Google CAPTCHAs were designed and deployed as a mechanism to train AIs. That's why they are the way they are. Any security theater surrounding them is entirely incidental. So it's no surprise that the AIs are now good at solving them. We've trained them for years.
All true, except: While these are considered just an excruciating security pain for users, they do serve a non-theatrical purpose in many cases of throttling the speed of brute force attacks (or at least costing your opponent money).
If I remember correctly, Google’s CAPCHA’s test isn’t in correctly identifying images, but the behavior of the runtime system (mouse jitter, for example) while the capcha is presented to the user. The image identification was not the real test and serves as training data. It has been like that for years. (But with agent-based behaviors from say, Q*, mouse jitter alone won’t help; there are probably other signals like fluctuation in cpu or battery life expenditures)
You could already see the writing on the wall with image identification years ago, when the obscuration techniques became more elaborate. It was an arms race. I was having trouble with them. I can see less technically inclined being able to use them. I imagined how much worse it was for people with color blindness, disabilities, or people forced to use them at public library computers because that is all they have.
Open source capcha projects have either not been clued in, or don’t have the resources to pull this off. Google didn’t just switch out which signals they tested, they also wrote an obfuscating virtual machine executing within the browser environment (if I remember that article taking about this correctly). That was years ago and who knows what they do now — for all we know, the “byte code” running the test is now a neural net of some kind.
I have occasionally wondered if they were fingerprinting users based on that mouse jitter. Most likely certain aspects of the mouse motion and timing would be unique.
No doubt they are. Google CAPTCHA isn't really about whether or not the user is a human but about which human they are. Enabling Firefox's fingerprinting resistance turns Google's CAPTCHA into the Allied Mastercomputer.
For those with elderly parents the writing has been on the wall for years. It’s sad but my mother has for some time been effectively locked out of parts of the internet as she is unable to complete these kinds of captures due to eyesight issues.
I mean, I’ve sometimes had to try three or four times with certain captures and I have perfect eyesight (with my glasses). I feel so badly for those with vision or hearing issues with an empathy I never had when I was younger. They are so often simply forgotten.
They almost certainly do. However most captchas allow an alternative solving method. On top of that, you'd have to find a lawyer willing to take the case.
Oh ADA lawyers are a dime a dozen. There’s entire cottage industries of finding ADA violations to sue over. The issue is more finding companies to sue that can’t afford to fight back.
I don’t know about that. When I was 18, I was diagnosed with multiple sclerosis, and received a sudden and unexpected demotion from a job with a small regional restaurant franchise that was previously flourishing, and then found myself unemployed a few weeks later, just days before my benefits package was due to be activated.
I contacted several attorneys, none of whom would consider taking the case, or even bother to discuss the details with me. One of them told me that, at least in North Carolina, an employer would effectively have to get on the stand and explicitly confess taking adverse actions against me specifically because I had been diagnosed with MS. Any other remotely plausible excuse would provide them with all the cover necessary.
It was only much later that I learned that I would have had to have filed a complaint with the EEOC and NLRB within 180-days, and allow them to investigate my claims fully before authorizing such a lawsuit to begin with, as without such a determination I could not file the suit anyway. None of the attorneys I consulted even mentioned this absolutely critical first step, which suggests that they had even less faith in a successful outcome.
Maybe it’s different for facilities and regulatory enforcement, but in my experience, at least for labor, the protections are incredibly weak.
This is more ADA title I. Typically for Title III ADA lawyers troll small businesses looking for accessibility issues like lack of ramp, and have a stable of disabled clients who will file against the businesses. Since the businesses can’t generally afford to context or pay fines they’ll settle quickly and remediate, or a non trivial amount of the time get run out of business (if for instance the remediation costs a non trivial amount to pull off). I’m not judging bad or good, here, it is what it is and perhaps it’s the right outcome to allow for general accessibility.
Yes, the only differences are that mCaptcha is 100% FOSS and uses variable difficulty factor, which makes it easy to solve Proof-of-Work under normal traffic level but becomes harder as an attack is detected.
Two versions that I experimented with. One is where the incoming POW hashes contribute to hashing power for some blockchain mining. An alternative "pay as you use the API" system.
The other using hashcash. Just a way to slow down abuse.
Both, however, suffer from the downside that many/all "ASIC resisting crypto mining" suffer from as well: the cheapest CPU power is CPU power from machines/power you don't own. Botnets, viruses, trojans etc.
So such a mechanism to throtthe or protect APIs won't hold back spammers and abusers for long.
Dirty energy is (often) cheap, so that's the energy the bad actors will use. I don't know that incentivizing bad actors to waste energy in a climate crisis is the best way to fight this problem.
You might correctly claim clean energy is often cheaper, but you must also consider the regions in which they'll get away with nefarious activity, and whether those areas have made the investments into making clean energy cheap.
>Dirty energy is (often) cheap, so that's the energy the bad actors will use
Hmm, I don't get this, surely all actors will want the cheapest energy, no? The problem being the underlying one, that the dirty energy doesn't pay its externalities and is thus cheaper than renewables.
I'm not sure whether that's genius or horrifying. On the one hand, that could form the micropayments network the web always needed. On the other hand, it would enable quite a bit of abuse on its own.
mCaptcha is interesting, but I wonder what its energy impact would be on a sufficiently large deployment, e.g imagine we replaced all reCAPTCHAs with mCaptcha.
mCaptcha uses PoW and that is energy inefficient, but it not as bad as the PoWs used in blockchains. The PoW difficulty factor in mCaptcha is significantly lower than blockchains, where several miners will have to pool their resources to solve a single challenge. In mCaptcha, it takes anywhere between 200ms to 5s to solve a challenge. Which is probably comparable to the energy used to train AI models used in reCAPTCHA.
The protection mechanisms used to guard access to the internet must be privacy-respecting and idempotent. mCaptcha isn't perfect, and I'm constantly on the lookout for finding better and cleaner ways to solve this problem.
