rely on sensory capabilities, creating “less friction for legitimate users,” a Google Cloud spokesperson said.

Instead, reCAPTCHA v3 gives users a score instead of a challenge. This score is based on your behavior, such as your mouse movements.

There is money to be made from verifying humanity: hCaptcha offers a basic plan for free, although website owners can pay around $100 for more sophisticated features under the “Pro” plan. Meanwhile, Google’s reCAPTCHA system offers up to 10,000 reviews per month for free. The standard reCAPTCHA plan costs $8 for up to 100,000 reviews per month.

This could be a long-lasting industry. As criminals continue to develop new methods to bypass CAPTCHAs, companies will need to come up with counterattacks.

“AI will continue to improve and both attackers and defenders will quickly adopt improved models. It’s a never-ending game of cat and mouse,” said the hCaptcha spokesperson.

There is simply too much money at stake for malicious actors trying to entrap people in financial fraud, Wisniewski said.