• coyotino [he/him]@beehaw.org
    link
    fedilink
    English
    arrow-up
    34
    ·
    5 months ago

    This seems like the critical part to me:

    The paper, released in November 2023, notes that even back in 2016 researchers were able to defeat reCAPTCHA v2 image challenges 70 percent of the time. The reCAPTCHA v2 checkbox challenge is even more vulnerable – the researchers claim it can be defeated 100 percent of the time.

    reCAPTCHA v3 has fared no better. In 2019, researchers devised a reinforcement learning attack that breaks reCAPTCHAv3’s behavior-based challenges 97 percent of the time.

    So it isn’t even effective at deterring bots? Then what the hell was all this for?

    • Kichae@lemmy.ca
      link
      fedilink
      English
      arrow-up
      14
      ·
      5 months ago

      It’s great for gaslighting people into thinking they don’t know what a bicycle looks like!

      • The Cuuuuube@beehaw.org
        link
        fedilink
        English
        arrow-up
        6
        ·
        5 months ago

        I spent a huge amount of time last night clicking on motorcycles because I absolutely could not convince PayPal or Google I was a legitimate human who wanted to exchange currency for goods and services

        • saigot@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          5 months ago

          I find if I trace a figure 8 in the screen with my mouse the captcha passes much more often. I think it probably reads the small variations in your mouse movement to sus out bots, so the figure 8 gives it more data to work with.

          • The Cuuuuube@beehaw.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            I eventually gave up and decided to see if they were being hostile to my network and privacy settings. Lo and behold, I was able to log in when I adjusted the strictness of my VPN. Fortunately the service I was trying to exchange currency for was a better VPN with more security and privacy, so I was willing to take the L on that one interactions

    • prof@infosec.pub
      link
      fedilink
      arrow-up
      14
      ·
      5 months ago

      Introducing a Captcha on a form on my website basically blocked bots 100% of the time. It’s arguably good enough from a practical standpoint.

      If someone really wants to exploit my site, then they will find a way. You can only make it harder but never truly impossible if you don’t want to dispose of all convenience.

    • tempest@lemmy.ca
      link
      fedilink
      arrow-up
      7
      ·
      5 months ago

      I mean that is true but there is some nuance.

      At one time it was a cheap way to protect your site from drive by scripts and make your users help pay for that protection.

      They still work in that way on say the comment section of a tiny WordPress blog because the cost to solve them isn’t worth what a random boner pill ad is worth.

      The issue now (made worse recently by LLMs) is that more bots then ever are scraping any and every thing so people are putting captchas on every bit of every web app content they have. This increases the work of your users while it only slows down the bots. The hope is that the cost to solve is slightly higher than the value of the data.

  • millie@beehaw.org
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 months ago

    Yeah it’s pretty clearly just getting people to manually train self-driving cars for a while now.

  • Truck_kun@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    I did try to get literal with reCAPTCHA a while back, and it just never finished. “Select every image with a bicycle in it” or motorcycle or stop light. I would select the images that only had a WHOLE in it, not the broken up ones into several images. It doesn’t like it when you try to answer it’s question properly.

    Anyways, there’s several other captcha and anti-bot services now days, really would recommend people use a different provider, I hate reCaptcha so much.