gCaptcha is the leading rival for quality captcha services against Google's renowned and universally despised recaptcha. When Google increased the price for recaptcha competing services took off taking what Google started from to improve the experience significantly. Some experiences with smiling dogs and cloudy horses were deemed to take this too far but these experiments showed that there are improvements to be made in the captcha game.
With hackers out to solve any captcha programmatically captcha services need to stay one step ahead. The slider method was found to be easily bypassed. Rotating puzzle pieces is harder to solve but involves more user interaction and has moving parts in the code that can break.
Recently hCaptcha has introduce a test that challenges the user to click on the center of an owl's head. This is an improvement over selecting a type of ball from a grid of 9 or going through the excruciating experience Google inflicts on users. There must be a better way to prove that the person viewing the web page is a human and not a bot. How about it, Soylentils? What's your best idea for a captcha system given the state of the systems we have today?
[Ed's Comment: Bonus points if you can suggest a system that does not rely on graphics (not everyone uses the latest browsers or even anything more than a simple line of text) to access some sites - our own included. We have the need for a robust captcha system for people creating accounts in order to reduce the number of fake accounts being created by a bot.]
(Score: 4, Insightful) by Anonymous Coward on Friday March 31, @09:47AM (9 children)
Sadly, GPT4 and its competitors will likely blow through just about anything a human can do and quite likely after some training do it better
(Score: 5, Insightful) by Thexalon on Friday March 31, @11:05AM
The problem is: Nearly any problem a computer can check to see if you've solved correctly is either too hard for humans to get right, or easy enough the computer can solve it faster and better than a human can.
Also, bots aren't bothered by human limitations in how many tries a single person can make.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 5, Interesting) by ikanreed on Friday March 31, @03:13PM (1 child)
GPT4 is quite good at a lot of tasks, but it isn't an agent. It doesn't know to look at a browser window, see a challenge, do the challenge, then click a button. That part of it would still require quite a lot of procedural programming to link up the human facing pieces to the AI's interface in a way it could understand and apply.
And the other piece is that it's not cheap. Your cost for AI processing power versus benefit per spam post starts to get expensive. We already know that some spammers pay humans in third world countries to solve captchas 24/7, so it will happen, but I'd not put my money in it being super duper common for lowest common denominator spammers.
(Score: 3, Interesting) by legont on Saturday April 01, @03:28AM
I've heard that later versions take sound, pictures and video as input. The reply is still text but I doubt it's difficult to interpret "click on this coordinate" reply.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Insightful) by VLM on Friday March 31, @03:58PM
The fake AI chatters are all incredibly politically censored. Just include some questions based on the real world and functioning society and science, then the chatbots won't be able to answer.
(Score: 4, Funny) by Tork on Friday March 31, @05:28PM (1 child)
Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
(Score: 2) by The Vocal Minority on Sunday April 02, @10:20AM
I'm glad I wasn't the only person who immediate thought this after reading the Ed's comment LOL
(Score: 2) by EvilSS on Friday March 31, @08:47PM (1 child)
(Score: 2) by legont on Saturday April 01, @03:31AM
Yeah, I can see a whole country economy based on solving captcha. Bailed out by Feds, no less.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Tuesday April 04, @02:01AM
As I suggested on another topic, how about identifying puns?
It seems (from DannyB's ChatGPT research) that it's not very good at sorting these out, and I'm guessing normal bots would be even worse. So a new test could be a list of phrases, "Check the lines that include a pun".
Once that gets solved, try more complex sentences with more than one pun, the question could then be, "Check the lines that have exactly one pun."
Is there someone here that could program this for SN? If so, I'd contribute to the big list of puns that would be required.
Fruit flies like a banana...
(Score: 1, Interesting) by Anonymous Coward on Friday March 31, @09:51AM (6 children)
What is the sum of the even blue numbers that are facing down
What is the highest and lowest number in the example provided for numbers more than 5 and less than 90
Are the numbers in the grid mostly odd or mostly even
And so on. Perhaps if sufficient questions can be generated the GPT and auto solvers will have difficulty keeping up.
(Score: 5, Insightful) by Thexalon on Friday March 31, @11:10AM (3 children)
You're making the mistaken assumption that humans can handle grade-school math.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 2, Touché) by khallow on Friday March 31, @11:40AM
(Score: 3, Insightful) by Anonymous Coward on Friday March 31, @01:14PM (1 child)
And why would you anyway? If the bot/human can't even answer such simple questions correctly then I think it would be actually be great that they can't comment on this site.
(Score: 1, Redundant) by NotSanguine on Saturday April 01, @07:52AM
Although, you might create a circumstance like ths [xkcd.com], which would be a significant improvement, no?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0, Troll) by Opportunist on Friday March 31, @11:58AM (1 child)
That's not keeping bots out, that's keeping conservatives out. Why do you want to create a filter bubble?
(Score: 3, Insightful) by NotSanguine on Saturday April 01, @07:59AM
There are plenty of individuals who can't do math, not just conservatives.
And we should pity them because:
--Robert A. Heinlein [Source [goodreads.com]]
And at the very least teach them to wear shoes, bathe and not make messes in the house.