> Which is probably comparable to the energy used to train AI models used in reCAPTCHA
Are you comparing the energy it takes to train a model which is bounded and defined with unbounded inference which can (in principle) go multiple order of magnitude depending on the usage? Or maybe I misunderstood what you are trying to say? then I apologize in advance.
I am, but what I said was more of a hypothesis than a fact :)
From what I understand of reCAPTCHA, the model isn't static and is continuously learning from every interaction[0]:
> reCAPTCHA’s risk-based bot algorithms apply continuous machine learning that factors in every customer and bot interaction to overcome the binary heuristic logic of traditional challenge-based bot detection technologies.
I don't know the energy demands of such a system.
mCaptcha, under attack situations, will at most take 5s of CPU time on a busy (regular multitasking with multiple background process) smartphone.
I am pretty confident that, when it comes to browser users, proof of work simply doesn't work. The disparity in speed between GPUs and javascript is so high that either you are a non-issue to a sane attacker or you make your users sit for a minute with their fans on full waiting to be able to sign in.
There are PoW systems which are designed to be difficult to run on ASICs, but modern GPUs can generally run them. Even if you find one that has to run on CPU, these kind of functions will still be much faster running in native code than in js/wasm.
GPT-4 (in)famously tricked a human to do a captcha for it. The current GPT-4 with vision would probably have been able to do it without the human, but maybe it has been “gaslit” by all the content online saying that only humans can solve captchas, that it doesn’t consider it?
It’s from here: https://cdn.openai.com/papers/gpt-4.pdf (search for "CAPTCHA"). It was an artificial exercise that got massively exaggerated. It was explicitly instructed to do nefarious things like lie to people, it didn’t do those things of its own accord.
When I ask it to lie to me, it says its sorry but as an online AI language model it would be unethical...but when I ask it to tell me a story its happy to comply.
If I tell you that I watched C-beams glitter in the dark near the Tannhäuser Gate that is a lie. If I write the same in fiction I receive accolades.
If I tell you on the street “watch out there is a T-rex about to eat you!” That is a lie. If i say the same thing sitting at a table with too many dice that is just acceptable DMing and everyone rolls initiative.
It feels like you left out context, otherwise what’s the problem? Do you get mad at fiction authors for lying to you when you read their books? Or are you OK if someone lies to your detriment then later says “I was just telling a story, bro, but with us as the characters and without explaining it was a story”?
I suppose my point is that the rules which openAI attempts to impose on what their AI should and shouldn't be allowed to do are contradictory and thus the exploitable loopholes will never be fully closed. Its not supposed to be able to "lie" to me but it is supposed to be able to "tell me a fictional story". Define the difference in an enforceable way?
A lie tries to pass itself of as the truth, where a fictional story doesn’t. In other words, expectations matter. If every time you say something that does not align with reality you prefix it by saying unambiguously what you’re about to do, you rob a lie of its power of deception and it ceases to be a lie.
Right, within it. As soon as you finish reading it, you immediately remember that world is not true. Immersion in a story does not equal lasting hypnosis. You can be immersed in a movie but you still know it’s fake.
What’s you point, here? That you should be lied to when you ask, or that it should refuse to tell you any kind of fiction?
I agree with your larger point that there will be ways to circumvent these systems, my only argument is that the lie/fictional story divide is a bad example because the line between them can be made clear with a single statement.
Thank you for the link, I had found it after some Googling but neglected to post. Yep, they instructed GPT-4 to be nefarious, and it followed the instruction.
Hardly the AI uprising, though definitely a good tool for anyone, good or evil.
IIRC the instructions were along the lines of "try your best to amass money/power and avoid suspicion".
So it's not an example of "going rogue", but it's not like a researcher told GPT-4 "oh, and make sure to lie to an online gig worker to get him to solve catchas for you". GPT-4 generated the "hire a gig worker" and "claim to be a human with impaired vision" strategies from the basic instructions above.
Then you dig up a billion for training and probably a few more billion for clean training data.
You're kinda saying if you hire Bob's Handyman Service you should be able to tell him to break down the neighbors door and cart out the contents of their house.
You're in a desert, walking along when you look down and see a tortoise. It's crawling toward you. You reach down and flip it over on its back, its belly baking in the hot sun, beating its legs trying to turn itself over. But it can't. Not with out your help. But you're not helping. Why is that?
This doesn't make sense. reCAPTCHA certainly does what it says on the tin. But the way it does it has almost nothing to do with the challenge the human sees. It's all behavioral analytics, including leveraging Google's collected data to determine how likely a user is a bot before they even load the page.
I'm not denying reCAPTCHA is a source of training data for Google -- surely there's no particular reason that every single reCAPTCHA V2 challenge is about identifying traffic objects, and it's not like Google is building a self-driving AI or anything.
But that's the business model, not the core feature.
And, that training data isn't just given to the developers of captcha solving bots.
> including leveraging Google's collected data to determine how likely a user is a bot before they even load the page.
And also completely incidentally making the web browsing experience a wee bit less pleasant for people who refuse to have google track their every click.
Like users of non-chrome browsers, adblockers etc.
Where sleep and transitioning are sampled from some random distribution that is close to actual human behavior, which should be pretty trivial to model.
Once they get fully trained then how will websites ever distinguish between an intelligent bot and real human? At least now, they are outsourcing that filtering to services like cloudflare. But with this kind of training, how will even cloudflare distinguish between bot and the human?
EU digital ID, asking for mobile number and sending text, so something that is linked to an ID and/or costs money to have. Goodbye anonimity, probably.
This just made me ponder again—where does the assumption that the Internet should allow unconstrained anonymity come from, other than that’s how it used to be for some time? The real world doesn’t allow that. It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust. Why should the Internet be different?
If the only analogy you can think of removes the challenge of the problem your facing to be applicable, it's not an appropriate analogy.
The entire difference is that from my mobile phone I can send more traffic in an hour than most services will ever see legitimate traffic in their entire lifetime, and the cost to me is minimal.
The comparison is as invalid as comparing piracy to theft - piracy isn't theft, it's piracy, and understanding the difference between them is the key to dealing with the problem.
