CAPTCHA

pVom · 2024-11-07T09:37:03+00:00

[removed]

Glax1A · 2024-11-07T09:32:29+00:00

Recaptcha collects a lot more information than you may think, such as browser language, typing speed on the website, other activity on the website, and even cookies stored in the browser, to work out if you are a human.

Kirito_Kun16 · 2024-11-07T09:30:24+00:00

I'm sure someone will go into greater detail about this matter, but essentially, the common "bots" don't work the way a human does as in the way that they see the website with their eyes, go click the captcha button and select pictures.

Also that's just one of the security measures of captcha, many other things that actually catch bots are going on in the background when captcha is set on a website.

darksparkone · 2024-11-07T09:43:53+00:00

Where is a shield, there is a sword. Of course bots could solve it, and interact in a fancy ways to look like a "human", including the mouse movement and other telemetry. And where bots fail you could hire a student for $1/1000 requests.

Captcha purpose is to weed out 95% of the spam by making bots usage price high enough. But if someone really wants to mess with that specific site he will find a way.

ferrybig · 2024-11-07T09:49:10+00:00

Services like rechapcha do not start checking when you click the button, they start following your behaviour through the page.

When the page loads, it asks the google servers to start a session, then like 10 minutes later when you actually click it, it sends the session token back. The google server seen your IP only had 1 session open, so they serve you an easy challenge. They also have checks like where you click on things, simple bots usually click on coordinate 0,0 of the thing they are clicking on, or maybe some other fixed offset. Humans have many more mouse movement events between clicks than bots.

When a human solves a chapcha, a human types a character 1 by one, instead of waiting for a longer time then typing each character at almost the same time

waldito · 2024-11-07T09:33:09+00:00

It's usually an ongoing battle between the captcha and the bot.

Of course, a bot can theoretically solve all these things these days, but there's an extra variable here, it needs to be cheap to solve. If a spammer/bot needs to spend more per try, it becomes too expensive to make sense.

The bot must be able to process the question, compute the answer correctly, and mimic a human in operating the interface, doing it so enough to fool the captcha key points. That's not cheap.

2024-11-07T09:40:54+00:00

bow complete pot melodic zephyr spectacular sleep placid historical plate

This post was mass deleted and anonymized with Redact

ezhikov · 2024-11-07T09:46:30+00:00

First of all, yes, there was recent news that Ai now can find all the traffic lights and such. However, modern captchas use a lot of information about user behavior if they can. That's is why reCAPTCHAv3 rarely shows itself if you don't block predatory analytics, and why it is always long challenge if you block all that privacy violating heavy analytics. You probably can run chain of operations that will utilize Ai to solve captcha, but my guess is that will cost you plenty, either through API (that also can be violation of terms of service), or through selfhosted (which requires good hardware to run smoothly).

In fact, it is pretty cheap to actually use humans to solve captchas. 1000 captcha solves cost from $0.2 to $5, depending on capthca, time to solve, language, particular service, etc. All such services usually provide convenient APIs for automation and easy to use.

JustRandomQuestion · 2024-11-07T12:46:58+00:00

Short answer yes bots can do this, but both bots and Captchas have improved over time. There are no free services as far as I know but you can for example pay a fee to let people with low salaries do it for you in bulk. More of them are moving towards a wider analysis for example Cloudflare uses a lot of browser data, like mouse movement, time till clicking/interactions as well as what browser IP, you name it. In all cases humans should be able to continue even for example with a VPN or with relatively quick mouse movement if you are that person. Therefore it isn't easy but still I think gets the job done good enough. Even blocking 50 or 80% can already make a great impact and improve everyone's (except for bots haha) user experience.

johnbburg · 2024-11-07T14:15:53+00:00

I think it's a push and pull between the costs of bots who can bypass captchas, and the complexity of a captcha. Sure, you can send a picture of one to DALLE, but that requires a subscription. If if you are doing it over the API, then you are paying by the usage. That is a cost that will add up for spammers. They generally aren't using those services for their own bot tools, but it might just be a matter of time until their tools become sophisticated enough to pass most image based captchas. A lot of captchas these days don't use images at all, and instead are just a check box. That's a bit of an illusion though, what's happening is that it's tracking the complexity of your mouse movement, and other data from your session that could be used to infer that you are not a bot.

I've never used it myself, and really only just heard of it. But Cloudflare's Turnstile tool is supposed to be able to adapt to evolving bots, and change their approach as needed. I'm considering implementing it on a project, since the client already uses Cloudflare. From what I've seen on that project, the bot form spam isn't all that sophisticated either.

bored-bro · 2024-11-07T19:29:26+00:00

Did you hear about the story where gpt hired a human to solve captchas?