Failing that, get them to give you two tens for a five. :)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 5, Funny) by Woodherd on Friday March 31, @10:33AM
Obviously a turtle on its back, and you are not helping.
(Score: 3, Funny) by Mojibake Tengu on Friday March 31, @11:29AM (3 children)
The word "captcha" is just a slang for "capture". That's all about "captivity". You just want to catch people captive.
You are desperately Evil.
Also, you are very confused about what physical reality is. There is no such proof at the software level. Any authentication mechanics can be automated or imitated. The bandwidth is all against you: even trivially random bot will get through your silly captcha mechanisms sooner or later. The more added complexity you throw at poor people the more of them will fail to catch it right, so you reap only their frustration and hate.
In extreme, only bots will be able to solve your captchas perfectly.
I foretell you will fail.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by quietus on Friday March 31, @11:47AM
Hmmm. There still is the problem of resource waste by all those machine accounts; which is both a philosophical and an ethical problem. Perhaps, instead of staying within the bag, we should place ourselves outside of it: instead of frustration and anger, let's use enjoyment.
Let's originate mini-game as captcha service.
(Score: 1, Informative) by khallow on Friday March 31, @11:51AM
Thanks for telling us that, Mr. Webster. You do realize that "captcha" is just slang for
Moving on to the next line:
"Evil" capitalized to show the Evilness! And hmmm, more captive yoomins! I'll bid on the spleens again. My engine of trolling runs on nothing less!
Trivial random bot can be blocked by trivially blocking anyone who take a large number of tries to complete a captcha. It's not rocket science. And the point isn't to come up with a perfect Turing test, but rather to just raise the barrier to harassment.
(Score: 4, Informative) by Anonymous Coward on Saturday April 01, @08:04AM
Not "captive." In fact, it's a semi-backronym [wikipedia.org] for Completely Automated Public Turing test to tell Computers and Humans Apart [wikipedia.org].
(Score: 2, Disagree) by DadaDoofy on Friday March 31, @11:50AM (3 children)
This is a fool's errand. ChatGPT will soon be able to solve these better than a human. Then what?
(Score: 5, Funny) by number11 on Friday March 31, @07:37PM (2 children)
Then you block anyone who is able to solve the test. Seems obvious.
(Score: 3, Touché) by DadaDoofy on Friday March 31, @08:16PM
Sure. So no one can access your site. The only security that's 100% effective is removing the power source.
(Score: 2) by legont on Saturday April 01, @03:36AM
Playing stupid? That's the simplest trick for an AI to learn. It does it already.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 3, Insightful) by Anonymous Coward on Friday March 31, @01:05PM (3 children)
Might not be much but if they are doing very many attempts a day their costs could add up.
The problem of course is it probably requires javascript to be enabled but the last I checked a many of these captcha stuff require javascript to be enabled anyway.
(Score: 2) by Freeman on Friday March 31, @01:56PM (2 children)
Pretty likely that the big issue is one problematic ex-member of the site. They are likely one or more of the following, mentally unstable, extremely vindictive, extremely stubborn, and/or a malicious actor.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2, Interesting) by Anonymous Coward on Friday March 31, @04:32PM (1 child)
Even if there was a 100% AI proof captcha it wouldn't stop that person from manually creating a bunch of accounts a day though.
So if that person is trying to automatically create thousands of accounts then a combination of captcha and proof of work/cryptomining could at least slow him down. Works for my stuff anyway.
Since SN already throttles comments would it be a big deal to require new accounts to run some CPU intensive javascript for a few minutes in the background without the browser closing before that account can comment?
If you don't want to do cryptomining or just empty cycles then maybe you could get it to do folding@home or similar stuff - this takes a lot more work though, since you'd probably have to write code to check, protect and maybe obfuscate the computation. But keep in mind it doesn't matter if it's a bit inefficient if most of the cost is on the client side.
(Score: 4, Interesting) by Unixnut on Saturday April 01, @10:35AM
Your idea is a good one IMO, and more to the point it was one of the original ideas thrown about for spam control.
The problem with spam, is that economics of spamming is such that it is so cheap to litter the internet with your garbage that even if one in a million people actually give you money, you have turned a profit, making your spam operation both self sustaining and profitable.
The trick is to make the cost of sending the spam higher than the profit resulting of the spam. This was originally thought of for email spam, for the same reason, in fact hashcash came about because of it ( www.hashcash.org [hashcash.org]) , although that evolved into the dedicated BTC proof of work mining algorithm in time.
How it could work for websites, is that each comment post has to donate some some CPU time to "proof of work" mining before it gets accepted. Perhaps a second or two's worth. For most humans, a 1-2 second delay is not really a big deal, but for spammers firing off millions of posts, it really slows things down.
Secondly, the cost of CPU calculation is small per post, so much so that users would not notice it much, however for spam operations the computing costs would render spamming unprofitable, and as a result not self sustaining, causing them to cease spamming.
Thirdly, the proof of work mining can be seen as a donation to the site in question, as any crypto mined would go to them. So sites would get an additional stream of funding, without needing to have payment processors and handle peoples payment details.
