[HN Gopher] AI bots are now better than humans at decoding CAPTCHAs
___________________________________________________________________
AI bots are now better than humans at decoding CAPTCHAs
Author : geox
Score : 246 points
Date : 2023-08-17 12:47 UTC (10 hours ago)
(HTM) web link (qz.com)
(TXT) w3m dump (qz.com)
| wouldbecouldbe wrote:
| As far as I understand at least for Google's captcha. They mostly
| checks check mouse browser details, activity & reaction time to
| check if your human. The challenge itself is only a very last
| resort. Didn't they use that for training data at some point?
| atentaten wrote:
| This can be used to support the idea of requiring digital
| identification to access the internet.
| shric wrote:
| > The bots' accuracy ranges from 85-100%, with the majority above
| 96%. This substantially exceeds the human accuracy range we
| observed (50-85%)," the research paper read.
|
| Wait, did they use humans or computers to measure the accuracy of
| the solutions?
| vouaobrasil wrote:
| I get the feeling that newer generations of CAPTCHAs will no
| longer be trying to filter out bots from entering human-made
| sites, but humans from entering bot-made sites.
| brandonhorst wrote:
| It's nice that we named it so forward-thinking. Not a
| necessarily Completely Automated Public Turing test to Keep
| Computers Out.
| hinkley wrote:
| How good are bots at simulating human behavioral patterns these
| days?
|
| On my back burner I have a crowd-sourced data app and I keep
| wondering how I'm going to keep bots out. The ideas of shadow
| banning, throttling, or an approval queue for everything except
| known 'real' humans and new users that seem relatively human
| keeps popping up (eg, 2 approval queues for 'probably a bot'
| and 'probably not a bot')
| rgrieselhuber wrote:
| To be honest, it already feels like a resource denial effort.
| Reminds me of Paul Virilio's description of systems that
| deliberately inhibit human speed.
| IggleSniggle wrote:
| CAPTCHA is just usefully accidental punishment for evading
| surveillance capitalism while casually browsing the web.
| There are sites where getting through a CAPTCHA is literally
| impossible if you are using privacy controls, you just get
| stuck in an endless loop of CAPTCHA completion. But if you're
| "logged in" to the surveillance network, there's zero
| friction whatsoever.
| rgrieselhuber wrote:
| Indeed.
| rvnx wrote:
| Furthermore, we can easily imagine that in +/- 10 years,
| your device will ask you to "verify your identity" using
| your ID card and a selfie,
|
| and in return, you will get this juicy Web Environment
| Integrity token that acts like a key to unlock Captcha
| and pornographic websites.
| rightbyte wrote:
| Like the ordering kiosks at McDonalds?
| EGreg wrote:
| That's not hard to do
|
| There are always things computers do way better than humans.
| That's why they have been created in the first place!
|
| Anyway, what will the new CAPTCHAs consist of? If the answer is
| "nothing", then that's the age of AGIs
|
| The CAPTCHA can ask humans to do a non-trivial research task,
| like look up the latest news and give an opinion, or actually
| appear on camera etc.
| joseda-hg wrote:
| Both of those are prone to be broken by a reasonably good AI,
| plus verification of either would be too computationally
| heavy to be cost effective (Also likely involving AI)
| bandergirl wrote:
| That makes no sense. You just need an undocumented binary
| interface to keep most humans out, no need to create an HTML
| page and add a reverse-CAPTCHA.
| vouaobrasil wrote:
| I meant that in the future, most sites will be made by bots
| and using them will be too hard for most humans...
| firtoz wrote:
| But the humans keep reverse engineering our APIs and making
| beautiful UX on top of them
| hidelooktropic wrote:
| The very paradigm of gating by cognitive traits is inherently a
| fragile one when we are actively working to bring computers in or
| beyond parity with our own.
|
| We will probably rest back on the old ways of doing things where
| we use authentication and trust-building with verified accounts
| to throttle and gate what users get what privileges.
|
| The evolving coherence of stronger and less siloed identity
| attestation seems like an obvious way to go here, at least
| looking way back from the past where we are now.
| ChrisArchitect wrote:
| [dupe]
|
| Lots of discussion here 2 days ago (and that wasn't even the
| bunch of posts from a week ago)
|
| https://news.ycombinator.com/item?id=37133485
| ryandvm wrote:
| Simple solution: The humans are the ones failing the CAPTCHA
| Aerbil313 wrote:
| Captchas were doomed since the transformer AIs are invented
| anyway.
| jsnell wrote:
| Dupe: https://news.ycombinator.com/item?id=37133485
| jdlyga wrote:
| The goal of modern CAPTCHAs is to determine if the user is
| "acting like a human". Deciphering warbled, blurry text worked in
| the days when OCR was difficult. As we can see, that rule no
| longer applies. Now, it should be about making sure behavior is
| typical or atypical. Is this a human browsing the web, or is this
| a script using AI to pass captchas?
| siva7 wrote:
| The whole premise of captchas falls apart in the AI age and i'm
| glad not having to see anymore google captchas & co in the near
| future
| squokko wrote:
| I remember in the text captcha days there came a point where I
| just couldn't do them anymore. The letters were so distorted it
| would take me 10+ tries.
| klyrs wrote:
| I have stopped trying to get perfect scores on captchas. Instead,
| I've been testing to see how many errors I can get away with.
| This is a frivolous act of resistance, as the bots clearly don't
| need my help anymore.
| Vicinity9635 wrote:
| Yup. I deliberately half-ass it. Seems to work even better and
| faster than trying to get it perfectly correct.
| yieldcrv wrote:
| Same, I can mentally visually a heat map of what other humans
| would have clicked on the most and just do the most central
| elements
| modzu wrote:
| always have been
| TheMagicHorsey wrote:
| Good. Nobody likes captchas.
| ethanbond wrote:
| I like websites not filled top-to-bottom with spam though.
| wintermutestwin wrote:
| The only thing it seems that CAPTCHAs are good for these days is
| to discriminate against VPN users. There are several sites
| (including govt) that put me in an endless CAPTCHA loop.
| GaggiX wrote:
| I fortunately never had a problem using Mullvad VPN, only when
| using Tor.
| GhostWhisperer wrote:
| could it be you're leaking identifiable bits through the
| browser?
| GaggiX wrote:
| Are you talking about canvas fingerprinting and stuff like
| that?
| wintermutestwin wrote:
| On Mulvad as well and I have run into quite a few unusable
| sites.
| GaggiX wrote:
| I do not really have this experience and I wonder why, even
| when I use the Mullvad browser I do not have any problems.
|
| Can you give me an example of a site that is not usable?
| ChatGTP wrote:
| I can't use ChatGPT with mullvad
| throwuxiytayq wrote:
| I can't use ChatGPT, period. Their shit's completely
| falling apart. The iOS app has managed to degrade from one
| of the smoothest apps I've used to a literally unusable
| steaming pile of crap in a matter of weeks. Honest
| question, are they replacing their devs with an LLM?
| GaggiX wrote:
| I completely forgot there was an ios and android app,
| I've always used the browser to use it and to be fair the
| browser is always open so it's convenient.
