^^
Yeah, sometimes, it amounts to that. I’ve often seen captchas that wanted me to pick all buses/taxis/bicycles/tractors or whatever from a collection of very low-res, grainy pics where you barely could make out that they were street scenes. That’s always a guessing game and very frustrating. But then, I see more and more cases where I just have to click “I am not a robot” or a link “solve captcha” and that’s all that’s needed to proceed.
For work we have to setup our devices to constantly clear browsing data, which means all of those “not a robot” checkboxes expand into a full-fledged puzzle. Every. Single. Time.
~Max
What is the point of all those “I am not a robot” checkboxes? That would seem to be a trivial thing for a robot to do. What does it prove? (Is there some obscure behind-the-scenes HTML there that’s supposed to be hard for a robot to parse?)
Something else I’ve noticed seems to be going away: Those “security questions” you are sometimes asked in order to log in. Questions like “Who was your favorite teacher?” or “What street did you live on as a child?”
Last time I had to recover a lost (expired, I suspect) password, that didn’t work any more. Instead, they sent me a one-time log-in code to my e-mail.
Probably not? I consider myself slightly smarter than the average bear. However, not apparently smart enough to tell if some fuzzy, out of focus picture is the final remnants of a succulent at the edge of some box. Who comes up with these things? Who came up with the idea of evading them by paying fivers to people to identify catalytic converters?
Long overdue; who was stupid enough to invent these identity-theft aids in the first place?
I posted a vent about this last summer - since it was my workplace that required it, numerous times a frickin’ day. The upshot was these are being used to help train self-driving cars.
I have to assume there’s some money changing hands somewhere, from Google (or whatever) to those sites who’ve been persuaded to implement them.
As a fun side note: there are a lot of rumors out there that fun games on Facebook like “your porn name is your first pet’s name, plus the street you lived on at age 8” are ways for ID-theft harvesters to get that kind of info.
There are Youtube videos explaining how it works.
Basically, they track the movement of the mouse pointer on the way to the button to check if it’s sufficiently random for the movements of a real human hand.
There are also people who claim to have engineered robots that can fool it, but it’s not as simple as sending a mouse click to the checkbox by script.
HTML is the markup language. Google reCAPTCHA is a javascript API, and I assume they constantly change the underlying script to outfox robots.
~Max
Today I went to pay a small speeding ticket fine ($35 – I was 1 mph away from falling into the $100 ticket category) and there was a CAPTCHA both to view my video and to pay my ticket. Who in the hell is webcrawling parking ticket sites to get to the payment portal for individual tickets? Is this really necessary? It had one of those “check if you’re a human” boxes, but all four or five times I went through the site, I had to do the stupid CAPTCHA picture test. “Pick all the boxes that contain a motorbus.” “Motorbus”? Who the hell calls it a motorbus?
Locally at least, there’s a scam associated with speeding tickets.
Interesting. At least there’s a reason for the madness.
Maybe. Ask me again when I gsbent had PayPal and Amazon trolling for these already today.
The backend of the box actually runs an encrypted virtual machine in Javascript. That VM runs a risk analysis engine that looks at things like your mouse movements and your browser history. It combines these factors into a “not a bot” score. No one knows exactly what these factors are since that would require reverse engineering the engine (possible since it runs client-side, but not easy). If they did, it would probably be fairly easy to bypass, though it might still slow down the bots by requiring slower fake mouse movements, etc.
Right, if you click the checkbox and it just lets you through then it already had enough of a fingerprint on you (via trackers from other websites, cookies, heuristic analysis, etc.) that watching your mouse movement when clicking the checkbox was just a final confirmation of what the system already believed, that you’re a real person.
If the system has no fingerprinting on you because you block trackers and ads, clear history and cookies regularly, or run through a VPN, then depending on the website’s settings the checkbox may be completely perfunctory. It’ll throw you into the image identification mode regardless.
If you find that you’re not let in after one round of finding the crosswalks, stoplights, mountains, bicycles, or buses, it may not be that you got anything wrong, but the algorithm had a new set of images to process and you’re helping to train it. Once those images have gone through enough people, it can determine which ones are correctly identified and then use them for actual verification. The older text versions where you’d have one word with a couple of lines through it or distortions, and another that looked like a scan from a book, only actually used the first word for verification. The second word didn’t have to be entered correctly to get through, since it was in the process of training.
Supposedly those training words were also being used to improve the text recognition algorithms for scanned books, and more recently for autonomous vehicle AI and reading of street signs, addresses, and whatnot. I’m not sure how much of that is actually happening, versus Google just using images that are already part of their street view and books databases.
Amazon still uses the scratchy words.
Damn. I’m Sniffer Garfield.