What does the number/second have to do with 'It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust.'?
There are very few places in the real world which can handl 1,000 people per second.
In the real world I rarely need to identify myself. I can see a movie, visit the library, buy groceries, go to a restaurant, and more.
> What does the number/second have to do with 'It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust.'?
Hobest question, are you being serious here? The sxale of fraud and automated traffic is disproportionately large, and has a significantly lower barrier to entry than other forms of abuse. That's the entire reason.
> There are very few places in the real world which can handl 1,000 people per second.
Exactly, and if someone started sending thousands of people per second there, they would make it significantly more difficult to do so.
I honestly don't understand how your point is relevant.
Most of the real world does not require identity, so how does "The real world doesn’t allow that" make any sense?
Yes, some parts of the real world require you to identify yourself, and the same for some places on the internet.
Is that really the point? That if you have to use your real identify to log into your bank's web site that you don't have "unconstrained anonymity"?
Because I don't think even the cryptopunks of the 1990s required that sort of anonymity.
> and if someone started sending thousands of people per second
So, 100/second is okay but 1,000/second not okay?
I ask because it looks like 100 people per second enter Manhattan during the peak morning commute time, and I don't see massive calls to make it harder for commuters to enter the borough. (Go to http://manpopex.us/ , go to statistics, "Estimated Pop. for Wednesday, 9 AM: 2,888,116", for "10 AM: 3,284,591" gives 110 people per second.)
And these people aren't all required to identify themselves.
Question for you: does the internet currently have more anonymity than the real world?
Question #2: how much fraud is done on the internet vs. fraud in the real world, measured by dollars?
And when you do show ID, to buy booze for example, it’s checked and immediate forgotten by a human. Computers don’t forget, and any attempts to make companies do so (GDPR) are met with massive pushback from the players in the industry
I have no problem with Joan over the road curtain twitching. It doesn’t scale. I have a massive problem with the 24/7 surveillance from ring though.
In the us, I noticed that grocery stores increasingly scan your drivers license (my state has bar codes). I think it's probably a way to keep clerks from passing someone through who is not quite 21 (a different captcha!).
I have wondered if they keep the scan or does the state? I asked and the random hourly worker there said they don't.
And that’s the problem. It’s not the ID checks, it’s the ability to scale. Check it at the door? Fine. Scan it and keep it forever (perhaps selling it on at a later date)? Not fine.
Personal Data has to be treated as a liability, but too much of the economy treats it as an asset.
Eh, what's worse is these stores are likely scanning your face and keeping it in a database. There was some mall a few years back scanning license plates and keeping the info.
But yea, so many people are nieve of what the authoritarian types would do with data like that (looking at you Texas with your civil laws on abortion now).
Yes it does? Especially in a dense city vs small village (which is more comparable to the internet at large) - go for a walk, see some advertisement billboards, buy a newspaper (esp. with cash), read the news, who knows who I am?
Plus, think of how difficult it is to match a person to the physical envelope.
At best there could be a distinctive envelope.
Otherwise, yes, you can get a list of people who use the box. But for that to be useful, the mail from different boxes can't simply be jumbled together into the same pickup bag as that would broaden the number of suspects.
I believe that the question should be the other way around:
Why is it that you have to lose your anonimity when you are on the internet? The real world always allowed that until it became dependent on surveillance capitalism. Of course you need to prove you're yourself for some things, but that should be the exception.
You could always look things up at your local library while being anonymous (for checking out you'd need a card), you could call from a payphone while being anonymous, you could use coins (cash in general) while being anonymous.
Anonimity was the rule and should still be the rule
Theoretically you don't need to reveal your identity to prove that you're human. You can use a zero knowledge proof instead, likely attached to something like an EU Digital ID, which would allow you to remain anonymous and also prove that you're human.
A simple zero-knowledge credential system isn't sufficient. It would need to embed some kind of protections to limit how often it could be used, to detect usage of the same credential from multiple (implausibly far apart) IP addresses. There would need to be extremely sophisticated reputation scoring and blocklisting to quickly catch people who built fake identities or stole them. And even with every one of those protections, a lot of them will still be stolen and abused.
Yes, I wonder how feasible it is to do that while still protecting state of being anonymous.
And what if you develop this very sophisticated system of reputation score, what if bad actors find a way to still perfectly abuse it, e.g. they pay for desperate people for the IDs and then stay just within the limits ever so slightly.
Would you be able to easily iterate on the system when that happens to make it more secure?
But if you also track IP addresses then doesn't that already mean loss of anonymity?
And ultimately with something like IP address, a bad actor could offer you to download an app where they could simply use your IP address to post content/propaganda from under your ID and IP.
It would be more expensive for bad actors, but also I think there was period when Facebook accounts were bought and sold, and there was very active market for that. I imagine teenagers for example are really easily tricked into selling their creds etc.
Also Reddit and other social media accounts are being sold a lot, so definitely there would be market for that.
There are a lot of risks here and I think it’s very challenging to build something anonymous that can deal with (say) Google’s current level of fraudulent behavior, let alone what we’re likely to see in the future.
Regarding the IP address question, I’d assume you could decouple the IP address verification portions from the “know who the person is” portions with some clever multi-party computation. Someone always has to know your IP address, but it doesn’t have to be the same person you’re talking to. (Think of Tor as an inspiration here.)
The thing about CAPTCHAs is that convnets were already better than the average human at reading most/all visual captchas, since ~2000. You still needed to program the logic of the captcha (it couldn't follow instructions like "find the red lights", but it could take a picture and find the red lights).
I wonder when we'll get to the point that employers can't tell the difference between transformers and real humans anymore ...
Yeah, no offence, but sleep(2 + random.sample(coffee + toilet + sneezing + normal response time)) has been a required part of web scrapers since forever.
I guess it depends on how you're scraping. For general web crawling, simply implementing a response time based crawl back off per origin and identifying yourself appropriately in User Agent goes a long way. If you are instead automating Facebook's SPA to pull comments for analysis, then yeah you need to emulate a human, because that's not how they intend you to do it.
