cross-posted from: https://slrpnk.net/post/10158671
Aren't captchas used to better train AIs to be able to recognize stuff?
this post was submitted on 26 Aug 2024
874 points (98.7% liked)
Programmer Humor
19166 readers
562 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
That's the idea of those "which pictures contain bikes?" ones and the ReCaptcha (where you had two words from books). In the book one, one of the words is known and the other is not. They'll present the same unknown word to people until they get a clear answer from many dozens or hundreds of entries, using the known word as a control. Then that other word goes into the known words category.
Meaning, if it's wrong, you're a human?
Honestly, I'm not mad if AI fully defeats captchas to the point they go away. They almost always fail to be usable via accessibility tools. These things might block some automated systems, but they also block people with disabilities.
What will you replace them with? They won't go away, they will just get harder
When I ran a public installation of web forum software (more than a decade ago), I got spambot registrations, then I think I just set up a captcha where users had to answer some really simple question; this kept the spambots away.
That worked because you were not personally targeted. Someone could defeat this system if they wanted to
Yeah, it's about barrier to entry. Any question will bypass dumb automation, even hard captcha is defeated by a Task Rabbit or Fiverr job to make 10 accounts and post some s#!t
Probably at some point in the future, the automation tools they're using will support throwing in a GPT API token. But AI calls aren't free so maybe we'll squeak by.
There's also the real possibility that if somebody is actually using AI the bot text will be good enough that nobody will know for certain it's a bot.
Anything that doesn't involve the user noticing it ever
DRMs and ring0 checkers are not a solution
Got crowdstruck
"lick this and tell me what it tastes like"
Most bots out there aren't backed by chat gpt. We had a flood of Russian boys using a sign up for on a site to send spam emails by putting the spam in the names and address fields. Slapping the most basic of captchas on the page solved it.
To be fair, most boys aren't as sophisticated as bots.
At least it got the last letter kinda wrong.
:(
They're not usually case sensitive.
Maybe that's how you can tell chatgpt has done it, it bothers to put some letters capitalised 😅
I mean, it got the case right on every other letter.
Now all the people they pay to solve these captchas will have to go find other work 😢
I'm more worried about Google's income. How can they afford to spy on me if they aren't being paid far out the ass to host what will soon be security theatre.
moldy meme
Fun fact not only to captchas monitor your input but also can analyze how you input it. If you mouse moves in a perfectly straight line if all your key presses are precisely spaced, you are probably not human.
Both of those seem trivial to circumvent.
They were used as example heuristics by Google marketing when they launched the checkbox reCaptcha. They were just simple to understand things for marketing purposes, but in reality Google checks many different signals and isn't based on mouse movements. But people keep repeating the example from the ad.
Yup they are called humanizers
Sure two additional cases not that bad, now just keep adding them up. Like anything security related it's not 100% perfect you just have to make it annoying to break.
Meanwhile mathematicians working on cryptography: the universe will die before you get even 10% chance of cracking encryption.
Security by obscurity is no security.
No. Security through obscurity is bad security, but it's still an additional layer. And since there's literally no way to 100% ensure that a machine is being controlled by a human, there's literally no other way except saying "fuck it" and not doing any security at all.
Security by design is 100% perfect. Security by obscurity is far from it
"p" should be lowercase, the metalbags aren't that good yet.
metalbags
metal, semi-metal, plastic, fibre-glass.
If you just talk about the material of the bag, yes, it is mostly metal and plastic. The costlier the stuff, the more the metal.
Nowadays there are some really annoying CAPTCHAs out there, such as:
- "Click over the figures that are upwards/downwards" and various rotated bears
- "Rotate the figure until it matches the given orientation" and a finger pointing to some random direction, as well as rotation buttons that don't work the way you would mathematically expect them to work
- "Select all the images with a bicycle until there are none left" and the images take centuries to fade away after you click them
- "Select all the squares containing a bus" and there are squares with the very corner of the bus that make you wonder if they are considered as part of "squares containing A bus"
- "Fit the puzzle piece", although this is the least annoying one
In summary, the CAPTCHAs seemingly are becoming less of a "prove you're not a robot" and more of an forced IQ test. I can see the day when CAPTCHAs will ask you to write down a Laplacian transform for the solution f(x) to the differential equation governing the motion of a mass considering the resistance of air and aerodynamics, or write down a detailed solution to the P versus NP problem.
They'll make you listen to Vogon poetry. If your head explodes, you're not a bot.
Those "select tiles with a bicycle" are us training image recognition programs.
at that point i just assume im the one they are keeping out and just close the tab
AlrightThenKeepYourSecrets.gif
Sony has the most annoying ones, which are designed to prevent people from submitting tickets. They'll show you like 10 dice, and ask what they add up to. They make you solve like 16 of them before they let you continue. Shit should be illegal.
The math ones are ridiculous.
Guess what computers are inherently great at?
Math.
Because they're not there to stop computers, they're there to stop people from getting legitimate support from a company that owes it to them.
No, CAPTCHAs these days track mouse movements and other factors. They make you second guess if something should be included because, as a human, that's going to be something you do. And it'll be obvious from both that hesitation and your squishy, inaccurate mouse movements that you're a human.
Can't track mouse movements on mobile though
Motion sensor
They can't without the given permission from the browser to do so. While they can indeed track the mouse, when they try to access mobile motion sensors (I'm considering a CAPTCHA inside a webpage being accessed through a mobile browser such as Firefox mobile or Chrome for Android), they need to use an HTML5 API that, in turn, will ask the user for permission, something like "This site wants to use sensor motion data. Allow or block?"
You used to could, on Blackberry at least.
It's when they make you do like 20 of them. Bitch you already stopped the DDOS let me see my balance fuck.
view more: next ›