this post was submitted on 02 Oct 2024
39 points (88.2% liked)

Fediverse

28704 readers
232 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
top 14 comments
sorted by: hot top controversial new old
[–] [email protected] 43 points 2 months ago (1 children)

LOL no. Bots can pass Captchas, but I hit the back button.

[–] [email protected] 23 points 2 months ago (1 children)

I've spent, collectively, probably days of my life clicking squares with just the tip of a handlebar or the faintest shade of the edge of a stoplight, only for bots to still be able to get past it.

[–] [email protected] 1 points 2 months ago

Isn't that because the bots were trained on us solving those? That's what I've heard anyways.

[–] [email protected] 29 points 2 months ago (1 children)

The whole point of captchas is to train bots. Did you think they were all road object and optical character recognition based because those are the categories humans really excel at?

[–] [email protected] 3 points 2 months ago

I genuinely thought we were training Google's self driving car algorithm, like back when we were proof reading their illegally scanned books' OCR.

[–] [email protected] 19 points 2 months ago

No, but it raises the difficulty bar for an attacker.

[–] [email protected] 13 points 2 months ago (1 children)

To expand on what others here have said: no they can't, and there was a recent article here on Lenny taking about how AI (which I know is different from average bots) has figured out most of the visual captcha types.

[–] [email protected] 8 points 2 months ago* (last edited 2 months ago)

there was a recent article here on Lenny taking about how AI

Funny you'd mention Lenny, he's also a bot! A good one though!

https://en.wikipedia.org/wiki/Lenny_(bot)

https://www.lennytroll.com/

https://www.youtube.com/watch?v=XSoOrlh5i1k

[–] [email protected] 12 points 2 months ago

No, CAPTCHAs can and will be bypassed. But you can make it expensive for bot hosters using PoW CAPTCHAs instead of normal ones. It's also better privacy-wise.

[–] [email protected] 6 points 2 months ago

Absolutely not. While a captcha can stop somebody with a simple python script and nothing else. It is not effective against sophisticated bots which either use AI or which connect through API to a captcha solving service run by humans. Much to the chagrin of captcha operators.

From what I've seen the main purpose of captcha is to act as security theater to dissuade normies. If there's anything that captcha has been successful at it's been permeating pop culture as a trope. As far as actually stopping the malicious actors it hasn't really done that much, mainly because these people will adapt and change their tactics. They're not just going to keep trying the same methods that aren't working, they're not stupid. Many do it as a business.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago)

Captchas were never about keeping bots out: they've always been an excuse to turn ordinary internet visitors into mechanical turks to tag photos to train AI systems without paying the workforce.

Think about it: how many hours total did you spend in your life tagging photos for Google and Google never paid you for your work?

[–] [email protected] 2 points 2 months ago

It depends on the captcha and the bot.

[–] [email protected] 1 points 2 months ago

If you run a whitelist firewall, you never see CAPTCHA's. The vast majority on the internet have nothing to do with the website you're visiting. When the website cannot redirect you to the CAPTCHA host site, it just continues on to the intended destination. The only way I ever see a CAPTCHA is if it is hosted on the same server as the site I am trying to visit, and that is very nearly never. I bet the vast majority of them are actually some advertiser collecting more data to mine in addition to whatever fingerprinting they can collect. Ads only work by opening a hidden frame that is basically another browser tab where you then visit the ad server's website. This is no different than visiting them in a browser tab. They can access everything available to fingerprint. If you're using anything Google controls that means they know everything about you down to how dirty your underwear is right now. /s^÷2^

[–] [email protected] 1 points 2 months ago

Manhattan Film Festival has a great short invoking captchas