| Vicinity9635 wrote:
| I get dinged all the time on Mullvad. I still love it tho
| super256 wrote:
| It feels like captchas are mostly to stop humans from creating
| multiple accounts by hand nowadays.
| mensetmanusman wrote:
| Websites should just ask us how we feel about flipped turtles.
| dreadlordbone wrote:
| But you're not helping. Why is that, Leon?
| verteu wrote:
| > reCAPTCHA: The accuracy [for humans] of image classification
| was 81% and 81.7% on the easy and hard settings respectively.
| Surprisingly, the difficulty appeared not to impact accuracy.
|
| I'm surprised, too. My solve rate (as a human) is <50% for
| reCAPTCHAs of the form "select all squares containing a
| motorcycle/bicycle".
|
| Does anyone have tips for solving them? (Is the rider part of the
| motorcycle? Should I select a mostly-empty square containing a
| single handlebar?) All I've determined is that the system prefers
| contiguous sets of ~6 squares.
| CalRobert wrote:
| Not sure but it drives me crazy when I have to knowingly
| miscategorize something because it thinks a motorcycle is a
| bicycle and vice versa.
| hinkley wrote:
| When the handlebar of the bicycle sticks into another square,
| am I supposed to select that square or not?
|
| How about the pole the stop sign is on?
| ChatGTP wrote:
| The moment your realise you are the stop sign, you are one
| with the universe.
| londons_explore wrote:
| There are still plenty of good captcha approaches left, they're
| just more invasive.
|
| Things like "please type your credit card number here and pay a 1
| cent fee".
|
| Or "send us a selfie with your passport".
|
| Or "Get 5 friends to vouch for you".
|
| Or "please log into a government website and oauth this app"
|
| Or "please log in with a gmail account that is at least 5 years
| old".
| naturalauction wrote:
| >Get 5 friends to vouch for you
|
| This approach is used by wechat, you can't make your own
| account and can only be invited by an existing user. I suspect
| that wechat has reached enough market penetration that this is
| now worth it.
| IshKebab wrote:
| Also Lobste.rs, which is why I am commenting here and not
| there.
| yieldcrv wrote:
| It was easy for me to find a Chinese national in San
| Francisco to verify me for WeChat
|
| There are tricky requirements for Americans
| JimtheCoder wrote:
| Are we just making lists of things I'll never do?
| hardware2win wrote:
| Good luck thinking im gonna give my paasport to random website
| badrabbit wrote:
| Or "turn on your webcam and say/do stuff"
|
| I have a feeling other humans verifying you mechanicalturk
| style one time is the future.
|
| But imho, the payment route makes sense and also this is the
| problem as random paywalled sites and web monetization. A cash
| equivalent bearer of token payment method is what is needed.
|
| 1) verify+lock funds 2) get bearer to pay funds or funds unlock
| in x minutes, cancelling the payment 3) token is presented to
| payment processor who will revoke the token, issue funds to
| payee with a new token matching that value paid 4) anyone
| holding that token can pay for stuff, you can just email or
| move tokens with usb drives or store them im a secure vault
| service
|
| I believe the main obstacle to solve so many web issues are KYC
| laws and lack of constitution amendment level laws that give
| the people right to trade using a bearer token (cash or not)
| and transfer funds peer-to-peer without a third party or
| disclosing their personal info (again, all like cash).
| mattnewton wrote:
| > Or "turn on your webcam and say/do stuff"
|
| Probably <1 year away from beating automated detection of
| this reliably and 2-3 in fooling humans a high % of the time
| economically. I was at siggraph recently where I think I saw
| a whole room of papers of people's approaches to doing just
| this problem of photorealistic faces saying arbitrary things.
| sarchertech wrote:
| If you're asking people to perform arbitrary actions on
| camera (not just speaking), generating that to a degree
| that is indistinguishable from video _in real-time_ is much
| more than 2 to 3 years away.
| mattnewton wrote:
| Who's verifying it though? 3d rendering won't fool humans
| but could be tuned to fool bots. Unless you have a
| massive library of possible actions these can be pre-
| rendered too.
| sarchertech wrote:
| The OP you responded to said "I have a feeling other
| humans verifying you mechanicalturk style one time is the
| future."
|
| I don't know if that's feasible, but that's the premise.
|
| >Unless you have a massive library of possible actions
| these can be pre-rendered too.
|
| Combinatorial explosion gives you a massive amount of
| actions. Hold your right ring finger between your left
| thumb and pinky and move it around in a circle.
|
| There's tools that you could use to limit what you had to
| prerender and it would be a cat and mouse game like
| captcha is today, but I think until we're at the point
| where you can completely replace an actor, and then you
| can do that in real time, picking out a real human will
| be possible.
| mattnewton wrote:
| I'd take the other side of that bet if it was stipulated
| that the 1 year start after this became a common captcha
| technique.
|
| People are working on generating animation on a rig from
| text prompts: https://www.motorica.ai/ It would be easier
| if we knew the prompts ahead of time and then we just
| render transitions.
|
| Real time-ness and a good deal of rendering fidelity can
| be mitigated by pretending to have crappy network
| connection once the prompt is given, unless you are
| comfortable excluding people without reliable internet.
|
| I think the bigger issue is probably with the premise
| though. This kind of video rendering is much more taxing
| but it's also much more taxing on the verification side.
| I can't imagine a company being able to do this at scale
| the way captchas are to defend against bots, you'd need
| an automated system on the frontline.
| sarchertech wrote:
| Most of the work going on with rendering people speaking
| isn't to defeat captchas, so you can't use the speed of
| that work to judge how fast people will be able to work
| to defeat a captcha. Also if it were in use people would
| frequently change the kind of actions they are asking
| for.
|
| >Real time-ness and a good deal of rendering fidelity can
| be mitigated by pretending to have crappy network
| connection once the prompt is given,
|
| Real timeless and rendering fidelity are the only part
| about this that isn't solved, so there's no real debate
| to have if those constraints aren't there.
|
| >unless you are comfortable excluding people without
| reliable internet.
|
| If this was a real thing, I will absolutely bet that
| companies would exclude people with unreliable internet
| once I becomes known that all scammers are pretending to
| have unreliable connections.
|
| "Please find a more reliable connection, or stop by the
| nearest Identity Check facility to authenticate
| yourself."
|
| >I think the bigger issue is probably with the premise
| though.
|
| I don't think this is likely to happen either. I think
| the most likely solution is trusted third party in person
| verification. Where I could see something like this
| working is if the third party verification service
| offered a 1 time remote verification process that
| functioned something like this.
| dragonwriter wrote:
| It also doesn't scale, in part because without extensive
| internal controls it is a major abuse vector in the other
| direction, and will dissuade legitimate users, so its of
| extremely limited potential utility.
| sarchertech wrote:
| No it doesn't but the existence was the premise of the
| discussion. I do think that something like this could
| happen if trusted 3rd party identification services start
| to pop up. But only as a 1 time verification with the
| option of doing a 1 time in person verification.
