A loosely moderated place to ask open-ended questions
Search asklemmy π
If your post meets the following criteria, it's welcome here!
Looking for support?
Looking for a community?
~Icon~ ~by~ ~@Double_[email protected]~
The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I'm human?
That's hardly the Turing Test I'd expected.
Cloudflare has a bot score. Depending on how sus your bot score is you can use several different levels of verification. The checkbox you refer to is kind of in the middle. There is also a more complicated intrusive captcha and a totally transparent javascript. Itβs a pretty slick system.
I like that when I'm on tor browser with VPN behind it they're like "Yeah, cool, go on through"
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
TL:DR cloudflare made a new recaptcha which does some complex math and other stuff on your browser, which done once has no noticable effect but if someone were to scrape websites at an absurd speed it slows everything down significantly.
this is not only cool because you don't have to manually solve the captcha, but also because it allows for low-speed scraping to be feasible, with tools like flaresolverr
Thanks for being the only person in this thread who doesn't joke or talk out of their ass 
Quite interesting really and a genius solution (it they don't lie about not stealing your data)
That's actually kinda cool. Punish the scrapers, but allow regular people to not waste time.
Meanwhile, Google is having you find the zebra crossing for the 400th time....
*training their ai using humans
I'm sorry, but "now"? This has been a thing for at least half a decade. Are you Encino Man? Did you just wake up?
Maybe this is the first time their bot score was low enough to get through with just a tick.
Ha! They must have missed the billboards, front page newspaper articles, TV reports, and public service annou- oh wait.
Others mention the mouse motion, and monitoring your other traffic to similar sites. When it shows the checkbox, it has already determined you are probably human. If you had suspicious activity, they will give you more advanced tests instead of just a checkbox.
Theres a few answrs to this
Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.
Once we discovered it we didnβt block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.
To elaborate on point 1, it's about uniqueness and timing of the path the mouse takes to click the checkbox. If it's too straight or consistent it will red flag you.
I've been told that it's analyzing your behavior from right before you click the button
The newest models already know whether you're a bot or not before the checkbox loads. A massive majority of the internet goes through Cloudflare so by the time you land on a site you already have what Cloudflare dubs a Bot Score based on your behavior across the web.
Checking the box really just confirms what they already know. There's a second form which I'm sure is even more prevalent than the checkbox that renders nothing, requires no user action, but can prevent form submission if you fail the check.
those will fail anyway on a few sites I've gone to. No idea why and sometimes months later it will work for a random interval of time.
Humans have mouse movement that, on August 8, 2024, are very hard to reproduce. But just like regular captchas we are just teaching computers to do the same thing.
Aaaaand why would CloudFlare want to teach the computers to mimic mouse movements?
Whoa what happened on the 9th?
Recaptcha gained sentience
I always fail Cloudflare captchas because I'm clicking it with Vimium-C lol. I hate captchas for making me reach for my mouse. It also seems like a genuine accessibility issue if people who cannot use a mouse can't pass a captcha.
I've found that Google's reCAPTCHA has also started rejecting me no matter what I do. I think it might be because my IP address is a VPN, but that's pretty stupid; if I can pass the test by clicking the squares why not let me in?
reCAPTCHA is a failed project. It was initially designed to lock out bots while being trivial for a human to solve but, over the years, captchas became more unintuitive and bots more sophisticated. Bots are now way better at solving captchas than humans and it's just a useless time sink.
I've found that when Google decides to throw me a captcha, literally no amount of solving them will ever persuade them to let me in. I went through 10 in a row before I gave up.
Just seems like spite to me.
The EXACT same thing has been happening with me and google captchas. I just switched to Proton VPn, and while I like it, the amount of capctchas I've had to poke through is ridiculous.
I think it might be because my IP address is a VPN, but that's pretty stupid; if I can pass the test by clicking the squares why not let me in?
They want your tasty IP data
That's when I just use another search engine.
Reddit blocks VPN and won't let me in. OK bye reddit too lazy to turn off VPN ffs