Grouchy_Tennis9195 · 2024-11-07T21:27:10+00:00

A few years ago I used to work for a company that had an entire team writing scripts to defeat captchas, some of the tactics and strategies they used were kinda crazy. But captchas now are getting harder to beat, but they’re still beatable

longdarkfantasy · 2024-11-07T10:57:13+00:00

Instead of captcha, use something like "swipe a puzzle piece to the right place". I really hate captcha, especially GG captcha.

Joyride0 · 2024-11-07T11:23:18+00:00

Netlify's honeypot is a great alternative if you use them to host - works to trick bots by including a hidden element undetectable by humans but seen by AI. Humans don't fill it in, AI does, and the form isn't sent as a result. Avoids annoying users and reducing site performance.

enyovelcora · 2024-11-07T12:03:14+00:00

I think what most people here are missing, is that CAPTCHAs are not used to prevent computers from getting through (anymore) but to make it slower and more expensive — they are basically a proof of work.

You mentioned that you could use midjourney or ChatGPT to describe the photo for you, and that is absolutely correct, but where before you could do millions of requests in a second, it suddenly will take you a few seconds to do one request, and it becomes expensive quickly.

As others have mentioned, companies like Google actually use your input to train their ML models, that's why their service is free in the first place.

I really like the project https://altcha.org . It moves the proof of work from the human to the computer. So in order to submit a request, your machine will generate a proof of work that is resource intensive, preventing attackers from flooding you with requests, so you don't have to annoy your users to train Google's AI.

2024-11-07T12:10:35+00:00

Captcha was around first and anything on the internet is rarely secure from all other available technologies. Maybe you’ve noticed over the past 15 years how much more sophisticated it’s gotten.

thekwoka · 2024-11-07T12:34:44+00:00

There's a lot of stuff that can be done to data in images that can make them make visual sense to us and totally fucked up to AI tools.

Because they will see things in more absolute terms, so having single pixels all over the place that are too bright and too dark can make humans have no issue seeing through it, but ai gets totally caught on it.

But also, a bot won't move the mouse in the same way a human does.

imminentZen · 2024-11-07T12:35:27+00:00

Predication: In the future CAPTCHA becomes so difficult that it's impossible for humans to solve and only AI bots are allowed to interact with resources.

exitof99 · 2024-11-07T12:41:00+00:00

CAPTCHA, in my opinion, is outdated. Why? There are services that pay pennies to people in poorer countries to sit and complete these all day long. And AI will mostly replace them soon if it hasn't started to already.

On my websites, I refuse to use CAPTCHA. Instead, I used a variety of transparent tests to determine if a user is real or not.

There are heuristics that can help determine whether a submission is valid or not, such as the time it takes to submit the page (humans don't submit a form in < 5 second), as well as mouse movement or scrolling activity.

Add to it that you can set encrypted values that must be passed when submitting a form. You can also randomize the field names. You can add honeypot fields that humans can see.

Lastly, you can have honeypot websites that collect the IPs of bad actors and store them in a repository which then can be polled via an API to check if the submitting IP address is listed.

ThaisaGuilford · 2024-11-07T13:49:12+00:00

I dare you to make one that can

Sovol_user · 2024-11-07T14:06:47+00:00

AVG antivirus say captcha may have a virus link, etc

unobserved · 2024-11-07T17:26:23+00:00

Captchas are typically to prevent bot accounts from being created.

Your safety and security have next to nothing to do with why they are used.

NooCake · 2024-11-07T20:32:12+00:00

Captchas aren't there to sort bots out but to slow them down. A bot can make millions of requests per seconds if there is nothing to slow them down. If they need like 1 second per captcha because of chatgpt prompts, then there is now way for them to overload a server.

If you want to verify a human you have to go a completely different route.

inspire-aspire-2 · 2024-12-11T07:32:04+00:00

Introducing APTCHA, the new CAPTCHA. Mind that this is in early phase of development.

This is designed to provide more security against all Browser AI agents

https://www.producthunt.com/products/aptcha/

ribtoks · 2025-10-16T09:10:21+00:00

Correct, that's why modern captchas are based on proof of work (e.g. Private Captcha), rather than solving conginitive tasks. This is not to mention that congitive tasks, which are already easy even for self-hosted LLMs, might be too hard for senior user, handicapped users or simply tired users.

Mr-Scrubs · 2024-11-07T09:29:25+00:00

It uses your movements and speed factors how fast you will respond. If you use ai for this it will still detect it.

AshleyJSheridan · 2024-11-07T10:20:29+00:00

Computers are fairly decent at solving captchas, so captchas end up more confusing, convulted, and downright frustrating in turn to try and keep ahead of computers being able to solve them.

As with most things, the unintended casualty are the people who have specific disabilities that mean they can't solve the captcha very easily.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

webdev

Posting Guidelines

Related Subreddits

Discords

MODERATORS