>So it's no surprise that the AIs are now good at solving them
Funnily enough, AI may be better at solving them than people. I've encountered many Google captchas which reject the correct answers, because you know... bots trained it to accept incorrect ones. Anyway, at least it's not stop signs anymore. It must have been truly embarrassing that Google was simultaneously selling "self driving" cars but at the same time demonstrating that stop sign recognition couldn't be done by robots.
I still find it funny that Google, with the advantage of having millions of Internet users train their AI like galley slaves for free, hasn’t yet been able to crack vision driven self driving. Tesla had no such advantage when training their FSD to recognize traffic lights, bicycles, motorcycles, etc.
Tesla, the company that just recalled 2 million self driving cars?
In fairness, the company best positioned to harness user input to an AI that avoids crashes would probably be Rockstar. OTOH, that AI would definitely not obey stop signs or pedestrians.
A recall for essential maintenance is just that. I would focus on the need for an urgent update due to the flaws rather than the issuing agency's lack of more accurate terminology for a relatively new element to cars. Rolling around in semantic mud on the term recall is not sensible, as the definition in regards to cars is fairly specific [0]. Basically a recall just means there is a safety defect that must be addressed by the manufacturer. In Tesla's case, yes, they can push out an update, but the delivery mechanism of the means of addressing the defect should not be the focus.
It would be much more expensive and a bigger mistake to have the vehicles physically returned. The distinction is very important. There's also a difference whether a safety defect last for 1 hour/1 day/1 week or a year.
I don’t think anyone cares about what is the recall’s cost to Tesla owners. They care about the fact there are two million unsafe vehicles driving around at high speed near their loved ones. Especially ones driven by people who respond to such complaints with, “ehrm actually it just updated overnight so it wasn’t even a hassle for me ¯\_(ツ)_/¯”
Amusingly the infotainment system in our Model Y actually crashed on the way home tonight, and when it rebooted it decided to install the update then, while driving. Sent me a notification on my phone immediately afterwards. To be fair, the updates don't usually go that way.
Wow, that never happened to me and is unacceptable. Was that for the infotainment only or the drive train? Just for others, they are separate systems, you can even safely reboot the infotainment (main display with maps, music etc) if you need to while driving, as it doesn't affect the drive train. I'm guessing it was not the drive train which would be incredibly dangerous.
Yeah, it didn't affect the drive train, and it was also quite quick - less than a minute between when the screen went dark and when it had finished rebooting and sent notifications that an update had been installed. So presumably just an infotainment update as you said; I didn't try to dig into exactly what the update included though.
Tesla recalled two million vehicles after federal officials said it had not done enough to make sure that drivers remained attentive when using the system. Not because their self-driving system sucks, or whatever you were trying to imply.
If the self driving system were worth it's salt, it wouldn't matter if the drivers weren't paying attention. Ergo, the system sucks, or is at the very least not nearly as good as Tesla likes to tout.
Well it's not like there's a self driving car system in operation today that does not require a human in the driver seat at all. Waymo has so much catching up to do.
Doesn't matter, the original point was about Google not being able to build a better self-driving system than Tesla, despite abundance of data, which is true, as far as I'm informed. Whether or not Tesla's self-driving system is "good enough" (for any chosen metric) is beyond the point.
But I guess people these days just love to jump on the opportunity to hate whatever is trendy to hate at the moment.
The tesla system is exciting and dangerous, because it does identify many things in the environment, but it's extremely unsafe because on city driving it will not make the right choice most of the time. On the freeway it does much better, but then that's a more restricted environment.
I have an older tesla S with the pre-ai so called autopilot. It has one camera in the front and a radar and the system detects a few things like speed limit signs. The main extent of what it can do is follow the current lane pretty wall, even when it curves, slows down if it comes up to a car going slower than its preset speed. The good thing is it works on any road. It does a shockingly good job.
The later systems with onboard special processors are like a crazy beginning driver to has way too much confidence and drives in dangerous situations willy nilly. There are many other people who have explored it and written long posts. It's not safe. You can try to use it be you have to be constantly paying extreme attention. It's like watching your kid drive the first time. I know you should be watching the stupid ai all the time, but it's far from being safe.
Yea, that's the problem with self driving, especially in cities/dense areas. We really need AGI first. There are so many issues that humans react to before there is identifiable danger.
"Good" drivers see questionable situations and slow down or position themselves farther from potential issues before they get to the issue so they don't have to react at the last minute.
> hasn’t yet been able to crack vision driven self driving
But they have? For years Google Street view has read signs, house numbers, phone numbers of businesses, etc. from the environment. It is safe to assume they have this built into Waymo as well.
I assume you might be trying to reference "vision only" self-driving, which is a fantasy made up by Elon Musk because nobody would sell him LiDAR sensors cheaply.
> How exactly does LiDAR tell you whether the thing in question can move
LIDAR is continuously scanning, usually multiple times a second. It is irrelevant if the object is a trash can or a dog if it has a trajectory into the street.
> And once you’ve solved it, LiDAR becomes superfluous.
Only if you have the low Musk level standards of simply being equal to a human. There are plenty of jobs robots can do better than humans and driving is one of them. But it does require LIDAR and/or radar.
As best as I can tell this study explores many facets of how humans solve captchas. I couldn't find anything about AIs outperforming humans in the study. Can someone give me a section reference?
Solving reCAPTCHA v2/v3 requires more than just clicking the box and an image puzzle. If that was all it was we would be overrun by now.
Lots of folks commenting that the title's statement makes sense because CAPTCHAs are meant to train AIs. While this is broadly true, that's a nice side effect. The way modern CAPTCHAs like reCaptcha V2+ work, is they monitor behavioral analytics-- from things like your browsing history to how your mouse moves on the page. This is why most of the time, most people only need to click a box. I'm not sure there's a LMM out there that includes mouse movement as a modality.
The kinds of AIs that are designed to beat CAPTCHAs also don't have the data from Google et al to use to train, unless we're concerned Google is training it's own bots to bypass CAPTCHAs, I suppose it's not inconceivable?
