How good are the “Prove that you’re a human” tests?

Many websites make you prove that you’re a human by “Clicking here”, “Select all images with a forklift in them”, Captchas, or similar things. How good are these at actually confirming that I’m a human? I’m just curious since Elon Musk says that charging people to use X is the only way to effectively fight bots. :face_with_raised_eyebrow:

Over time, they get less and less good at proving that you’re a human. Their whole point is to accumulate a database of images which have been graded by human observers as including or not including a forklift, a traffic light, etc. This is then used to train AI systems. The more you train the AI systems, the better they become at taking the test themselves.

The better those particular AIs become at taking the test themselves. Google (who run most of the “click on a traffic light”-type tests) aren’t trying to sneak their bots into websites where they don’t belong.

…And bots are somehow less capable than humans at paying a membership fee? I think that, like so many other things Musk says, you can just completely ignore that one.

A popular version of those here in China is the one where you slide a puzzle piece into the corresponding gap in a picture, insead of trying to click on all the grid squares with whatevers. I’ve no idea how one could get a computer to trick the slide into the gap test.

The power of bots comes from the ability to use them in mass cheaply. If you tried the same number of bots paying a few bucks a month your operating costs would go up orders of magnitude. No doubt exclusive pay services would have far fewer bots than ones where anyone can create an account for free.

I had not heard that it was intended to weed out bots, but I don’t disbelieve it.

Of course, what’ll happen is the accounts will all be registered with stolen credit card info, do their damage, then get kicked off as soon as the cc fraud is discovered. There’s an endless supply of them, sadly.

Re the actual question: The “find a traffic light” ones utterly suck. Is that a blur? or part of a bicycle? etc. I’ve taken 5-6 tries to succeed at one of them. One site I used a couple years back was really obnoxious: it was a WORK website, to which only staff would have access. But we had a CAPTCHA. What the hell?? My best guess was the organization (a state agency) received some compensation for saddling its employees with that bullshit.

CAPTCHAS are worse than useless. Bots are better than humans at solving them now. Recent research here:

Relevant table here:

Whether paid subscriptions are the answer remains to be seen, but it’s absolutely true that we need a solution different from the current approach. Human identity has to be something external, like a credit card or ID of some kind.

There are a lot of arguments for captchas being useless, anyway:

Robots soundly beat humans in bot-spotting captcha tests | PCWorld.

Well, maybe. If you have a stolen CC, you’re probably better off burning it on multi-hundred or -thousand dollar purchase than a cheap social media subscription. People on darknets bid for these things, and it seems like a single bot is of lower value than a single fraudulent purchase. So the botters should be outbid, overall.

Possibly - but a single thief might use that same card on a bunch of accounts, or for a bunch of different small purchases.

One of our cards was compromised earlier this year - and it was used for several relatively low-value recurring charges for several months (30-60 dollars per charge).

Right, but the site can impose a restriction that a given CC can only be used for a single account. I guess you could still get a few bots out of it, across several different sites–but assuming the site has communications with the CC company, it’ll only last until the first of those detects the bot.

I suppose you could use the CC for both things at the same time, trying to fly under the radar as much as possible. But as SenorBeef said above, the power of bots comes from them being negligible cost. Almost any non-zero cost is enough to make them uneconomical.

At least for now. I wonder if sophisticated, interactive bots could have a much higher per-user return. Basically, the AI equivalent of those phone call center scammers (which currently have to employ actual humans, albeit from low-wage countries).

Although I consider myself fully human, my apparent success rate with picture clicking and fuzzy letters is at most 80-90%, plus-minus some uncertainty for how many successes are required. I’ve read chimpanzees have 98% similar genetics to us, so what does that mean?

The fuzzy letters often beat me.

My eyes are bad enough that I have almost no chance of passing one of them. If I get one of those I don’t even try any more. I wonder if I were in the US I could make a formal complaint based on the ADA. The most annoying is my Kobo e-reader. If you try to buy a book from them on their standard site, they just don’t allow it without going through their captcha (which I think of as their gotcha). Fortunately I accidentally discovered another way. I don’t think it violates the rules to tell you, since there is no fraud involved. Simply take one of their advertising emails (of which I get 2-3 every week), click on All e-books, and follow your nose. You will have to open an account, but then you can search for and buy books without the captcha.

My understanding is that nowadays, captchas aren’t used primarily to weed out bots - they’re used to train bots: When a captcha asks you to click on images containing a particular item, you’re providing (for free!) data that can be used by the site owner to train an algorithm to identify these items from an image.

What a self-serving assertion, but it doesn’t surprise me that it’s coming from him. I totally can’t stand the man!

Hey, my Tesla still can’t drive down an open highway without an occasional random braking (it’s getting better); so I don’t think AI is ready to take over the world. We won’t even mention spell-check. (Oops, I did) But thanks to iRobot, it is ready to take over the house vacuuming - but then, I don’t have a dog to leave surprises on the floor for the vacuum.

the problem is - humans are very nuanced, and AI has not yet learned to understand those nuances. Since the early days of computer-filtered content, it’s been common to see complaints about auto-filtering blocking breast cancer sites or LGBT sites. As the saying goes, you can’t make things idiot-proof because idiots are so clever.

And as for human detection vs bots, I’ve known more than a few people who probably would fail the Turing test too.

Is a vacuum even equipped to handle a steaming heap? LOL

My understanding now is that the main ways that websites verify that you are human is:

  • They track how the mouse cursor moves across the screen on its way to the little box you have to check. Humans will move unsteadily, maybe pausing to adjust their mouse or finger on the pad; while bots will go in a straight line. Bots are getting better at imitating humans in this respect.

  • They look at your browsing history. Bots won’t have a bunch of unrelated websites like opposumsinlove dot com in their recently viewed tabs.

Google’s reCAPTCHA v3 does both of those. But it seems trivial to bypass. They need to handle the case where you have no browsing history, because you just installed a new browser, or wiped your history for whatever reason, etc. In that case it seems to fall back to one of the image systems, which bots have no trouble with.

Worst comes to worst, just ask ChatGPT to come up with a plausible browser history.