In the era of digital marketing and social media, the battle against click farms is more crucial than ever. These fraudulent operations deceive users and impact businesses by faking engagement, skewing data, undermining security, and damaging reputations. Here, we’ll shed light on the truth behind click farms, their legal and ethical implications, the complex challenges associated with them, and the tools and techniques to stop them in their tracks.

Key Takeaways

  • This article provides an in-depth look into click farms, their implications, and the legal and ethical challenges they pose.
  • Click farms are businesses that offer services to have a human step in to circumvent puzzle-based detection of automated threats like CAPTCHAs.
  • Kasada’s solution offers superior protection against click farm activities without disruption. It uses invisible sensors that can detect automated requests for enhanced security.

What are Click Farms?

Essentially, click farms are operations that employ low-cost, unskilled labor to aid bots in evading detection during automated attacks like credential stuffing. This approach allows them to minimize costs while maximizing the return on investment. To understand how they work, consider a scenario where a bot encounters a traditional CAPTCHA test. The request is forwarded to a CAPTCHA farm, where a real human solves the test and sends back the correct response. This allows the bot to pass the CAPTCHA test and gain access to the website or platform.

This deceptive practice can have serious consequences on businesses, enabling bots to bypass security protocols like reCAPTCHA Enterprise and carry out their malicious intent unimpeded. The legal and ethical implications of click farms are complex, as the use of CAPTCHA solver services can potentially breach a website’s terms of service and facilitate criminal activity.

The Business Model of Click Farms

Click farms operate as businesses, offering their services to clients who want to boost their online presence or harm competitors. They typically charge per CAPTCHA solve.

The costs associated with click farm services are fairly cheap, making them a favorite for financially motivated attackers. Depending on the type of CAPTCHA being solved prices range from $1 to $50 per 1000 solves and can be purchased and integrated with malicious automation through services like 2CAPTCHA.

Platforms Affected by Click Farms

Rather than targeting specific sites, click farms instead offer their services to solve CAPTCHAs and because the CAPTCHAs are being solved by legitimate humans, they are able to bypass any provider that leverages puzzles as a means of detecting automation.

As a result attackers are able to quickly and cheaply evade the detection of CAPTCHAs leaving business vulnerable to attacks like:

Click Farms and CAPTCHAs

Traditionally the approach to stop automated threats with a CAPTCHA was to build a puzzle that humans could solve but bots cannot. While modern bots are becoming increasingly better at solving CAPTCHAs on their own, CAPTCHA providers have had to make their puzzles more difficult. Rather than wait to continue their attackers while adversaries innovate to adapt to new and harder puzzles, they instead rely on click farms to ensure their attacks can continue undetected. The model of using a puzzle that a human can solve but a bot cannot falls apart when attackers use click farms to have a real human step in and solve the challenge. The only way to prevent click farms from allowing bots to bypass defenses is by not using a CAPTCHA at all.

Identifying Unusual Traffic Patterns

Click farm traffic is simply a by-product of automated attack traffic. Because of this, if you can detect unusual traffic patterns created from bots, you can better stop this malicious traffic before it gets to a CAPTCHA and calls upon a click farm to solve it.

Mitigating Click Farm Threats

To mitigate click farm threats, it’s necessary to implement advanced security measures like bot management solutions that safeguard websites and platforms from fraudulent activity.

Because click farms solely exist to help automated threats bypass CAPTCHAs you should look for an anti-bot solution that offers invisible detection, rather than one that allows click farms to solve a challenge thus allowing automated traffic through.

Adopting a CAPTCHA-less Approach 

CAPTCHA-less bot management solutions, can effectively combat click farm threats. These solutions:

  • Identify and block malicious bots by analyzing incoming digital traffic on a website, app, or API
  • Employ various techniques to detect and differentiate between legitimate and malicious bot activity
  • Block the malicious bots from accessing the web assets, thus safeguarding the website or application from potential harm.

A CAPTCHA-less bot management solution removes click farms from the equation. Not allowing attackers to simply leverage a real human at a click farm to bypass detection.

The Legal and Ethical Implications of Click Farms

Operating in a gray legal area, click farms raise legal and ethical concerns. These operations exploit human labor and deceive users, while potentially violating consumer protection laws. Laws and regulations governing click farms vary by jurisdiction, with some countries cracking down on these operations and others lacking specific legislation to address the issue.