|
| Depends on how badly the given service wants to keep out
| bots as to whether they'll start requiring some kind of
| guaranteed identity check.
| jandrese wrote:
| Isn't this what Wechat does? On the mainland you have to give
| them your bank account information, have a friend vouch for you
| (and that friend will also be kicked off if you misbehave), do
| it on a real phone that you can shake in a specific way when
| asked, and have a government ID.
| ben_w wrote:
| > Or "send us a selfie with your passport".
|
| Bet that's vulnerable to Stable Diffusion in-painting.
| mattnewton wrote:
| Bots can do credit card transactions today, generate selfies
| that would fool automated detection (unless you are having
| humans in the loop, in which case they can easily generate them
| cheaper than they are to verify and ddos you that way), and
| pretend to be friends once 5 real people have vouched for them.
| Having an older gmail is going to do a good job making sure
| only the millenials and their botnets get in today, but also
| plenty of real customers in most domains will be blocked.
|
| All of these might work today just because they aren't widely
| used yet. Once they are and are understood they'll be cracked.
|
| The government oauth is maybe the most interesting; it probably
| just kicks the can to a government site which is going to have
| all the same problems, but could potentially benefit from a
| secure national id. But now the government has a database of
| all the sites you are logging into; forget privacy of library
| records, that's a massive loss to the 4th amendment in
| practice. No need for prism or other NSA exploit nonsense when
| sites are literally pinging a government server to verify
| citizen network activity.
| danieldk wrote:
| Why? Put a signing key pair on a secure element (e.g. in the
| passport). Let the government sign the public key. This way
| sites can check if it's a government-approved keypair. You
| can prove that you own the key pair using the private key. No
| site ever has to contact the government for authentication.
|
| The only issue is that it could lead to cross-site tracking
| because you are reusing the same public key everywhere.
|
| But maybe cryptography experts have a solution?
| jlokier wrote:
| _> But maybe cryptography experts have a solution?_
|
| They do! The field of zero-knowledge cryptography targets
| exactly this sort of use case, proving things to a
| recipient without revealing other things.
|
| In this case, you might send a zero-knowledge proof that
| you have the private key corresponding to a government-
| signed public key, without revealing either key and,
| importantly, without communicating with the government or
| sending correlatable information on each transaction. (If
| you were ok communicating with the government you could
| just get it to sign a random public key for each
| transaction without needing zero-knowledge cryptography).
|
| You can do a lot more, for example proving "I am 18+
| [attested by gov signature]" without revealing your age,
| birthday or identity, or "I have security clearance level 2
| [attested by gov signature]" without revealing anything
| else, or "I have a driving license [attested by gov
| signature] and current paid-up insurance [attested by
| insurer signature]" etc.
|
| The field has advanced technically a lot in the last few
| years, to the point that those sorts of zero-knowledge
| proofs are now easy to implement technically and reasonably
| fast to compute.
| sarchertech wrote:
| The complete solution is a trusted 3rd party that verifies you
| in person. In most countries that would be the government. In
| the US it could a private entity like banks.
|
| Then websites site rate limit each authenticated person.
| lotsofpulp wrote:
| The US has long verified you in person at United States
| Postal Service locations for the purpose of verifying your
| identity for US passports.
| sarchertech wrote:
| For sure, and you could probably build off of that by just
| having a digital identify tied to the passport. But what I
| was getting at was that people freak out whenever anyone
| discusses a national identify card.
| lotsofpulp wrote:
| Yes, and I was getting at that a national identity card
| in the US has existed for many years, called a passport,
| so people are freaking out for no reason.
|
| Also, it could be made opt in so the people freaking out
| would have nothing to object to, and then whoever wants
| to participate, can.
| bfeynman wrote:
| CAPTCHAs are supposed to tell humans and robots apart, if robots
| are all doing better than humans, maybe we should flip the
| acceptance criteria to make sure you are not performing task at
| superhuman level, (until we train bots to do this). On an
| unrelated note, I have found captchas that don't even work and
| reprompt me all the time, I wonder if there is some naive
| filtering behavior they are applying.
| toss1 wrote:
| Yup. This quote jumped out at me:
|
| >>"Furthermore the bots' solving times are significantly lower
| in all cases, except reCAPTCHA, where human solving time of 18
| seconds is nearly similar to the bots' time of 17.5 seconds."
|
| This is currently an obvious tell for the standard CAPTCHAs, as
| you mentioned, "performing at a superhuman level". However,
| it's an easy bot behavioral fix, so.... what is the next step?
| Offer a game of chess and look for a human the playing style?
| Seems you'd have to offer a menu of games, but not "Global
| Thermo...."
| juujian wrote:
| Do CAPTCHAs in practice really serve to perfectly tell apart
| humans or robots, or just to thwart the laziest attempt of
| abusing a website? Everyone knows that a door lock, no matter
| how good, can be overcome if you a really determined. But the
| lock still thwarts off opportunists. Yes, the goal when we
| first developed CAPTCHAs may have been to tell apart humans and
| robots. Realistically now, if CAPTCHAs can still significantly
| reduce the traffic from bots then companies will keep using
| them.
| paulddraper wrote:
| > or just to thwart the laziest attempt of abusing a website
|
| Thus the XKCD CAPTCHA: https://xkcd.com/810/
| slashdev wrote:
| I've seen that one before, but I got a fresh laugh out of
| it.
|
| We'll have to change the game again now that bots can beat
| humans at it.
| kokanee wrote:
| I wonder if part of the solution is for us to start designing
| the Internet for bots. We're entering a phase where websites
| are coded by bots, content of all stripes
| (text/video/audio/images) is generated by bots, and
| increasingly that fact doesn't necessarily mean that we want
| to block it.
|
| The main tenets of apps that are resilient to bot spam are 1)
| scalability, so that they can handle huge quantities of
| traffic and bot-generated content, and 2) the ability to
| differentiate high quality from low quality content
| (regardless of whether it was created by a human).
| Ironically, AI is probably the solution to the second
| problem.
| thrashh wrote:
| I think what you're proposing applies to good bots.
|
| But the bots I wrote to get unfair advantages in auctions
| or tickets are probably of the kind most bots are.
| danaris wrote:
| The difference with a door lock is, even if you are
| sufficiently determined and have a way of defeating
| particular kinds of door lock with 95% confidence, that
| doesn't mean that you can instantly break into 95% of houses
| that use that lock, because _you are one person with a
| physical body_.
|
| If bots that can break CAPTCHAs become widespread, the volume
| of spam, scams, and other junk traffic is going to cause
| problems for many people and small websites.
| YetAnotherNick wrote:
| Solving the puzzle is only of the requirement to getting
| past captchas. For better or worse most captchas use
| IP(subnet) based rate limiting and cross site tracking as
| well, so the physical body argument holds in captchas as
| well. Try using the web inside free VPN or Tor and see if
| you can break captchas.
| wongarsu wrote:
| For a long time now CAPTCHAs only make bots more expensive.
| There are plenty of (human-staffed) services that will
| solve your captchas for $0.001-$0.005 per solved captcha.
