• ExtremeDullard@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 month ago

    Captchas were never about keeping bots out: they’ve always been an excuse to turn ordinary internet visitors into mechanical turks to tag photos to train AI systems without paying the workforce.

    Think about it: how many hours total did you spend in your life tagging photos for Google and Google never paid you for your work?

  • asudox@programming.dev
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    No, CAPTCHAs can and will be bypassed. But you can make it expensive for bot hosters using PoW CAPTCHAs instead of normal ones. It’s also better privacy-wise.

  • Draconic NEO@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    Absolutely not. While a captcha can stop somebody with a simple python script and nothing else. It is not effective against sophisticated bots which either use AI or which connect through API to a captcha solving service run by humans. Much to the chagrin of captcha operators.

    From what I’ve seen the main purpose of captcha is to act as security theater to dissuade normies. If there’s anything that captcha has been successful at it’s been permeating pop culture as a trope. As far as actually stopping the malicious actors it hasn’t really done that much, mainly because these people will adapt and change their tactics. They’re not just going to keep trying the same methods that aren’t working, they’re not stupid. Many do it as a business.

  • j4k3@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    1 month ago

    If you run a whitelist firewall, you never see CAPTCHA’s. The vast majority on the internet have nothing to do with the website you’re visiting. When the website cannot redirect you to the CAPTCHA host site, it just continues on to the intended destination. The only way I ever see a CAPTCHA is if it is hosted on the same server as the site I am trying to visit, and that is very nearly never. I bet the vast majority of them are actually some advertiser collecting more data to mine in addition to whatever fingerprinting they can collect. Ads only work by opening a hidden frame that is basically another browser tab where you then visit the ad server’s website. This is no different than visiting them in a browser tab. They can access everything available to fingerprint. If you’re using anything Google controls that means they know everything about you down to how dirty your underwear is right now. /s÷2

    • ChicagoTransplant@midwest.social
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I’ve spent, collectively, probably days of my life clicking squares with just the tip of a handlebar or the faintest shade of the edge of a stoplight, only for bots to still be able to get past it.

  • Fermion@feddit.nl
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    The whole point of captchas is to train bots. Did you think they were all road object and optical character recognition based because those are the categories humans really excel at?

    • Handles@leminal.space
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I genuinely thought we were training Google’s self driving car algorithm, like back when we were proof reading their illegally scanned books’ OCR.

  • ThePowerOfGeek@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    To expand on what others here have said: no they can’t, and there was a recent article here on Lenny taking about how AI (which I know is different from average bots) has figured out most of the visual captcha types.