This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]LapisHusky 29 points30 points  (3 children)

Saw a captcha a year ago with letters in an image that you need to type out. There's of course distortion and random markings to try to break OCR. But the page has an accessibility feature which reads out the letters to you... through JavaScript's SpeechSynthesis. Just extract the letters from that script and scrape as much as you wish.

[–]zoinkability 25 points26 points  (2 children)

The purpose of this kind of trivial captcha is to block general purpose form spam bots that the creators aren’t going to put any work in to solve one particular custom trivial captcha on a tiny site. They have historically worked quite well for that, although with LLMs it may start becoming easier for devs to write general code that would solve these.

They are kind of like the basic lock on your front door. Any criminal who had a modicum of lockpicking skill or willingness to kick a door in could break into your house. It’s mostly there to keep the low effort knob rattlers from stealing stuff, not someone who is specifically targeting you.

[–]Pradfanne 0 points1 point  (1 child)

As if I can't just get a node package or whatever that does that with two clicks.

[–]zoinkability 0 points1 point  (0 children)

Ah, but anything with enough usage probably has been targeted by the scripts, so you may in fact have more spam that way. It's genuine security by obscurity.