Captchas te not meant to deter all bots. It’s meant to make it ever so slightly expensive that a mass DDOS attack would be extremely expensive to perform. Think like thousand sof requests per second, all being Captcha’d and how much it costs to run AI. It’s current not a feasible solution.
There is cheaper AI that can solve Captchas though, and it’s only gonna get cheaper.
It’s long been cheap enough that you can pay a call center full of people in a developing country to solve them for you. Going to be a while before AI is cheaper than that.
Having used them to protect a few web sites from spammers filling up forms, they do cut down on the bullshit. This makes things more convenient for the people reading the information coming in from those forms, but I sometimes wonder if it’s worth the cost of everyone else having to pick out the bicycles in the picture.
They can’t solve them a million times per minute though.
Also, captchas are meant to gather data to train on. That’s why we used to have pictures of writing, but that’s basically solved now. It’s why we now have a lot of self driving vehicle focused ones now, like identifying busses, bikes, traffic lights/signs, and that sort of thing.
Captchas get humans to label data so the ML algorithms can train on it, eventually being able to identify the tests themselves.
Now it’s making me identify developed pictures from a photo negative. I’m not quite sure what they’re going to do with that training since computers can already perform that task.
Also the “select the image below containing the example image above.”
Like… we already have computers that can recognize image repetitions.
So that’s almost certainly trying to gather data to defeat data poisoning. The other image is probably slightly altered in a way you can’t detect.
A common OCR tactic is to turn the image negative and bump the contrast to make text easier to recognize.
It could be a precursor for that step.
I believe this is why Google, and a few other companies, have started using behavioral analysis to figure out if you are human. Did your mouse wonder around the page before clicking to verify? Did you come from another website as if browsing the web? What device are you using and have you used it on this site before? Are you logged into an account? I’m sure they use many more factors, but it’s something that would be hard to replicate with bot behavior on a consistent basis (for now).
Apple and Cloudflare are using “Private Access Tokens”
Some negative implications for the open web I believe
Basically yeah, but that has been the case since almost the start of recaptcha. Fingerprinting just got so good to the point that the visual test was not even needed anymore.
deleted by creator
Case doesn’t matter
You mean to tell me I’ve been painstakingly pressing the shift key during captcha tests for YEARS and it doesn’t actually matter?
Listen to the audio, it never specifies case.
Ironically Lemmy captcha does
Wow, good catch!
*good captcha
so close…
I ALWAYS do the audio captcha. Fuck image clicking.
Usually, it doesn’t.
deleted by creator
Not most of the time anyway, I’ve seen a captcha from time to time that was case sensitive, but they’re uncommon for sure
It used to be that they paired a known word with an unknown word, and if you got the known word right you would pass no matter what you wrote for the unknown one.
I remember reading that somewhere (probably 4chan) figured out a somewhat high accuracy way to tell which was the control and which was the variable, and started spam solving them by correctly doing the assumed control but putting the same thing (knowing 4chan, probably a slur) for the assumed variable until the system got enough confirmation to move the word to the control rotation and started accepting the word for that. Can’t remember where so it may be unconfirmed
Unfortunately I was hooked on 4chan around the time. They called it “n… the captcha”.
deleted by creator
Depends on the case.
There may be some exceptions, but not usually.
Sometimes it does. It just depends on the programming.
Unix gang
I have an extension which solves most Captchas for me It does it better than me which is why I use it
You can’t drop information like that without posting links.
I’m was bracing for the Rick roll 😅 Thanks for the real link
My dog wants a link too.
Can I pet that dog?
I got that dog in me
Well what is it man???
Buster Captcha Solver for humans
If we are at the point where consumer grade plug is are better at these than humans, is the only reason these are still being used to give some slice of the population a false sense of security? Is it actually the users that want these?
It does still increase the cost of automating usage of those sites, which puts an upper limit to how they can be abused. We probably won’t be able to go back to no Captcha without seeing a large increase of spam, spoofing, scalping, and scraping. They would have to give up offering most kinds of free trials and other consumer friendly practices if the bots can just make new accounts at 1000 per second.
Computers have long since been able to defeat such captchas.
it’s the recaptchas that they should have trouble with. since it’s not just about finding the right picture, it’s also about the time between clicks, the way the mouse moves, etc.
They probably have some kind of randomizer for that nowadays.
It’s pretty simple to make. I built one for my last job to make it look like I was working.
but us humans aren’t truly random, we probably behave in similar ways to each other, but also have individual ‘fingerprints’. like the time it takes between keystrokes, or the length of time we spend holding the button on the mouse down while clicking. we could probably come up with a way of identifying someone based only on that kind of data. what was i talking about?
Not without enough context to know what time of day, if the person is ill, or a ton of other things that would make someone respond differently at different points in time.