| Better AI lowers the cost, but it's not necessarily a
| massive change of the status quo.
| RetroTechie wrote:
| In a way that is silly:
|
| Increase the cost of having bots do it, while...
|
| ...also increasing the time wasted by humans. Time which
| is considered much more costly/valuable than whatever $
| value spent on the bots.
|
| So maybe the time has come to regard captcha's pointless,
| and just drop that nonsense.
| PBnFlash wrote:
| The difference between zero and nearly zero can be pretty
| large at scale.
| semi wrote:
| That was true of early captchas but Google changed it
| from 'wasting humans time' to 'using humans time to train
| their machine learning algorirhms'
| mistrial9 wrote:
| about to say the same - but to be clear, it is "training
| computer vision models" a specific use of machine
| learning
| oceanplexian wrote:
| CAPTCHA is about more than spam.
|
| Big Tech built their empires on scraping and stealing data
| (How do you think LinkedIn or Facebook got started?) But
| when we try to scrape them they throw a massive hissy fit,
| and so they put a lot of engineering into CAPTCHA systems
| to keep their data locked away. Eventually, the pinnacle of
| bots will be something that reads the framebuffer, and
| manipulates a mouse and keyboard to scrape websites.
|
| This has got these companies freaked out, because all the
| founders know the dirty secret of their origin story, and
| that someone else can come along and do exactly the same
| thing to them.
| samr71 wrote:
| (This, of course, isn't how LinkedIn or Facebook got
| started)
| verve_rat wrote:
| Don't know about LinkedIn, but aren't the roots of
| Facebook traced back to scraping pictures of women off of
| Harvard's website?
| RichardCA wrote:
| https://youtu.be/BPazh2kDdvA
| tommy_axle wrote:
| Not necessarily, if the messages are analyzed there's
| usually an intent (solicitation, scam, etc.) so you can
| filter based on the content similar to email. The shorter
| lead forms without a message to analyze are a bit different
| since you can only go based on IP, email, phone but it's
| possible.
| stavros wrote:
| No, because bots that handle spam get better as well:
|
| https://thespamchronicles.stavros.io/welcome/
| fnordpiglet wrote:
| I have to solve all the captchas for my wife. I don't know what
| that says about her, or me, but I definitely loathe them.
| CamperBob2 wrote:
| What it says is that one viable way to get rid of these
| stupid things may involve ADA lawsuits. Hopefully anti-
| discrimination lawyers are paying attention. Google has some
| pretty deep pockets, as do many websites that employ
| CAPTCHAS.
|
| Failing that, we can't be more than a couple of years away
| from generalized solvers that can simply be implemented as
| browser plugins, at least on the desktop. The job of coming
| up with a fair, equitable and non-discriminatory test that
| only humans can pass is going to be an impossible one.
| benbristow wrote:
| wait(random(sensiblerange));
|
| Job done!
|
| Even maybe add a
|
| answer = getrandombool(somesensiblepercentage) : rightanswer()
| : wronganswer();
|
| For good measure
| spondylosaurus wrote:
| > maybe we should flip the acceptance criteria to make sure you
| are not performing task at superhuman level
|
| Many CAPTCHAs already operate this way. "Bots can do things at
| suspiciously superhuman speed" isn't new.
| bfeynman wrote:
| I said level not speed, obviously something sending solve
| request back less than a few milliseconds later is not human.
| soerxpso wrote:
| > On an unrelated note, I have found captchas that don't even
| work and reprompt me all the time
|
| Modern captchas do a lot of background work regarding how human
| your inputs look, whether you have a human-seeming fingerprint,
| etc. Often when I'm behind a VPN and on Linux I have the same
| issue, because my setup simply looks "too botty" no matter how
| good I am at telling which squares have a firetruck in them.
| jonny_eh wrote:
| > I have found captchas that don't even work and reprompt me
| all the time
|
| That's the Epic Games Store for me.
| camel-cdr wrote:
| I feel like they are sometimes already doing that, I had
| multiple CAPTCHAs where I thought I miss clicked, but got
| through anyways.
| hunter2_ wrote:
| I think only some parts of a CAPTCHA are challenging you
| (data is labeled sufficiently for mistakes to be considered a
| failed solve), and the other parts are still in the process
| of being labeled, which you are helping to accomplish, so
| those have no influence on the immediate outcome.
|
| At least that's how the old "type these two words" CAPTCHAs
| worked. It was crowdsourced human OCR of whatever text the
| machine OCR couldn't make sense of. I'm not sure if "find the
| bus/motorcycle/crosswalk/light" is the same way, but perhaps,
| and it does seem to offer leeway when there's only a few
| pixels of that item in the frame.
| jorvi wrote:
| What's sad is, I've started to predict how dumb other
| humans are at filling in CAPTCHA's. Often there's a piece
| of motorcycle, stair, traffic light, fire hydrant, or non-
| bus picture that users will mis-select, and I'll do what I
| think the masses do.
|
| I used to choose correctly but being sent through 5 chains
| of CAPTCHAs is modern hell.
| calfuris wrote:
| I'm not _certain_ that that 's what is happening, but I
| strongly suspect it. It is if nothing else a useful mental
| model: switching my strategy from selecting every square
| that contains foo to selecting every square that I think
| that Joe Schmoe would select gets me through CAPTCHAs more
| consistently.
| danieldk wrote:
| It's been like that for years, they probably use a subset for
| extra annotation.
| chromoblob wrote:
| > until we train bots to do this
|
| This is trivial.
| zer0w1re wrote:
| I always thought that's what captchas evolved into anyways.
| Human-reinforced training for AI image recognition.
| HankB99 wrote:
| That seems to square with the content I'm frequently tested
| in. Crosswalks and traffic signs for self driving cars and
| stairs for walking robots.
|
| I've also noticed that captchas are getting more difficult.
| Is that because the AI needs to sharpen recognition skills
| or because that's needed for differentiating human from
| 'bot?
| robalfonso wrote:
| To that point, when I do the picture captcha (Select the
| crosswalks type question), I always click a square I know is
| not valid and then de-select it. Adds some "human-ness" to the
| interaction and I never get a 2nd challenge that way. Will that
| be the future? Look for behavior that is too perfect?
| wolpoli wrote:
| I feel like Captcha already takes into account of how quickly
| I select the pictures already. If I spend the time to get it
| perfect, I end up with more challenges than if I just select
| quickly based on my instincts.
| wongarsu wrote:
| If you assume that most humans spend the minimum effort
| possible on their captchas, your gut response is also more
| in line with other responses than your well thought-out
| response. Even a matching based on the selected squares
| would pick up on this.
| mewpmewp2 wrote:
| This would be fairly simple to simulate using an AI though.
| dave1010uk wrote:
| Sometimes I click the "I am not a robot" checkbox without
| even thinking. Then I panic for a moment as there's no option
| to uncheck.
| thelastparadise wrote:
| This sounds like something a robot would say...
| whimsicalism wrote:
| I do the same but with erratic mouse movements
| RetroTechie wrote:
| So in near future, humans will have to out-do bots in the
| art of make-human-looking mistakes?
