The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?
That’s hardly the Turing Test I’d expected.
- isolatedscotch ( @isolatedscotch@discuss.tchncs.de ) 35•24 days ago
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
TL:DR cloudflare made a new recaptcha which does some complex math and other stuff on your browser, which done once has no noticable effect but if someone were to scrape websites at an absurd speed it slows everything down significantly.
this is not only cool because you don’t have to manually solve the captcha, but also because it allows for low-speed scraping to be feasible, with tools like flaresolverr
- zagaberoo ( @zagaberoo@beehaw.org ) 3•23 days ago
Oh, so it’s Hashcash; cool to see that idea getting real use.
- communism ( @communism@lemmy.ml ) 26•24 days ago
I always fail Cloudflare captchas because I’m clicking it with Vimium-C lol. I hate captchas for making me reach for my mouse. It also seems like a genuine accessibility issue if people who cannot use a mouse can’t pass a captcha.
I’ve found that Google’s reCAPTCHA has also started rejecting me no matter what I do. I think it might be because my IP address is a VPN, but that’s pretty stupid; if I can pass the test by clicking the squares why not let me in?
- Lemonculus ( @Lemonculus@fedia.io ) 3•23 days ago
I’ve found that when Google decides to throw me a captcha, literally no amount of solving them will ever persuade them to let me in. I went through 10 in a row before I gave up.
Just seems like spite to me.
- Karyoplasma ( @Karyoplasma@discuss.tchncs.de ) 2•23 days ago
reCAPTCHA is a failed project. It was initially designed to lock out bots while being trivial for a human to solve but, over the years, captchas became more unintuitive and bots more sophisticated. Bots are now way better at solving captchas than humans and it’s just a useless time sink.
- dutchkimble ( @dutchkimble@lemy.lol ) 1•23 days ago
It’s those edges
- trustnoone ( @trustnoone@lemmy.sdf.org ) 25•24 days ago
Theres a few answrs to this
- It uses your movements before this to determine whether it feels like your a bot or not
- It makes you wait, the biggest issue with bots is they may try to log in say 50 different passwords for example, so if it takes 5 seconds to do each one it makes boting multiple acounts not worth it.
- Google uses catchphas with images to choose. They use this to train their own AI or data to sell
- wuphysics87 ( @wuphysics87@lemmy.ml ) 18•24 days ago
Humans have mouse movement that, on August 8, 2024, are very hard to reproduce. But just like regular captchas we are just teaching computers to do the same thing.
- GiveOver ( @GiveOver@feddit.uk ) 9•24 days ago
Whoa what happened on the 9th?
- Mambert ( @Mambert@beehaw.org ) 15•24 days ago
Basically bots would automatically click on it, teleporting the cursor to the very center of the button. They will do this within exact milliseconds of the page loading.
Humans read something on the site, then find the banner, and move the cursor over to it, confirm that the cursor is somewhere on the button, and then click it.
It’s not just the button, it’s the before the button that determines you’re a bot or not.
- FiskFisk33 ( @FiskFisk33@startrek.website ) 15•23 days ago
it also sees your mouse movements on your way to that box.
- SuspiciousCatThing ( @SuspiciousCatThing@pawb.social ) 2•23 days ago
But I use my phone.
- Hadriscus ( @Hadriscus@lemm.ee ) 13•23 days ago
Then it smells you from the microphone on your phone
- phorq ( @phorq@lemmy.ml ) Español2•23 days ago
Damn, I thought I was being stealthy by farting silently like an assassin…
- Cephalotrocity ( @Cephalotrocity@biglemmowski.win ) English14•24 days ago
I don’t know for certain, but I think it is simply looking at what you do with your mouse. If the movement is erratic, imprecise, and delayed it goes ‘yeah, that is either a cat that got lucky which is close enough or a human’. The reason I think this is that I’ve failed same site’s checks if my mouse just happens to be hovering over the checkbox when the prompt appears. Retry, move the mouse, success.
