Captchas te not meant to deter all bots. It’s meant to make it ever so slightly expensive that a mass DDOS attack would be extremely expensive to perform. Think like thousand sof requests per second, all being Captcha’d and how much it costs to run AI. It’s current not a feasible solution.
There is cheaper AI that can solve Captchas though, and it’s only gonna get cheaper.
It’s long been cheap enough that you can pay a call center full of people in a developing country to solve them for you. Going to be a while before AI is cheaper than that.
Having used them to protect a few web sites from spammers filling up forms, they do cut down on the bullshit. This makes things more convenient for the people reading the information coming in from those forms, but I sometimes wonder if it’s worth the cost of everyone else having to pick out the bicycles in the picture.
Also, captchas are meant to gather data to train on. That’s why we used to have pictures of writing, but that’s basically solved now. It’s why we now have a lot of self driving vehicle focused ones now, like identifying busses, bikes, traffic lights/signs, and that sort of thing.
Captchas get humans to label data so the ML algorithms can train on it, eventually being able to identify the tests themselves.
Now it’s making me identify developed pictures from a photo negative. I’m not quite sure what they’re going to do with that training since computers can already perform that task.
I believe this is why Google, and a few other companies, have started using behavioral analysis to figure out if you are human. Did your mouse wonder around the page before clicking to verify? Did you come from another website as if browsing the web? What device are you using and have you used it on this site before? Are you logged into an account? I’m sure they use many more factors, but it’s something that would be hard to replicate with bot behavior on a consistent basis (for now).
Basically yeah, but that has been the case since almost the start of recaptcha. Fingerprinting just got so good to the point that the visual test was not even needed anymore.
Captchas te not meant to deter all bots. It’s meant to make it ever so slightly expensive that a mass DDOS attack would be extremely expensive to perform. Think like thousand sof requests per second, all being Captcha’d and how much it costs to run AI. It’s current not a feasible solution.
There is cheaper AI that can solve Captchas though, and it’s only gonna get cheaper.
It’s long been cheap enough that you can pay a call center full of people in a developing country to solve them for you. Going to be a while before AI is cheaper than that.
Having used them to protect a few web sites from spammers filling up forms, they do cut down on the bullshit. This makes things more convenient for the people reading the information coming in from those forms, but I sometimes wonder if it’s worth the cost of everyone else having to pick out the bicycles in the picture.
They can’t solve them a million times per minute though.
Also, captchas are meant to gather data to train on. That’s why we used to have pictures of writing, but that’s basically solved now. It’s why we now have a lot of self driving vehicle focused ones now, like identifying busses, bikes, traffic lights/signs, and that sort of thing.
Captchas get humans to label data so the ML algorithms can train on it, eventually being able to identify the tests themselves.
Now it’s making me identify developed pictures from a photo negative. I’m not quite sure what they’re going to do with that training since computers can already perform that task.
Also the “select the image below containing the example image above.”
Like… we already have computers that can recognize image repetitions.
So that’s almost certainly trying to gather data to defeat data poisoning. The other image is probably slightly altered in a way you can’t detect.
A common OCR tactic is to turn the image negative and bump the contrast to make text easier to recognize.
It could be a precursor for that step.
I believe this is why Google, and a few other companies, have started using behavioral analysis to figure out if you are human. Did your mouse wonder around the page before clicking to verify? Did you come from another website as if browsing the web? What device are you using and have you used it on this site before? Are you logged into an account? I’m sure they use many more factors, but it’s something that would be hard to replicate with bot behavior on a consistent basis (for now).
Apple and Cloudflare are using “Private Access Tokens”
Some negative implications for the open web I believe
Basically yeah, but that has been the case since almost the start of recaptcha. Fingerprinting just got so good to the point that the visual test was not even needed anymore.