|
| Humans will lose!! lol ;-)
| Zetice wrote:
| We do this with some "slide this puzzle piece into place"
| CAPCHAs; my understanding is the detection is based on how
| _slowly_ you fit the piece in. A computer would be linear in
| its movement, whereas a human with a mouse would operate with
| some unevenness and /or slowness and/or inaccuracy.
| jacobr1 wrote:
| Which seems easy enough to program around if you are trying
| to commit fraud against whatever is gated by these tools.
| morkalork wrote:
| Get humans to do a few hundred, log their movements, sample
| from the distribution, sleep(t), and voila.
| Zetice wrote:
| One would presume it's harder than that, given it's the
| product of a team/company specializing in detecting
| exactly such a thing, right?
| Jackson__ wrote:
| >CAPTCHAs are supposed to tell humans and robots apart,
|
| Nowadays, it seems the kind of captchas I get when under
| suspicion of being a bot are simply there to delay. Especially
| google captcha with their extremely slow fade out box
| selections.
| sam0x17 wrote:
| breaking: AI is better than humans at appearing human when
| completing CAPTCHAs
| thebruce87m wrote:
| > On an unrelated note, I have found captchas that don't even
| work and reprompt me all the time
|
| This is by design. The ones where you have to identify a bus,
| crosswalk etc are all used to train ML models. Your results are
| checked against other for the captcha, but sometimes you are
| the first person to see the image and there's no way to check
| your answer so you'll always get served another.
|
| Another smart thing is that they actually segment the picture
| by moving the squares slightly.
| ljlolel wrote:
| Based on the captchas this obviously hasn't been true for
| years
| nickcw wrote:
| > This is by design. The ones where you have to identify a
| bus, crosswalk etc are all used to train ML models. Your
| results are checked against other for the captcha, but
| sometimes you are the first person to see the image and
| there's no way to check your answer so you'll always get
| served another.
|
| Do you have a reference for this? I wouldn't have thought a
| process like that would be needed now-a-days for training ML
| models.
| thebruce87m wrote:
| Not sure if there is anything directly from the horse's
| mouth, but there are lots of articles describing it:
| https://www.techradar.com/news/captcha-if-you-can-how-
| youve-...
|
| Human labels are absolutely still needed, for now at least.
| mcast wrote:
| Google was using CAPTCHA data to train its Street View
| photos for addresses and street names back in 2012*.
|
| https://techcrunch.com/2012/03/29/google-now-using-
| recaptcha...
| jacurtis wrote:
| So it is actually a little different than what is noted
| above. I actually was told this directly from the mouth of
| someone who worked on this project. I don't believe it is
| that secret. But this is how it works.
|
| The Captcha presents you with 9 squares. It selects a
| identification test at random (crosswalks, trains, buses,
| stoplights, etc). For this example let's say the
| identification test is to identify crosswalks. The squares
| are then filled as follows:
|
| 1) Two of the squares are requested that pass the
| identification test at an alpha value p < 0.05 (meaning it
| is more than 95% confident it IS a crosswalk).
|
| 2) One square is requested that passes the identification
| test at an alpha value of p < 0.01 (meaning 99%+ confident,
| effectively certain it IS a crosswalk)
|
| 3) One square is requested that fails the identification
| test at an alpha value of p < 0.01 (it is almost certainly
| NOT a crosswalk)
|
| 4) Two squares are requested that fail the identification
| test at an alpha value of p < 0.05 (it is 95% confident
| that it is NOT a crosswalk)
|
| 5) Three squares are requested that need have low
| confidence intervals p > 0.05
|
| The captcha then shuffles these 9 images at random, it
| offsets the images a little bit by altering the crop
| slightly to prevent memorization by bots. Then it presents
| these 9 squares to the users asking them to identify
| according to the identification test.
|
| The captcha scores the user based on their selection with
| the 6 known squares. The response you give on the 3 low-
| confidence squares has zero impact on you passing or
| failing the test. From what I was told, you must
| successfully identify both of the 99% interval squares
| correctly (one that passes the id test and one that
| doesn't). That is a hard pass/fail. From there, the captcha
| scores your response on the 95% confidence interval squares
| to the expected values. It compares that to other variables
| such as the speed that you answer them, the movement of the
| cursor and other variables (such as selecting, deselecting,
| etc). It also compares IP address google session data as
| part of its determination to determine the liklihood of
| humanity in the user. My understanding is that is is
| moderately forgiving. If the user is determined to be human
| based on those responses, then your responses are fed back
| into the confidence intervals for all of the images
| presented (other than the two "known" squares). Data by
| users that fail the Captcha is discarded so it doesn't feed
| into the confidence metrics of the images presented.
|
| From what I was told, you can actually incorrectly identify
| 2 squares and still pass the captcha. The IP address and
| mouse movement plays a significant impact in the response
| as well as your ability to identify the two known squares.
|
| Three of the squares are entirely unknown to the bot. You
| are purely feeding the confidence on those images for
| future use in the CAPTCHA and other google products. But
| there is no test where you are "guaranteed to fail" as
| mentioned above. Every test presented to you can be passed.
| There are 2 known squares which you MUST answer correctly.
| Your behavior and computer data and answers on the mid-
| confidence squares are what further impact your pass/fail
| determination. The three unknown squares never impact your
| pass rate. They are filler, the captcha only watches how
| you interact with the filler squares, not what you actually
| respond.
| dandellion wrote:
| They're not very smart, because I've been answering them all
| wrong, on purpose, as a joke for years and I always get
| through.
| Sohcahtoa82 wrote:
| > On an unrelated note, I have found captchas that don't even
| work and reprompt me all the time, I wonder if there is some
| naive filtering behavior they are applying.
|
| Curious, do you use a VPN or Tor? Either of those will cause
| CAPTCHAs to make you solve multiple puzzles.
|
| The only site I visit that has ever been annoying with CAPTCHAs
| is PCPartPicker.
| itissid wrote:
| Companies that want Physical Humans to watch what is on their
| websites(ads+content) and wall off said content at the same time.
| Every one of these companies is on borrowed time. Eventually AI
| will be able to read frame buffer and simulate mouse movements to
| a tee and get what any one wants, Tor networks and VPN networks
| will be used to circumvent API restrictions and everything else
| that blocks people will be learnt by the AI. The only factor will
| be cost of compute that will host the AI and how much data you
| want.
|
| If there was no profit motive(ads) or its correlates(attention),
| none of this would be necessary. Companies would just provide
| utility to make people's lives easier. The most utilitarian
| company would win.
|
| The only reason big tech needs to make this much money is share
| holder "value"(code for: 'we need to make our execs and engg rich
| so that other companies don't grab them'). This is a massive
| snowball; Its crash-only thinking(google the term).
| ekanes wrote:
| Sort of. Ads as a business model exists because many people
| don't want to pay companies directly (through subscriptions
| etc). For the company to exist, they have to make money, so
| they sell people's attention. Unfortunately, we simply haven't
| found a better way yet.
| jfengel wrote:
| I'm no fan of capitalism or the ham-fisted way companies try to
| control their intellectual "property", but "shareholder value"
| is what gets content created under the system we've got.