Monero (XMR) did end up with CPU javascript miners, originally with the above as a goal. However nefarious individuals starting compromising websites to install the JS miner and mine on others machines for themselves. As such these JS miners are detected as trojans by computer security software, and blocked, breaking websites that would use them for spam control.
A shame really, as I really despise captchas in all their forms, and find them a pretty poor solution to spam control. I felt the above was far more elegant a solution. Perhaps it could be done for community sites like Soylent (as a community, we can all whitelist their JS miner for the domain in order to post), but not for more generic websites.
(Score: 2) by VLM on Friday March 31, @03:55PM (1 child)
All tech is driven by pr0n, instead of clicking the center of an owl, they need to click the center of the (censored) and that'll work.
Or here's ten pictures of chicks, click the checkmark on all the hot ones.
(Score: 3, Funny) by krishnoid on Friday March 31, @08:19PM
Why not both [laughingsquid.com]?
(Score: 4, Interesting) by istartedi on Friday March 31, @05:08PM (6 children)
A lot of people will focus on the inevitable arms race of AIs defeating captcha. Maybe AI can actually help us find a better way than those annoying little puzzles. My first thought is to simply profile IPs. Bad actors are generally going to come from certain ranges, and AI might be better at detecting those, as opposed to having humans look up the IP and seeing that there are a lot of complaints about it scraping things. AI might also be able to tell us that it's an unwinnable game, so we can perhaps all be relieved from trying to win it.
Appended to the end of comments you post. Max: 120 chars.
(Score: 2) by legont on Saturday April 01, @03:40AM (3 children)
It exactly what Google does. It requires captcha and shit from folks coming from vpn servers. I hate them for that.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Sunday April 02, @12:02PM (2 children)
I really hate google for this. For over two years it threw multiple captchas at me for a voting site, for every single vote. It is just frustrating and annoying. It could take 10 to 20 minutes or more to get through the google recaptcha. Then they switched to hcaptcha. It still throws a captcha per vote, but only 1 usually. This is a lot better.
Why the war against VPN users? Just because a user is connecting from a VPN does not mean they are evil. I've gotten to the point that if I am blocked, and I'm looking at you here Netflix, because I am using a VPN then I stop using that website.
Captchas are a serious waste of time. There must be a better way.
(Score: 0) by Anonymous Coward on Sunday April 02, @12:19PM (1 child)
https://blog.cloudflare.com/end-cloudflare-captcha/ [cloudflare.com]
https://blog.cloudflare.com/turnstile-private-captcha-alternative/ [cloudflare.com]
I have gotten this on some sites in recent months. I have always just clicked the button and been let through, with no challenge. I don't even know what the challenges are.
(Score: 0) by Anonymous Coward on Sunday April 02, @12:44PM
This has started coming up on fanfiction.net loading a script from challenges.cloudfare.com
I don't know what it does, but it's fairly light handed. A javascript check, and that's about it. I suspect it's mainly to stop obvious issues like site scraping.
(Score: 4, Informative) by Unixnut on Saturday April 01, @10:49AM (1 child)
Problem with IP based blocking is that:
(1) Dynamic IPs exist, so someone spams, changes IP, then someone innocent get the IP address and has to deal with the blocking and fallout due to prior users behaviour
(2) Some ISPs do NATting, so you can have hundreds, if not thousands of users sharing one public IP address. If one of them starts spamming, by blocking the IP you can deny access to many other innocents.
I bring these two points up, because both have happened to me, and both suck. The second one especially. If you get a bad IP address, you can power cycle your router until it changes. However if the upstream NATted IP gets blocked, there is nothing you can do but plead with the site you want to access to unblock the IP, which they rarely do (and only if you can convince the ISP to find and block the spammer themselves).
IP range blocking is like using a sledgehammer to crack a walnut, totally the wrong tool for the job.
(Score: 3, Funny) by Anonymous Coward on Sunday April 02, @12:49PM
Don't worry about it. IP6 will solve all of these issues. There are so many numbers every single device, every single human, can have its own unique IP address. Won't that be fantastic?
(Score: 1, Interesting) by Anonymous Coward on Sunday April 02, @12:07PM (1 child)
It is possible to throw tasks at users that add value, for which humans can do, that improve the world, and can be checked in such as way that asshats are banned.
One task is to look at skin cell scrapings to identify melanomas. Throw one of two of these types of query at a human, check it against known results, flag results of unusual cases. Crowd source the things humans are good at and make it a mini-job.
If someone happens to find a way to automate this type of grudge work, then great! Find more to do.
Here are 20 images of people photographed driving down the road. Are any holding a mobile phone or other device in their hand? Select the ones that are.
(Score: 2) by Booga1 on Monday April 03, @05:28AM
Congratulations, you've come up with the same idea that Google was using all along: https://www.techradar.com/news/captcha-if-you-can-how-youve-been-training-ai-for-years-without-realising-it [techradar.com]
Ever wonder why the challenges were so focused on identifying street lights, motorcycles, busses, crosswalks, etc? That's because they crowdsourced their image tagging work to all of us..
They're pretty much done with that, but I guess they haven't figured out the next big thing for us to spend categorizing for them.