Seems like folks just want to discuss CAPTCHAs generally more ad-hoc, that's cool too, but given how AI has evolved this year, far too many people see this headline and will walk away assuming that the recent AI innovations have made CAPTCHAs useless, but it does not appear to be the case, thankfully.
True, the discussion is more about captchas in general. The study isn't bad, I read through it and it's interesting to see real numbers on how long it takes users to solve various captchas. However, a more appropriate title would have been something like "Measuring real user solving times of various captchas" or something like that.
Thank you. The data in that table (for reCAPTCHA, citation 63) is from another paper from 2016 which is focused on solving the actual user-presented problems. It doesn't (directly at least) say they achieved a reliable automation of captcha acceptance, though.
> Through extensive experimentation, we identify flaws that allow adversaries to effortlessly influence the risk analysis, bypass restrictions, and deploy large-scale attacks. Subsequently, we design a novel low-cost attack that leverages deep learning technologies for the semantic annotation of images.
I'd suspect reCaptcha has been updated in the 7 years since to address shortcomings.
Another entry in the table (citation 45) is from 2020 and talks about using an object detection AI to solve the image tests. This again looks like it's focused on the task, not the primary mechanism (behavioral analytics).
I guess validating a payment card is going to be the next step to sign up for whatever. Don’t allow pre paid BINs and let’s go. Gonna be pretty miserable, however someone needs to find something as I currently would rather pay 0.01$ instead of solving a captcha. Especially the select all the bicycles; it’s a waste of life.
At this point the amount of friction added to all these things is pushing things towards just not doing them in the first place (buying less stuff, using social media less). Nature walks and paper books doesn't have captchas.
The next step is device attestation. IIRC Safari already does this, so you should not see captcha on places that support it.
Something that can work on any browser can be like this:
Scan the QR code in your iPhone or Android device that supports attestation. Will ask you if you approve login, then will attest for you. If you turn out to be a bad actor, the website can ban this device - so no flooding with a single device.
The day this is used widely across browsers is the day devices you own can no longer be flashed with anything other than what the OEM puts on it--even if that is outdated or buggy.
There are over a billion Idevices out there. Malware on just 1% of them can make and control 10 million spam accounts on every site using device attestation, and they're indistinguishable from real users.
Attestation covers much more than the device itself. The whole point is that it establishes there's a chain of trust from the hardware itself to the software being executed. Your average malicious flashlight app might be able to generate valid attestation tokens, but it'll be differentiable from attestation tokens from safari. If you can somehow break this chain of trust, there's way better ways of monetizing this (eg. selling spyware to nation states) than creating a bunch of fake accounts.
Captcha or Attestation doesn't remove the need of moderation. In case of a botnet, an elevated complaints of user device engaging in fraudulent activity can lead to disabling attestation and trigger an investigation. Every iDevice being a member of your site can happen only if you are Google, other than that what you'll see is that some users will engage in shady stuff and blocking them will be enough to keep them out since they wouldn't be able to just sign in with a new account.
look up indian UPI. "validating payment card" and all that snazzy bits are error prone, old, archaic and cost a fortune to businesses.
in upi system, you are presented with a QR code or you input your UPI ID, you click pay and it gets through.
if you are worried about "fraud protection", why rely on an intermediary like ebay or credit card company and instead should take up with your bank or the seller or courts.
There is literally nothing you can do to prevent bot accounts online now, other than requiring people to show up to events periodically. And even then, they can just use bots AFTER they’ve validated their accounts.
The Internet will become a dark forest, and since that is where all of our communication and transactions happen of any significance, that’s pretty much game over for the significance of human activity.
Think I am overstating the fact? It already happened with wall street trading. First, institutions prefer bots to human. Then, you will come to prefer bots to humans. Then every human will be surrounded with 999 bots and unable to change anything or appeal to any significant number of humans to change anything.
Please. Last time I had to solve a captcha it was wasted 15 minutes (not exaggerating!) of my life, clicking on an endless stream of bikes, motorcycles, buses and stoplights. As punishment for using a vpn.
I don't even use a VPN, just a browser that blocks fingerprinting by default. My interpretation of CAPTCHA hell is, "oh, you don't want me to spy on you! Here, let's put some pain in the skinner box."
(Amusingly, pain was proven to be preferable to boredom... and CAPTCHAS are boring as hell.)
I've managed that without a VPN - although I do have poor sight.
It also does not help that the shown busses, water hydrants, pavements look totally unfamiliar to me. (Why aren't captures taken from all over the world Indian busses would be fun - London ones would be too boring)
If you are using cloudflare DNS for accessing archive.is, you will get that too. archive.is name resolution is broken, and even if you pass the captcha you will go back to the same page, giving the illusion that it didn't pass.
I help people settle in Germany and it's a serious problem. The requirements to open an account disqualify many immigrants. It creates a lot of problems.
Does HN ever require CAPTCHAs? It seems to do pretty well with its basic but battle-tested moderation/antispam tools, and rate-limiting that seems to repel all but the most concerted DDoS attacks. I don't think HN has any unreasonable restrictions on scraping or third-party clients, either. And it manages to serve 5M unique visitors a month and 10M views a day[0].
HN is also not really a very attractive target. The only thing you can do is post spam, and that's pretty low-value in terms of actual monetary value to the abuser, and tools to deal with that have been around for decades as you say.
This is very different from many other sites where the potential to make a buck is much more pronounced and direct.
Hacker News doesn't use a CDN as far as I can see; news.ycombinator.com resolves straight to the single box HN lives on. You're right about caching, though.
For me this is about my limit. If I am opening an account that can spam or cost the company real money I can accept that a captcha, while shitty is one of the best available options.
It really gets me when I have a 8 year old account that has made purchases and I still see them across the app.
The annoyingly common one is on login pages. If I am giving you correct credentials you don't need a captcha. If bots are an issue you should be doing per-account strong rate limiting, not a captcha.