| Somebody ponied up money for a content creator to sit down and
| do the work. They wouldn't do that if they weren't hoping for a
| return on that investment.
|
| Me, I'd love to see a world where everybody got enough money to
| live on, and then got to sit down and create whatever content
| they want, for the heck of it. They don't own it; we all pay
| for it and we all get to enjoy it.
|
| But that's not happening any time soon. So I think we're stuck
| with the problem of intellectual "property" being a thing, and
| companies trying to artificially limit access to it despite
| knowing that there are a million ways around it. They're just
| going to hope that most people, most of the time, would rather
| take the legal and official route, if it's not too burdensome.
| hackingonempty wrote:
| This is why techies will not be able to defeat WEI. It will be
| the replacement for CAPTCHA. Every place using a CAPTCHA now will
| switch to requiring cryptographic attestation that you're running
| a clean copy of FAANG stack on approved hardware. The only
| effective non-human bots will be physical robots using the analog
| hole.
| doylio wrote:
| There is a knee-jerk aversion to the word blockchain on
| hackernews, but crypto folks have been thinking a lot about
| decentralized sybil resistance. If the choice comes down to WEI
| or a blockchain based solution, how would you feel about that
| option?
| GhostWhisperer wrote:
| what does a blockchain bring into the discussion that you
| think parent would be okay with?
|
| if the choice comes down to two options, what makes you think
| it would be between wei and blockchain
|
| i think there might be some confusion here simply because
| parent used the work cryptographic, but this has nothing to
| do with blockchain
| chrismarlow9 wrote:
| It will get bypassed easily. The lengths spammers will go to
| for "organic" advertising that is automated doesn't really have
| limits. Fine, add WEI, spammers will write code that literally
| issues native events to a real browser on a farm of devices. I
| actually saw this discussion in the WEI proposal GitHub
| regarding Chrome extensions. What gets a pass?
|
| Captcha was never really the limiting factor for spammers. It
| was generating human readable content at scale (comments,
| reviews, responses, etc). But with AI that's not an issue
| anymore.
| hinkley wrote:
| For E2E testing you'll have to allow Selenium or something
| else to drive the browser, and they'll just figure out how
| much they can disable in a browser to pack as many requests
| per second onto a given amount of hardware.
| itissid wrote:
| Its only if the cost for a FAANG stack is high. Cost of tech is
| always decreasing. If you think you are going to have a FAANG
| stack protected by crypto hardware attestation you will be
| beaten by the next guy who never needs to do it.
| firtoz wrote:
| What is WEI?
| cute_boi wrote:
| DRM of Web .
|
| https://arstechnica.com/gadgets/2023/07/googles-web-
| integrit...
| ChatGTP wrote:
| Aka the end of the open web. Remember net neutrality ?
| akeck wrote:
| Something I've wondered about is how CAPTCHAs are ADA-compliant.
| Ironically, this tech may end up helping people who are impaired
| from doing CAPTCHAs use websites. Just the other day, I watched a
| friend of mine who has vision health issues do several CAPTCHA
| rounds to use a state website.
|
| Edit: There's various efforts: https://captcha.com/captcha-
| accessibility.html
| bradly wrote:
| Kind of funny as OpenAI's CAPTCHA involved me picking a person's
| seat on a plane. I wonder if they test it against their models.
| jokethrowaway wrote:
| Great, can't wait for an AI powered captcha solving, ad blocker,
| EU cookies popup closer application.
|
| Maybe we'll get back the good old web
| dkersten wrote:
| And good old web (well, that intermediary persons were many
| things didn't yet use captchas but bots were already prevalent
| ) levels of spam and flooding of comment sections with links to
| advertisement and scams. Sounds great.
|
| I hate captchas as much as the next person and have long
| suspected that bots can solve them better than I can, but I
| hate the comment sections and forums made useless by spam
| messages even more.
| jordanreger wrote:
| I'm not surprised. I input a 2FA time-based code with a 30 second
| refresh on it and by the time I got through the captchas, my code
| had expired. By ~1.5 minutes...
| AtNightWeCode wrote:
| Delete all captchas everywhere. While at it. Delete all
| challenges. I am tired of wasting time into all this bs. If we
| did put the same amount of time into real solutions like rate-
| limiting and actually making endpoints secure there would be no
| problem to begin with.
| user764743 wrote:
| This is very dependent on the bot and what it's running on.
| ornornor wrote:
| The captcha buster extension[^0] along with the service on you
| computer to move the mouse for you works very very well. It uses
| google's TTS (afaik) to transcribe the audio captcha. It's google
| verifying another google service works well. I find it very
| satisfying to not provide my labor to train googles computer
| vision corpus but instead have the snake bite it's own tail.
|
| Anyway, I highly recommend buster, I barely notice captchas
| anymore with it.
|
| [^0]: https://github.com/dessant/buster
| falcor84 wrote:
| How about "Assess whether this LLM output is a hallucination?"
| yieldcrv wrote:
| When people tell me unsubstantiated things to uphold their
| beliefs, I've started to point out "if an AI said that, we
| would say it was hallucinating"
|
| and honestly, I cant find a reason to privilege human
| bullshitting over AI's
| indymike wrote:
| The approach that will work:
|
| 1. Have a service worth paying for.
|
| 2. Collect a payment with registration/account creation.
| Vicinity9635 wrote:
| This is exactly what twitter did.
|
| From just yesterday in fact:
|
| > _Past bot defenses are failing. Only subscription works at
| scale._
|
| https://twitter.com/elonmusk/status/1691969296543711471
|
| The included chart is super interesting:
| https://i.imgur.com/WI2XMCj.jpg
| mathgeek wrote:
| Captchas are often implemented on the payment forms themselves
| to prevent card testing.
| junaru wrote:
| That approach will not work at all.
|
| Majority shops have captchas since crawlers are like mini
| denail of service attacks on their resources and they continue
| day and night.
|
| You will not pay a single webshop to browse its inventory let
| alone dozens you currently check before buying anything.
|
| Like it or not this is what the internet runs on nowadays so
| killing that would have much bigger fallout than anything
| annoying captchas could do.
| neilv wrote:
| A bunch of news sites try that, but every link to them on HN
| (an Internet tech community you'd think would have a lot of
| people especially sympathetic to merit-based monetization of
| digital content) quickly gets a comment with a piracy link.
| BeFlatXIII wrote:
| ...because no one who isn't already a subscriber is going to
| pay to read one article.
| xormapmap wrote:
| news site != service worth paying for
| sam0x17 wrote:
| I think most in the tech space tacitly believe that if Alice
| has a cool string of 0s and 1s, but you have to pay $5 to go
| into her house to see it, and Bob happens to memorize the
| string of 0s and 1s and decides to display it publicly for
| all to see on a billboard, that this is an extremely based
| and good thing to do and prevents Alice from holding back
| human progress.
|
| People who don't believe this are probably biased because
| they are Alice.
|
| Don't be Alice.
