the cups blog


SOAPS: Accessible voice CAPTCHAs for Internet Telephony


  • CAPTCHAs help protect services from automated requests
  • Internet Telephony (VoIP) is becoming popular -> risk of voice spam
  • Could CAPTCHAs be used to prevent VoIP spam?
  • Callers not on a whitelist or blacklist would have to prove they are human before calling a recipient

Research questions:

  • Can CAPTCHAs work as a spam prevention mechanism?
  • Can CAPTCHAs be adapted to telephony:
  • Wide variety of phones and networks
  • How will users react? Are solutions sufficiently usable and accessible?


  • Unknown callers diverted to CAPTCHA server, on pass transferred to actual call to recipient. Recipient can update access list to prevent future CAPTCHAs (or calls)
  • Note: John (initiator) doesn’t need any additional hardware or software.


  • Implemented test framework for Skype
  • 5-digit audio CAPTCHA with no distortions (ie, not secure, emphasis on testing user reactions)


  • 10 participants, varied length of instructions given to users as a subgroup condition (2 lengths)
  • Input methods: laptop keyboard and plug-in “mobile phone”


  • Most were surprised about the CAPTCHA (not informed ahead of time)
  • Majority of users passed on the first try
  • Users in short-instructions group made more mistakes
  • The overall grade of easiness was high
  • After multiple tasks, users’ “pleasant” grade decreased.

Usability challenges:

  • Becomes boring quickly, but skipping instructions takes extra instructional time.
  • Callers had difficulty comprehending all of the information at once (ie, * key to submit, # to reset).
  • What works with one device can be unusable on another (ie, gaps between digits needs to be large for mobile phone users).

Design improvements:

  • “Press any number key”, eg, when a certain sound is heard
  • “Press any key n times”
  • Redesign cancel function (or remove it and have user retry on failure)
  • Design instructions carefully, present in users native language. More information may be necessary, despite desire to limit length of interaction.

Next steps:

  • Test with different user groups: aged, non-native speakers of the CAPTCHA language
  • Is the CAPTCHA feasible for spam protection?


Q:Was the task digit-at-a-time or all digits at once?
A: Task was digit-at-a-time.