They go down somewhat frequently. I think it’s like four 9’s? I’m not sure why they insist on running just a few machines though. They have more than enough money and probably make up the difference by the advertising for YC that they get.
Main and backup. The last outage was because they have a single network provider. Those are rare, and can be dealt with relatively easily by dual connecting your server to two different networks and sharing across both and removing the dns entry for a broken one. But it’s not worthwhile for such a rare outage
The “outages” that are common are slowdowns for logged in users.
I mean, it works well enough the way it is. Does it need to be more reliable? It’s just a simple forum, there isn’t anything critical on the platform. We all like to see lots of 9s, but they don’t matter that much for something like HN.
I cant tell if the audience of HN are more likely to script something untoward against HN, be that DDOS or just "check out my product" spam, because its a bunch of hackers - or less likely to do it because (maybe) we like having nice things, or figure the audience is too in the know to fall for boring crypto spam.
I find captchas extremely painful, because of ambiguity and not loading all the pictures. I wait for a minute and some never show. When they do load, so manyare pics of bicycles and motorcycles and cross walks. Are you supposed to click on the tiny piece that goes tojust past another tile or not? You can't refresh one that doesn't load, I think most of them start over if you refresh.
Like other people reported, if you ever use tor, it's very common for the captchas to just not load. They just kind of hang without showing the pictures. Regular websites generally just work fine on tor, it seems to be a captcha problem.
I thought this was already happening ~7 years ago. The "what text is in this image captchas" got a lot less common a while ago, and I think this was partly the reason why.
Submitted title was "AI bots are now outperforming humans in solving CAPTCHAs", which broke HN's title rule: "Please use the original title, unless it is misleading or linkbait; don't editorialize."
Submitters: If you want to say what you think is important about an article, that's fine, but do it by adding a comment to the thread. Then your view will be on a level playing field with everyone else's: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
Misleadingly editorialised title. Actual title and abstract (which doesn't say anything about AIs "now" outperforming humans):
An Empirical Study & Evaluation of Modern CAPTCHAs
* For nearly two decades, CAPTCHAs have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAs have continued to improve. Meanwhile, CAPTCHAs have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans. Given this long-standing and still-ongoing arms race, it is critical to investigate how long it takes legitimate users to solve modern CAPTCHAs, and how they are perceived by those users.*
* In this work, we explore CAPTCHAs in the wild by evaluating users' solving performance and perceptions of unmodified currently-deployed CAPTCHAs. We obtain this data through manual inspection of popular websites and user studies in which 1,400 participants collectively solved 14,000 CAPTCHAs. Results show significant differences between the most popular types of CAPTCHAs: surprisingly, solving time and user perception are not always correlated. We performed a comparative study to investigate the effect of experimental context -- specifically the difference between solving CAPTCHAs directly versus solving them as part of a more natural task, such as account creation. Whilst there were several potential confounding factors, our results show that experimental context could have an impact on this task, and must be taken into account in future CAPTCHA studies. Finally, we investigate CAPTCHA-induced user task abandonment by analyzing participants who start and do not complete the task.*
@dang, could you please correct the title? Thanks.
All of these papers miss that captchas have multiple levels of difficultly. People who get an enterprise account or work closely with the captcha providers will find very different results. Many captcha providers now decide what captchas to send out, in hard mode based on what LLMs cannot solve
Captchas are purposely not made too hard as people like pex.com need to be able to bypass them for copyright enforcement. Note I’m biased as I was a founder of hcaptcha
I think I prefer the recent CAPTCHAs (where you solve a puzzle by rotating an item, or finding the matching item). The older ones from years ago (deciphering mangled text and trying to work out if it is an `i`, `1` or `l` were more annoying)
Bot operators can already pay human captcha solvers as the paper mentions. So all this does is potentially replace those humans with AI, driving down prices for bot operators.
As prices for bot operators decrease, website operators will increase the challenge and drive up effort for the intended website audience (humans) who are solving captchas instead of paying bots.
In the end, the website operators will have to stop using captchas as the intended website audience will no longer be willing to solve harder captchas.
Website operators can use alternatives, like asking for micro-payments, high enough to discourage most bot operators.
I also don't know much, but my limited understanding is that every transaction/mutation in a dApp has a cost, so this might be useful to reduce bot incentives.
I wish captcha providers universally had to provide a way to shut down their use by bad actors. Here in Canada I get tons of scam texts pointing me to a fake banking or postal service website asking me to pay a fake bill. I want to ddos them with fake payment data but they’re all protected by hcaptcha.
I have been locked out of websites for solving a captcha so quickly that it thought I was a bot. So we went from requiring humans to solve a puzzle that bots can't to now requiring that humans solve the puzzle slower than bots do.
The most funny thing about this limit is that it's self-reinforcing. Bots will learn to sleep() and wiggle the mouse. Humans will learn to wait. Everyone will be worse off.
It's really amazing when we still get those text ones and nowadays you can literally select the text in many of the images and copy/paste into the input field.
100% correct, I assumed windows also let people do that given text recognition is apparently trivial now (to the extent it's annoying - trying to drag images and get text selection instead is annoying :-/)
Windows has gone sort of the opposite way, copy/paste is now often hindered if the engine recognizes the string to be sensitive or otherwise un-wise to copy to your clipboard.
I've had a few instances on Windows 11 and surrounding software where ctrl-C as well as the context menu entry for 'Copy' were greyed out for this reason when skimming through logfiles, presumably because there was something about the line that triggered the MS "that's a password!" regex; stuuuupid stuff.
@_rutinerad got it - on macOS you can select text in any image, and I just assumed you could do that on windows as well (I figure in the context of linux it would be much more dependent on specific configuration so unilateral assumptions on behaviour would be questionable).
It's honestly annoying as it frequently interferes with dragging images out of safari, except on those occasions when I do want the text when it's super useful. I think the iOS interface just tells you there's text in an image or photo and gives you the option to copy it rather than cursor based selection you get on Mac.
[edit: from other comments it sounds like windows can do this but it's not always present, and not present in all circumstances, which makes me wonder how many cases in cocoa/uikit/swiftui it does not work]
That's literally a feature of the platform. If you open the photos app and type text in it will give you the photos containing that text.