Laws and Regulations Governing Click Farms

In the United States, click farms may breach certain laws associated with working conditions and unfair competition. The European Union has stringent anti-fraud laws that can be leveraged to counter click farm activities, and the Digital Markets Act (DMA) seeks to guarantee fair and open digital markets, indirectly regulating click farms.

In China, click farms are prohibited, and relevant laws are in place to combat them. In Australia, operating click farms may incur penalties, including fines of up to $31,300 (100 penalty units) for violating civil penalty provisions. Countries like India have implemented a range of laws, regulations, and enforcement measures to control click farm operations, including cybercrime laws and international cooperation.

The Human Cost of Click Farms

A black and white photo of a sign that says click and collect.

Click farms exploit human workers, often paying them low wages for tedious work, while providing false engagement to users and businesses. Some of the adverse health effects that click farm workers may experience include:

  • Long hours
  • Physically exhausting work
  • Exposure to high temperatures
  • Hearing clicking sounds even after work

These conditions can have a significant impact on the well-being of click farm workers.

These harsh working conditions and the deception of users and businesses by click farms highlight the need for greater awareness and action against this exploitative practice.

Real-Life Examples of Click Farm Operations

Real-life examples of click farm operations illustrate the ubiquity of this issue and its effects on businesses and users.

High-Profile Click Farm Busts

High-profile click farm busts reveal the scale of these operations and the efforts by law enforcement to combat them. In Thailand, three Chinese men were arrested for operating a click farm using hundreds of cellphones. Another large-scale raid in Thailand saw nearly half a million SIM cards and hundreds of iPhones seized. These busts demonstrate the ongoing efforts to dismantle click farm operations and protect businesses and users from their harmful effects.

The Impact on Businesses and Users

Click farms negatively affect businesses by circumventing defense put in place to protect itself and its users from online fraud.

Businesses can shield themselves and their users from the negative impacts of these fraudulent operations by leveraging security techniques that do not rely on CAPTCHAs to detect automated threats.

Why Kasada’s Solution Beats Click Farms

Kasada effectively combats click farms by forgoing the use of CAPTCHAs in favor of invisible sensors that detect and block automated requests. This innovative approach provides a more effective and user-friendly solution to combat click farms, ensuring a safer and more enjoyable user experience.

Kasada doesn’t use CAPTCHAs

Kasada’s approach does not rely on CAPTCHAs, which can be bypassed by advanced bots and negatively impact user experience. Instead, Kasada focuses on detecting and blocking bad bots without disrupting users, enhancing security and user satisfaction.

Kasada’s avoidance of CAPTCHAs results in a more effective solution that eliminates the ability to use click farms to bypass security.

Kasada’s Sensors are Invisible

Kasada’s invisible sensors detect automated requests without disrupting users, providing a solution that is not vulnerable to click farms.

Kasada’s dynamic detection that constantly changes and ensures the data integrity by preventing automated requests from leveraging faked data.


In conclusion, click farms pose a significant threat to businesses and users alike. It is crucial for businesses to understand the dangers posed by click farms and take action to reduce their impact. By implementing advanced security measures, such as Kasada’s bot detection and mitigation solution, businesses can safeguard their online presence and protect the integrity of their platforms.

Frequently Asked Questions

Are click farms legal?

Click farms are not illegal in most parts of the world, however the Chinese Anti-Unfair Competition Law (AUCL) prohibits the use of third-party services to give businesses an ‘unfair advantage’.

What is an example of a click farm?

A click farm is a large-scale operation employing real people and devices to bypass security solutions like CAPTHCAs.

How do click farms work?

Click farms are groups of low-paid and low-skilled workers, hired to solve CAPTCHAs on behalf of bots. Bot operators pay a fairly low cost to have a real human solve a CAPTCHA allowing the bot to continue its attack.

How much does a click farm cost?

CAPTCHA solves from click farms are fairly cheap, ranging from $1 to $50 per every 1000 CAPTCHAs solved.

What is a CAPTCHA farm?

A CAPTCHA farm is an automated service that provides a pool of human workers to solve CAPTCHAs via an API. This enables bot developers to bypass the challenge presented by the CAPTCHA form in order to access a site.

Want to learn more?

  • Why CAPTCHAs Are Not the Future of Bot Detection

    I’m not a robot” tests are definitely getting harder. But does that mean more complex CAPTCHAs are the right path forward to outsmart advancing AI and adversarial technologies?

  • The New Mandate for Bot Detection – Ensuring Data Authenticity

    Can the data collected by an anti-bot system be trusted? Kasada's latest platform enhancements include securing the authenticity of web traffic data.

Beat the bots without bothering your customers — see how.