- Ellia Plissken ( @tilefan@lemm.ee ) English12•24 days ago
I’ve been told that it’s analyzing your behavior from right before you click the button
- Elise ( @xilliah@beehaw.org ) 3•23 days ago
- Magnetic_dud ( @Magnetic_dud@discuss.tchncs.de ) 11•23 days ago
Cloudflare knows almost everything done from your IP address because they’re used by the majority of websites. And some websites are using a cloudflare signed TLS certificate so if cloudflare wants, can see the content of the communication instead of an encrypted package
So they know if you have a human behavior (visiting many different websites at human speed and having rests during sleeping time) or if you have a bot behavior (sending millions of requests to the same endpoint at superhuman speeds)
- tranarchist ( @tranarchist@lemmy.ml ) English2•23 days ago
thx, TIL
- kahdbrixk ( @kahdbrixk@feddit.org ) Deutsch2•22 days ago
I’d argue that the certificate authority does not have the ability to decrypt your communication because of the nature of private and public key mechanism during the whole TLS certificate procedure. You do not send your web servers private key to cloudflare when requesting a certificate.
That would actually be pretty wild…
Other then that you’re probably right.
- Magnetic_dud ( @Magnetic_dud@discuss.tchncs.de ) 1•22 days ago
There’s a default setting that allows unencrypted communication between the server and cloudflare. So they receive unencrypted data, sign with their certificate. Or send with self signed certificate, they decrypt and reencrypt. Or for some reason can download and import on the server their own internal use certificate.
- kahdbrixk ( @kahdbrixk@feddit.org ) Deutsch1•21 days ago
You’re right, forgot that you can just not encrypt on your servers end and use cloudflare to do that for you, especially when used as CDN
- davel [he/him] ( @davel@lemmy.ml ) 7•24 days ago
01100011 01101100 01101111 01110101 01100100 01100110 01101100 01100001 01110010 01100101 00100000 01110000 01110101 01110100 01110011 00100000 01101101 01100101 00100000 01101001 01101110 00100000 01100001 01101110 00100000 01101001 01101110 01100110 01101001 01101110 01101001 01110100 01100101 00100000 01101100 01101111 01101111 01110000 00100000 01110011 01101111 01101101 01100101 01110100 01101001 01101101 01100101 01110011
- 𝕸𝖔𝖘𝖘 ( @01189998819991197253@infosec.pub ) English5•24 days ago
Pretty much every time for me. I just close the page when this thing happens. It’s not worth the headache.
- Lem Jukes ( @Lemjukes@lemm.ee ) 5•24 days ago
A side to this is that certain techniques will be deliberately obfuscated or simply omitted as a security measure in the hopes of slowing a bad actor’s eventual bypassing of the measure. It’s an arms race and if the intruder doesn’t know what all the locks even are, it takes longer to break or pick them.
- Empricorn ( @Empricorn@feddit.nl ) English4•24 days ago
It’s actually detecting you using emotion and aging. That’s the real test…
Listening to me talk about that birding hat I want to buy, checking thru Amazon to see if it’s on my wishlist.
- brian ( @brian@programming.dev ) 3•24 days ago
some of them are also less bot detection and more spam limiting and mitigation. cloudflare’s has more stuff built in I’m sure, but things like mCapcha are just proof of work, so if you’re trying to make a bunch of accounts or whatever, it’s really computationally expensive.
- interdimensionalmeme ( @interdimensionalmeme@lemmy.ml ) 2•23 days ago
This all humans will be good for in the future, until they atrophy and become a mere appendage of machinegod.
I saw the movie. Unhappy ending.
- interdimensionalmeme ( @interdimensionalmeme@lemmy.ml ) 2•23 days ago
Which movie is that ? While waiting your reply I asked chatgpt
Please write movie script where humans continue to evolve in an environment where their reproduction and evolution is mediated entirely by the solvibg of captchas. They have become one with machinegod, just a vestigial appendage so scratch an itch that the machine cannot satisfy any other way.
https://chatgpt.com/share/fae8c7fc-df78-462e-9922-9d976a182bd8