Captchas aren’t easy to bypass - run of the mill scammers can’t afford a bunch of servers running cutting edge LLMs for this
Captchas were never a guarantee - one person could sit there solving captchas for a good chunk of a bot farm anyways
So where does that leave us? Sophisticated actors could afford manually doing captchas and may even just be using a call-center setup to do astroturfing. My bigger concern here is the higher speed LLMs can operate at, not bypassing the captcha
Your run of the mill programmer can’t bypass them, it requires actual skill and a time investment to build a system to do this. Captchas could be defeated programically before and still can now - it still raises the difficulty to the point most who could bother would rather work on something more worthwhile
IMO, the fact this keeps getting boosted makes me think this is softening us up to accept less control over our own hardware
I work in a related space. There is no good solution. Companies are quickly developing DRM that takes full control of your device to verify you’re legit (think anticheat, but it’s not called that). Android and iPhones already have it, Windows is coming with TPM and MacOS is coming soon too.
Edit: Fun fact, we actually know who is (beating the captchas). The problem is if we blocked them, they would figure out how we’re detecting them and work around that. Then we’d just be blind to the size of the issue.
Edit2: Puzzle captchas around images are still a good way to beat 99% of commercial AIs due to how image recognition works (the text is extracted separately with a much more sophisticated model). But if I had to guess, image puzzles will be better solved by AI in a few years (if not sooner)
Private Access Tokens? Enabled by default in Settings > [your name] > Sign-In & Security > Automatic Verification. Neat that it works without us realizing it, but disconcerting nonetheless.
So, the spammers will need physical Android device farms…
So what would be a good solution to this? What is something simple that bots are bad at but humans are good at it?
I think this is a non-issue
Captchas aren’t easy to bypass - run of the mill scammers can’t afford a bunch of servers running cutting edge LLMs for this
Captchas were never a guarantee - one person could sit there solving captchas for a good chunk of a bot farm anyways
So where does that leave us? Sophisticated actors could afford manually doing captchas and may even just be using a call-center setup to do astroturfing. My bigger concern here is the higher speed LLMs can operate at, not bypassing the captcha
Your run of the mill programmer can’t bypass them, it requires actual skill and a time investment to build a system to do this. Captchas could be defeated programically before and still can now - it still raises the difficulty to the point most who could bother would rather work on something more worthwhile
IMO, the fact this keeps getting boosted makes me think this is softening us up to accept less control over our own hardware
https://imgs.xkcd.com/comics/constructive.png
I work in a related space. There is no good solution. Companies are quickly developing DRM that takes full control of your device to verify you’re legit (think anticheat, but it’s not called that). Android and iPhones already have it, Windows is coming with TPM and MacOS is coming soon too.
Edit: Fun fact, we actually know who is (beating the captchas). The problem is if we blocked them, they would figure out how we’re detecting them and work around that. Then we’d just be blind to the size of the issue.
Edit2: Puzzle captchas around images are still a good way to beat 99% of commercial AIs due to how image recognition works (the text is extracted separately with a much more sophisticated model). But if I had to guess, image puzzles will be better solved by AI in a few years (if not sooner)
I love Microsoft’s email signup CAPTCHA:
Repeat ten times. Get one wrong, restart.
Private Access Tokens? Enabled by default in Settings > [your name] > Sign-In & Security > Automatic Verification. Neat that it works without us realizing it, but disconcerting nonetheless.
So, the spammers will need physical Android device farms…
deleted by creator