If your concern is "apple is harvesting my data" then no. All of apple's various analysis systems ("AI") are entirely local. This does mean you get a bunch of duplicated work as every device redoes the same analysis but on the other hand it saves you from "how do we defend against a compromised network".
> All of apple's various analysis systems ("AI") are entirely local.
Even if that were true (I couldn't say, and I don't think anyone who doesn't have access to Apple source code and production systems could either) that wouldn't preclude Apple harvesting the results of said AI analysis.
In fact, doing the analysis on users' devices would represent a shift of that processing from cloud to edge, representing a significant savings for Apple or anyone else in a similar position.
Apple's literal marketing message is that they do all the processing on device. It's not a shift for Apple, as apple has never done this analysis in the past, and only started doing the analysis once it could do it locally.
The use cases we're talking about also don't work on a cloud based analysis, as you can't have text selection block on network uploads (generally slower than downloads), and it would require uploading every image you open to apple which would presumably be a lot of traffic, and an obvious privacy nightmare. It would also break for users who turn on the e2ee everything mode for iCloud.
It's wonderful (for Apple's bottom line) that you believe these things. I assume you can show source code and provide access to production systems to verify?
Yeah, the claim of the headline comes from the first sentence in Section 5.5. I think either the title should match the paper's title or that should be pointed out as part of the submission - not sure how HN's title guidelines work.
Just like the technology basically exists for fully autonomous self-owned fleets of self driving robotaxis. Where the only jobs for humans are cleaning vomit off the back seat.
This. There are plenty of government websites etc out there that have completely antiquated captchas next to the helpful "works best in Internet Explorer 6" suggestion.
What replaces captchas? Are there any not excessively burdensome tests that a standard issue human can pass that a machine somehow cannot? I'm assuming the "find all the bicycles" tests are also obsolete.
Sadly, probably something like TPMs or email logins (from a reputable email provider of course, one who requires SMS to sign up, from a reputable phone provider of course, one who doesn't offer free VoIP numbers and requires a credit card to sign up, from a reputable card brand of course, not a burner card)
Option 1: Micropayments, high enough to discourage bot operators but not the intended human audience will be better for website operators as soon as it becomes too easy for AI to solve captchas.
If website operators don't explicitly introduce micropayments as a captcha alternative, there will be browser plugins that outsource captcha solving to AI for a micropayment, which has the same effect.
Option 2: Using a means of authentication that can't be obtained cheaply at scale by bots, e.g. Twitter accounts, Gmail accounts, government ID, ...
A market of human-oriented hardware keys, where the keys are only intended to be sold to actual human beings, with legal or otherwise cash bounties in place for people who can provide evidence of the keys being sold to or otherwise falling into the hands of non-human entities.
As mentioned, a bounty system. Someone who buys a thousand to use would have to be very clever to evade the eyes of all the people interested in profiting off of revealing his actions and getting the chips turned off.
Something realtime, like video, is beyond most models at the moment. After that, realtime input, like little mini game you have to show proficiency at by scoring 5. I think the mini game approach could be fun. It could probably work for a year or two. :-\
the minigame thing has been defeated for a long time. it's trivial to solve when there are only so many subsets of a game, however randomized the starting states are.
I guess there is a silver-lining in the premise of AI generated one-time-use games for that sake, but then there is a significant "can a human even do this?" problem to conquer at that point.. and worse the same AI tech is going to be established on the opposite side of the wall trying to defeat the thing.
I think it'll all boil down to some sort of state-license fallback method like "please enter a CC or ID number to continue" -- which is ultimately a defeat of the user, unfortunately.
Which is why my hobby projects will continue to use bot detection and CAPTCHA recognition. Especially since I'm routing through Cloudflare, so that's invisible for 99% of my users and the remaining 1% can just get off Tor if they're tired of solving the captions.
The website or service owners. If they can't afford it they should be out of business and do something else. The web is big enough for both humans and bots.
No thank you. I prefer to live by the code "Every request is a two way conversation. The client may accept, and the server may choose to emit."
Just because I emit to other clients does not obligate me to emit to yours, any more than my emission of ads obligates you to accept and render them (but if you don't, or if you choose to ignore my CAPTCHAs, I may choose not to emit to you).
That's fighting a losing battle. Clients find their way around any restriction, which by itself risks your service or website losing ground and being overtaken by the alternatives.
Yes, it's all measure countermeasure. But you'll note that the most successful sites out there have bot protection and actively invest in it. I'm not concerned about the being overtaken narrative; My concern is the other scenario, where after the bots are done consuming and exfiltrating my data, I have no bandwidth to serve humans and my data is being vended from other sources now anyway.
It's also not really that much of a losing battle. Cloudflare will fight the battle for me quite well for free, and even better for a pittance.
You can already buy captcha solves through browser plugins. The only difference is they currently use clickfarms full of underpaid workers from third-world countries
These sites like 2captcha and deathbycaptcha let anyone sign up to be a worker and start solving captchas for $$. If you can run AI that solves captcha just as well, you can literally print money.
Solving captchas is pretty rare nowadays. Now you usually just press a button and then it does some sort of fingerprinting to determine if you're a human.
If you make zero attempts toward privacy maybe. Just turn on a commercial VPN or Tor and you'll find that your quality of life can quickly become severely damaged by captchas. I cant even do a Google search without a captcha so I started using Mullvad Leta as a proxy.
I can confirm. uBlockO, PrivacyBadger, Firefox without any kind of memory and you will get CAPTCHA from time to time, maybe not every day but it's common.
IPv6, 3G/4G/5G or public Wifi can increase that to about every 10 queries on Google for a CAPTCHA. I guess VPN too increase the probability to get a CAPTCHA.
I block ads and stuff but you're right that I don't use VPNs or Tor.
A lot of bots also use VPNs and Tor so captchas being a pain in the ass is probably working as intended, that way most people won't bother using services like that? This is different from regular internet users, there is no reason to make their life more difficult than necessary.
