There's a reason captchas have moved mostly image identification systems. These text-based captchas have all been defeated for years.
Yeah because whomever "owns" the data needs humans to train their bots, not because the image based bot detection is better than other methods.
The images are not actually the captcha. They've used other methods and tools to verify your authenticity, then they force you to help train their image recognition AI under the guise of it being the actual captcha. Its Distributed Forced Labor, and Google has been using captchas to do this for decades. Remeber the picture-of-two-words captcha? One word was always squiggly and the other was not. The squiggly word was the real captcha, the other word was from a scanned book and you were helping to train their OCR algorithms.
I remember that Jdownloader could crack some CAPTCHAs back in the 00's.
There used to be hoardes of sites offering free downloads, quizzes, porn etc etc. You would have to solve a captcha to get through, but they were 'stuck' in an infinite loop. I always believed it was being used by spammers/hackers to bypass actual captcha elsewhere on the web. Its kinda genius, offloading the work to randoms looking for free stuff..
I also remember services you could pay to get your captcha solved via a browser extension. You could also register as a captcha solver there to earn a few bucks stupidly solving captchas. Although I'm not sure if they were actually legit.
I remember back in the day this automated downloader program.. the links had a limit of one download at a time and you had to solve a captcha to start each download.
So the downloader had built in "solve other's captcha" system, where you could build up credit.
So when you had say 20 links to download you spent some minutes solving other's captchas and get some credit, then the program would use that crowdsourcing to solve yours as they popped up.
The image ones basically as well
Yeah, at this point, most forms of image identification catches have also been defeated, not quite 100% success yet, but they're getting there
I mean the google one is literally training a Algorithm to identify the images so the shit defeats itself.
Funnily enough, the reason they switched to those was to use the data to train machine learning (AI) models, just like Google's recaptcha was originally pictures of words from old, scanned books so they could transcribe all of them "for free" and train their transcription algorithms.
Man I miss the times when Google used to trick us into helping make knowledge more easily accessible to everyone. Now we just train fucking AI for luxury cars.
It's a bit weird how that actually works though...
"Which of these pictures are traffic lights?"
I'd hope with all the self-driving-(ish) cars coming out, any AI like that should be able to identify a traffic light, right?
When you "solve" a captcha like that, you're just helping train the AI you're talking about.
The stuff that determines whether you're a not or not is based on browser information, how you interact with the page, etc.
That's exactly what you're doing, training the AIs to identify that.
Nobody mentioning it got the captcha wrong? That's a p not a P which while admittedly a tiny mistake would still be counted as a fail
Goes to show that it's only human.
After all
Many (most?) captchas I stumbled upon weren't case sensitive.
You mean I've been shiftkeying all these years for nothing?!?
I've run into a few.
Hum... I'm not sure I wouldn't make that same mistake.
Are you sure you're human?
Negative. I am a meat popsicle.
I have been wondering that lately...
Fun fact not only to captchas monitor your input but also can analyze how you input it. If you mouse moves in a perfectly straight line if all your key presses are precisely spaced, you are probably not human.
Both of those seem trivial to circumvent.
Sure two additional cases not that bad, now just keep adding them up. Like anything security related it's not 100% perfect you just have to make it annoying to break.
Now all the people they pay to solve these captchas will have to go find other work 😢
I'm more worried about Google's income. How can they afford to spy on me if they aren't being paid far out the ass to host what will soon be security theatre.
Puts 40yo tech against current tech
How is the current tech possibly winning...
Nowadays there are some really annoying CAPTCHAs out there, such as:
In summary, the CAPTCHAs seemingly are becoming less of a "prove you're not a robot" and more of an forced IQ test. I can see the day when CAPTCHAs will ask you to write down a Laplacian transform for the solution f(x) to the differential equation governing the motion of a mass considering the resistance of air and aerodynamics, or write down a detailed solution to the P versus NP problem.
It's when they make you do like 20 of them. Bitch you already stopped the DDOS let me see my balance fuck.
Sony has the most annoying ones, which are designed to prevent people from submitting tickets. They'll show you like 10 dice, and ask what they add up to. They make you solve like 16 of them before they let you continue. Shit should be illegal.
The math ones are ridiculous.
Guess what computers are inherently great at?
Math.
Because they're not there to stop computers, they're there to stop people from getting legitimate support from a company that owes it to them.
Those "select tiles with a bicycle" are us training image recognition programs.
No, CAPTCHAs these days track mouse movements and other factors. They make you second guess if something should be included because, as a human, that's going to be something you do. And it'll be obvious from both that hesitation and your squishy, inaccurate mouse movements that you're a human.
Honestly, I'm not mad if AI fully defeats captchas to the point they go away. They almost always fail to be usable via accessibility tools. These things might block some automated systems, but they also block people with disabilities.
Most bots out there aren't backed by chat gpt. We had a flood of Russian boys using a sign up for on a site to send spam emails by putting the spam in the names and address fields. Slapping the most basic of captchas on the page solved it.
To be fair, most boys aren't as sophisticated as bots.
But it got it wrong.....
While everybody's right in saying text captchas are outdated, there are concerning amount of services (especially for small-mid businesses) that still use them.
Anyway, if an AI could control something like Selenium with the necessary modifications (aka not presenting itself as Selenium), I am pretty sure most of the "Click here to confirm you are an human" captchas like the cloudflare one would be defeated too.
I think the most challenging are image-based weird challenges that are difficult even to humans. The annoying ones.
What do you mean by outdated? Most captchas are there to help them train their next ML model. Relevant xkcd:
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