| [deleted]
| neilv wrote:
| I was thinking our tacit belief is usually more "I want
| that, but I also want to keep my money. whynotboth.gif?"
|
| When challenged, rationalizations might come out.
|
| Circumstantial evidence of this is that we really don't see
| a lot of clear altruistic looking towards human progress...
| on other topics.
|
| If we mostly only talk about principled stands when it
| happens to be very convenient in a selfish way, the selfish
| way seems a more likely explanation.
| benlivengood wrote:
| I can't pay for a single article; I have to subscribe. It
| is intentionally hard to cancel subscriptions. There are
| enough website data breaches that giving my credit card
| number to a random subscription site is an unpleasant
| risk.
|
| I happily pay for Youtube Premium so that I can listen to
| whatever music I want anytime. Spotify and other services
| are fungible with that. I sort of happily pay for
| Netflix, but their catalog is shrinking. I would happily
| pay a subscription for access to _all_ or at least ~99%
| of newspapers.
|
| Whatever music did right (ASCAP, BMI) isn't perfect but
| it's miles ahead of the trash subscription schemes
| anywhere else.
| sam0x17 wrote:
| > I can't pay for a single article
|
| Yeah this is a super good idea. I would pay $5 a lot of
| the time to access these just so I don't have to deal.
| Would have to accept paypal and I'd do it.
| stavros wrote:
| For me, the issue is that I don't want to subscribe to
| the NYT because I never _explicitly go_ to the NYT. If I
| 'm linked to an article there, I'll read it, but
| subscribing on the off chance that I'm linked to an
| article there isn't a good reason.
|
| If there were a way to give two cents for each article I
| read, I'd do that, but there isn't.
| mewpmewp2 wrote:
| Yeah, I also wish for such a way. Global metered system
| for services like those.
|
| I don't ever read one single thing, but I read an article
| or two from countless of services.
| sam0x17 wrote:
| That they can't make enough money from contextual
| advertising with literally the entire internet linking to
| them all the time is a spectacular failure.
| stavros wrote:
| Probably a failure of the advertising model as a whole, I
| think. I wonder if the incentives would align much better
| if we had a micropayments provider.
| sam0x17 wrote:
| I agree this should be a thing. Or imagine a new
| distributed internet where every request is an extremely
| extremely small micro transaction / mining event.
| stavros wrote:
| In my opinion, flattr was a good way to do it. Shame it
| didn't catch on.
| sam0x17 wrote:
| I think the moral dilemma is a completely artificial one.
| You have to do a lot of bending over backwards in your
| head before you come to the extremely weird conclusion
| that knowledge can "belong" to a particular person or
| entity, and the even weirder conclusion that even if you
| pay for access to the knowledge, you still don't get to
| share it as you see fit. This is just capitalism-brain,
| nothing more. It's not natural, and it's definitely not
| optimal as far as moral maxims go.
|
| That modern society is structured around protecting Alice
| rather than protecting Bob and helping him free the 0s
| and 1s is simply a side effect of this, and an extremely
| unfortunate, progress-stalling one... the kind where you
| seriously contemplate going back in a time-machine to fix
| whatever went wrong to make us end up with.. this...
| brickteacup wrote:
| > extremely weird conclusion
|
| I agree, it's _so weird_ that people who devote time,
| effort, and resources to the production of articles or
| books somehow think they 're entitled to be compensated
| for the use of those products! What a bizarre belief! I
| mean, obviously they should just give them away for free.
| Not like they need money to survive or anything. They can
| just go on food stamps and live under a bridge or
| something.
| sam0x17 wrote:
| It really is. Society should be structured such that
| these people (and really, everyone) can just work on
| their creative works or whatever they are good at without
| having to worry about where their next meal is coming
| from or whether their loved ones and dependents will be
| provided for. That we have to capitalize and monetize
| everything instead of just distributing resources fairly
| is bizarre. If we were to simulate thousands of different
| realities, I would think this state of being would be
| like a shitty local minima that you tweak the hyper-
| parameters to avoid.
|
| As a creative person currently making an obscenely high
| amount of money doing rust development (north of
| $350k/yr), I'd happily throw all of that away to just be
| able to work on my open source projects in perpetuity if
| I could trust that society will take care of me, forever,
| in exchange. In fact, playing this whole capitalism game
| is a huge waste of my time and energy that I'd much
| rather spend making creative works without worrying about
| how I'll monetize them.
|
| As someone who makes creative works, I don't _want_ to
| have to charge people to use/access/enjoy them.
| Vicinity9635 wrote:
| Hear, hear.
|
| We finally invent a thing (the Internet) that will let us
| share knowledge for free, and one of the first things
| that happens is a bunch of lawyers invent more work and
| job security for themselves by creating this fantasy
| notion that you can have Imaginary Property and they call
| it "Intellectual Property" so it's not immediately
| obvious how ridiculously selfish and society-retarding it
| is.
|
| We live in a world of actual scarcity and they invented
| some artificial scarcity to benefit themselves
| exclusively, then immediately funded a bunch of
| bribery^H^H^H^H^H^H lobbying to make it illegal to share
| information for free.
|
| > _As someone who makes creative works, I don 't _want_
| to have to charge people to use/access/enjoy them._
|
| Same here. I self published some stories on amazon and
| they won't let me charge _less_ than a dollar for them,
| or I would. I 'm infinitely more interested in people
| enjoying them than profiting from it. In fact, I found
| that they almost immediately ended up in some pirated
| torrent and was like, "How cool is that? Somebody thought
| it was worth pirating."
|
| This notion that creative types won't create without
| financial incentive seems to come from lawyers, not
| creative types.
| dragonwriter wrote:
| > We finally invent a thing (the Internet) that will let
| us share knowledge for free, and one of the first things
| that happens is a bunch of lawyers invent more work and
| job security for themselves by creating this fantasy
| notion that you can have Imaginary Property and they call
| it "Intellectual Property" so it's not immediately
| obvious how ridiculously selfish and society-retarding it
| is.
|
| I think your narrative has gotten the relation between
| the invention of the internet and the creation of the
| subcategory of intangible personal property known as
| "intellectual property" very, very wrong.
|
| Like, intellectual property is older than the USA and the
| internet is... not.
| fluoridation wrote:
| Maybe the service news sites provide isn't worth paying for
| for the vast majority of incidental visitors.
| indymike wrote:
| No, they aren't piracy links. These are where the news site
| makes their content available to scrapers and then paywalls
| humans. This is where the news site is trying take advantage
| of search engines to get you to clink on their SERP, and then
| make you pay. In a lot of cases you can read this content by
| proxying off a non-dynamic ip range and changing your user
| agent.
| brickteacup wrote:
| > These are where the news site makes their content
| available to scrapers and then paywalls humans. This is
| where the news site is trying take advantage of search
| engines to get you to clink on their SERP, and then make
| you pay. In a lot of cases you can read this content by
| proxying off a non-dynamic ip range and changing your user
| agent.
|
| okay... so they're piracy links is what you're saying?
| mishagale wrote:
| I've always felt one of the main reasons for this is that we
| never really got true microtransactions on the web. Pretty
| much all payment processors charge at least $0.20-30 per
| transaction.