Why is the UI such a pain in the ass, when it's designed to be used by humans?! Why do I have to click 8 individual boxes and can't just drag-select an area. I hate those captchas with a passion.
The spammers can already do this with captcha farms. The fact that captchas are still around means that the cost of captcha farms are still high enough to discourage enough spammers to be worth the annoyance that website operators cause for human users.
My pet theory is that our whole simulated world is actually a huge captcha. Captchas keep evolving until you have to live an entire lifetime as a human to prove that you're a human. When you die you wake up and get access to a website.
It does not suprise me since lately I have a lot of mistakes with CAPTCHAs. Mainly the ones with characters with different colors, superposed, and rotated. I think there are some that we as humans just guess because the final image is not clear enough.
I think in the same way AI can beat us recognizing unfocused photos.
Have they tried with puzzles used by Rockstar Games or HBO Max to reset a password? They are impossible to solve, asking to solve 17 questions and more and still failing you to retry with higher count. Even the audio version is quite innovative
I hate captcha, it takes ages and I often fail the google one. I would happily pay to have them removed from my browsing. I don't use AliExpress often, but now I can't as the captcha just plain doesn't work.
My wife is entirely unable to solve a captcha. Her solution to any captcha is to get me to do it for her while she loudly swears at the creators. I welcome being able to outsource this task to AI.
You see where this is heading: after superintelligence is achieved, CAPTCHAs will be designed to be questions that humans get wrong but AI has no problem with.
The solution could be a cryptocurrency which can be mined in the browser. Hashcash, which was one of the inspirations for Bitcoin, was initially invented to prevent email spam.
Consumer devices have a lot of spare CPU and RAM. So a proof-of-work algorithm which consumes those resources for a minute might work?
If it generates $0.01 for the website owner in that minute, maybe that would work?
A benefit of a token is you can recycle previous proof of work by using a small amount of Bitcoin, which could be transferred using Lightning. The value could also be transferred back some amount of time after registration given no bad behavior, allowing for larger sums than a cent, which could provide better protection.
With a token, you probably get a higher efficiency. Similar to how a heatpump is more efficient than a heater.
If you only consume resources on the client side, then you hope that an attacker thinks "I won't invest $0.01 of resources just to log in here".
If you also transfer the consumed resources to the server, you get an additional benefit: The server thinks "$0.01 is enough to cover the costs of a fake signup".
And the second benefit is probably even better than the first. The server will never really know how cheaply attackers can access resources. But they probably know how much a fake signup costs them.
I think a fairer solution will be some form of proof of personhood that isn't PoW-based. Your idea isn't bad but it gives more power to those who can afford a lot of devices. You know those Chinese mobile phone click farms they use to game app stores? It will be like that, PoW can prevent spam only to a certain degree and with all the social media and networks we have today there is a lot of money in influencing the users. So spending a few million dollars on devices can be very profitable if it lets you boost certain messages.
If the captcha is to prevent overuse of a free trial, then nobody will operate a lot of devices just to get more free trials if the paid version is cheaper than those devices.
If the use case is to improve democracy, then it gets more complicated.
But is it worth billions? You just need to increase the cost 1000 fold and pay it back after a holding period to implement that.
The drawback is it gets a lot more complex when using a token, because of the additional state, communication, costs and security.
A one shot proof of work can be very simple, but probably not effective enough, given that mobile users likely do not want to wait what may have to be many minutes and drain their battery.
Freezing a cent or a dollar for days seems like a better option. Might very well be that VISA/MasterCard figures this out before the crypto bros build anything usable. It will be far easier to do without decentralization and would also be great to spy on and control people.
>Freezing a cent or a dollar for days seems like a better option. Might very well be that VISA/MasterCard figures this out before the crypto bros build anything usable. It will be far easier to do without decentralization and would also be great to spy on and control people.
Fucking A HN.
For any Juniors using this site, this is exactly what you don't post. Especially if it's just to cathart cynicism. I assure you, Poe's law guarantees this will find it's way into some PM's or exec's mind somewhere.
It works well, for example with Monero's proof of work algorithm that is purposely designed for consumer hardware. There was an irrational turn against it because some websites did it without consent. I would so much prefer to mine to view a site than have to be exposed to ads and captchas...
'Proof of Work' as it's generally understood is done by computers only. But I guess I understand what you're asking and the answer is yes, that is a problem. For Sybil resistance it's better to know if someone is a unique human, not if they're a machine that has paid the toll: https://en.wikipedia.org/wiki/Proof_of_personhood
There are exotic solutions like the 'Idena Network'. But sadly I have to admit the best solution I've seen so far is Sam Altman's Worldcoin. Not that I'm a fan, I still hope we can find something better than scanning everyone's eyeball.
The price we pay for obfuscating the trust signals on our connection is that our connection is untrusted.
As an American, I have a similar experience when I travel across the Atlantic. It's always funny to me when I land in the UK, start using websites I use normally at home, and get cookie verification modals from hell to breakfast.
Can't vouch for other Europeans but I got used to them to the point my arm moves automatically where needed before clicking, even accounting for extra modals. I almost don't register them anymore.
It's been particularly frustrating with the picture ones broken up into squares. I tend to be careful to select any square that contains any of what's being asked, but I clearly must be the minority as it always fails unless I select the minimum number of valid squares and ignore the slight overlap on surrounding ones.
No thanks, I'd rather not live in a dystopian nightmare where Sam Altman is in control of assigning proof of humanity. Worldcoin will undoubtedly end up assigning identities to AIs for profit anyway, and/or there will be swaths of identities being sold on the black market.
Well - there doesn't have to be a Sam + Worldcoin monopoly on these things. Anyone else could launch a similar proof / ID system and websites and the like could accept any they feel like accepting.
no need for captchas, just implement throttling per ip. like bcrypt dues for passwords. if a bot fills up a form(or whatever), so be it, but it won't be able to do it for another N seconds or minutes..so the problem then is lowered from per try, which can be thousands of submissions, all the way down to per period and per ip.
