this post was submitted on 24 Aug 2024
395 points (97.1% liked)

Asklemmy

43962 readers
1587 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I'm human?

That's hardly the Turing Test I'd expected.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] trustnoone@lemmy.sdf.org 47 points 3 months ago (2 children)

Theres a few answrs to this

  1. It uses your movements before this to determine whether it feels like your a bot or not
  2. It makes you wait, the biggest issue with bots is they may try to log in say 50 different passwords for example, so if it takes 5 seconds to do each one it makes boting multiple acounts not worth it.
  3. Google uses catchphas with images to choose. They use this to train their own AI or data to sell
[โ€“] IphtashuFitz@lemmy.world 7 points 3 months ago* (last edited 3 months ago)

Smarter bots know how to easily avoid being detected based on the speed of their requests by simply adding a random delay to them. A few years ago we discovered a very slow speed credential stuffing attack (testing usernames & passwords) against my employers site. It was only testing one set of credentials every couple of minutes.

Once we discovered it we didnโ€™t block it though. We were able to spot the attack fairly easily once we knew what to look for, so we updated our system to always return a login failure no matter what credentials they sent.

To elaborate on point 1, it's about uniqueness and timing of the path the mouse takes to click the checkbox. If it's too straight or consistent it will red flag you.