|
| My theory is that if there was a way to frictionlessly pay,
| say, $0.02 to access a piece of content ad-free, most people
| would be pretty okay with it. They key part is making the
| transaction frictionless - no more than 1-click/1000ms.
| neilv wrote:
| Yeah, I'd like to see a really good microtransactions
| implementation.
|
| Including some way to keep that from marginalizing people
| in the current very inequitable capitalist environment.
|
| A non-technical challenge is that you'd need someone to
| lead this in good faith, and they'd need both principles
| and clout. The first 5 candidates I thought of just now
| seemed much better candidates in the past, than currently.
| Vicinity9635 wrote:
| Isn't that basically what Brave tried (is trying?) to do
| with Brave Rewards?
| mewpmewp2 wrote:
| What's the challenge in already having this? There could be
| an aggregator service that has all the news sites joined
| with it and pays out on your visits to those news sites? Is
| it that it would be hard to get all news sites or content
| providers to accept this single one universal service?
| atyppo wrote:
| Apple tried with Apple News+ and hasn't exactly
| succeeded. If they can't succeed, I fail to see how
| anyone else could. Maybe a few media incumbents?
| kyleyeats wrote:
| They'll never do this because it dispels the illusion of
| independent media. It's the same reason cable news buys
| and shows ads: they want you to think the rest of the
| content isn't for sale. The truth is that the news is
| paid for by people who want to control the narrative,
| whether it's Logan Paul or Uncle Sam.
| noAnswer wrote:
| Old Flattr was something along those lines. You had to
| click though. (Like the old embedded Facebook likes. Are
| they old? Haven't seen them in a while, could be because
| of uBlock though.)
|
| I really liked it. A view Blogs, Podcasts and the
| KeePass-Homepage had it. Then they sold to Chines
| investors and pivoted to god knows what.
| sam0x17 wrote:
| Or really, proof-of-work based CAPTCHAs. I think inevitably
| that's the world we're eventually stuck in
| kmeisthax wrote:
| Completely Automated Public Turing test to train Computers to
| imitate Humans Absolutely
| hilbert42 wrote:
| Good, they may become redundant and many of us would love that.
| znpy wrote:
| I'm failing captchas almost 100% of the time lately.
|
| Particularly those where you have to slide the part of the image.
|
| I guess I'm not human anymore?
| niyaven wrote:
| Which is why I'm always using buster[1] when facing captchas.
|
| https://github.com/dessant/buster/
| jakubmazanec wrote:
| As I asked in similar thread the other day, what about proof of
| work based CAPTCHA like https://github.com/mCaptcha/mCaptcha -
| which I didn't actually see on any site. Is it used? Since
| CAPTCHAs can be solved by bots, at least make it more costly for
| them.
| Workaccount2 wrote:
| This is going to create a mess and make the internet probably
| suck a lot more.
|
| I don't have any solutions or ideas to float. Just painful
| acceptance that nice things are going to break.
| yreg wrote:
| One solution was the universally hated worldcoin. I hate it as
| well and don't think it could work, but the problem they meant
| to tackle is very real and we should talk about it.
|
| I think we are going to need some kind of certificates vouching
| for humans being humans.
| mdale wrote:
| This is why attestation standards are all the rage right now.
| ohgodplsno wrote:
| Ah, yes, I absolutely trust Sam Altman to keep all of my
| personal data, to never resell it to people I have absolutely
| no idea of. Just like I absolutely trust him to not
| completely manipulate worldcoin and generate tokens that will
| be given to bots. He's totally not in a position where he
| creates both the problem and the solution.
| oefrha wrote:
| Yeah, Worldcoin is totally a solution because you can't buy
| up heaps of identities from poor African people. /s
| mewpmewp2 wrote:
| I wonder if there could be a service which you use with your
| real identity registered, but the certs it gives you are
| untracked to still allow for possibility of being anonymous.
| Although it seems like it should limit it to giving you only
| a few certs a month. But then bad actors could start buying
| those certs from people themselves. Still would make it much
| harder to spam requests.
| shkkmo wrote:
| > a service which you use with your real identity
| registered, but the certs it gives you are untracked to
| still allow for possibility of being anonymous.
|
| The best you can do is pseudonymity. If the attestations
| are completely anonymous then you have no way of dealing
| with bad actors, like those who sell their digital identity
| to spammers.
| noAnswer wrote:
| > I wonder if there could be a service which you use with
| your real identity registered, but the certs it gives you
| are untracked to still allow for possibility of being
| anonymous.
|
| This is possible with the German identity card. (I have no
| idea but my guess would be that this is possible with other
| identity cards from Europe or around the world too.) You
| can even make age checks with out transmitting the actual
| birthday. It just returns whether the card holder has or is
| above the age in question. You can't cross reference those
| certs with other sites.
|
| It really grinds my gears if a identity check wants a video
| call or what ever instead of them using eID features.
| graypegg wrote:
| I could totally imagine Verisign or something doing this.
| Imagine a world where you have to pay a yearly renewal fee
| to keep your humanity. They'd love it. Of course, it's not
| a claim that the user is a human, but rather the user has a
| slightly difficult to obtain certificate that had to be
| requested by a human.
|
| Could slow spam down though.
| malfist wrote:
| Ah yes, the infamous "the blockchain can solve this"
| solution.
| yreg wrote:
| Why blockchain, I never said that.
| krzyk wrote:
| I hope not, I really miss the times when I could curl any
| website I wanted, make myself "API" out of it, good times.
| AndrewKemendo wrote:
| That's a succinct description of what seems to be the current
| state of most adults I know.
|
| It's clearly burning, nobody seems to be in charge, there's
| little hope that anyone is going to fix it, and individual
| actions seem like shouting into the wind. Even worse, the
| problem is undefined and hard to measure - and different groups
| have different complaints and priorities.
|
| Or, said another way:
|
| "That pretty much sums it up for me" - drunk guy in the bar in
| the movie Groundhog Day
| justnotworthit wrote:
| Find the adults who think otherwise; They'll embrace you.
| AndrewKemendo wrote:
| I'm looking! Last year I started actively looking for pro
| social friends to - let's say - do a "security and firmware
| update of my social network." It's been successful so far
| though not perfect or easy
| mattigames wrote:
| Obviously there will be a satellite that will zoom at your gps
| location, you have to do a special dance and your humanity will
| be verified by motion detection, obviously robots eventually
| will be able to do this and dance better than humans as well as
| wear fake skin but that's a problem for another generation.
| svachalek wrote:
| Nearly all the failures of the internet come down to
| advertising. The surveillance state was built to sell you
| advertising. Spam isn't exactly advertising but it's not not-
| advertising either. Captchas are built to protect sites from
| being viewed without making advertising impressions, usually so
| the content can be stolen to sell to other advertisers.
|
| We need a new foundation. I don't know what it looks like,
| exactly, but I think it's going to have to built around
| micropayments.
| Espressosaurus wrote:
| How is spam not advertising?
___________________________________________________________________
(page generated 2023-08-17 23:01 UTC)