The anti bot stuff is going to be looking for too much consistency, which is hard look for on its own before trying to look for some kind of ‘fingerprint’
reCaptcha never works for me. Probably something with thirdpartyisolation.enabled. Can’t snoop all the history and stuff.
Yeah, and a couple of people I know who were consistently reported to be robots because they’ve been shown captcha too much and as a result solved it too well. Which in turn led to more captcha and improved solving speed. Well, you see the problem, I guess
There’s a program called Xevil that can solve even HCaptcha reliably, and it can solve these first gen captions by the thousands per second. It’s been solving Google’s v3 recaptchas for a long time already too.
People who write automation tools (unfortunately, usually seo spammers and web scrapers) have been using these apps for a long time.
Captchas haven’t been effective at protecting important websites for years, they just keep the script kiddies away who can’t afford the tools.
Captchas haven’t been effective at protecting important websites for years, they just keep the script kiddies away who can’t afford the tools.
To be fair, keeping the script kiddies away has some good value. Whether that value outweighs all the wasted time and impact to sight/hearing impaired people is another discussion.
Decades not just years
Captchas are used by google as weapon now, if you dare to use a VPN and adblocker.
?
Lots of websites force capchas when on a VPN they don’t even have to be provided by Google. Rarbg for example forced a terrible captcha which I usually solved by using OCR with the OCR tool in powertoys. They letters were barely edited or fucked up at all.
Google now keeps you often in endless loop until you disable your VPN. This was never this bad.
It’s extremely bad if you come from a country like mine, Iran, where we have to use VPNs religiously in order to circumvent censorship and it has become painful to Google anything especially when you’re not logged into your Google account.
They appear to have degrees of blacklist. Usually when this happens if I get a new ip it resolved the issue.
Note that VPN users share IPs with other users and many of the people using the same IP may very well actually be doing malicious things. Not everyone uses VPNs for just “privacy”.
If you use the audio captcha it’s done in just one go. That’s been my experience at least after having been stuck in one too many endless loops with pictures.
Yeah I’ve completely switched to audio.
I just switched to duckduckgo, that seems to have fixed it
Ah alright. I never use Google search.
Yeah captchas are done. Soon they will be easier to figure out for AI than for humans.
This is why Sam Altman is doing his worldcoin thingy with the iris scanners. His idea: One iris (well, two…) is one real human. I’m sure this will be abused though and I absolutely vehemently don’t trust him with my biometrics so no way I will join that.
I think what we should do is just get used to the fact that the internet now consists of humans and AIs. Learn to take things with a grain of salt.
I certainly don’t wanna get Demolition Man’d
I’d honestly rather pay microtransactions for various websites than use biometrics ever.
Techno core!
Some disabled people have trouble with captchas, so these days you can download an extension where a robot solves the captcha for you.
I have trouble with the selecting the squares on the grid, for images that say select only crosswalks, bikes, etc. I hate that captcha. Is there a decent extension for firefox?
Buster can do reCAPTCHA: https://addons.mozilla.org/en-US/firefox/addon/buster-captcha-solver/
So close
This is why a lot of sites have moved to something more complex than text, like the weird “rotate this to match” stuff that LinkedIn uses.
Obviously not. He won a legal case for emancipation.
Good thing the Federation stuck to that!
“Actually there is a distinct difference between an android and a robot.”
Yup, Data did an “um, ackshully…”
The “puzzle” isn’t the test, the test uses your browser history, mouse activity, etc to identify you as human (or not). The puzzle is used to generate training data for ML models.
Lol, well maybe not your browser history. That would be bad.
Sure with a modern captcha framework that would be true. In this case, this looks like something that was custom rolled for their site so its pretty unlikely.
Oh, true, I didn’t look too close.
There’s a lot of misunderstanding in this thread about how captchas work.
What modern captchas examine isn’t actually your ability to solve the puzzle… It’s how you solve it. Things like mouse movements and how you type are big factors. So a bot would process for a moment, and then basically copy and paste in the answer, whereas as a human is going to type at a normal pace, often with pauses as they double check the details. Same goes for the click the tiles challenges. A bot will work through systematically, a human will bounce around, and their timings will be very different.
Captchas have largely been solvable by machines at a rate higher than humans for a long, long time.
It is very easy to train a model to behave like humans do by simply having a sample of human inputs.
Here is an article from august 2023 covering how much better machines are than humans at accomplishing captchas of many flavors. Sauce
I wonder how that works on a Japanese captcha. I know people have had issues shortly after moving but not knowing the language at all yet trying to set some things up.
With my troubles even with English ones they’d better just give me a knife.
We are happy to provide your knife, but first please prove that you are human by completing the incantation as written…
It got it wrong. That’s a lowercase “p.”
