• dragontamer@lemmy.world
    link
    fedilink
    English
    arrow-up
    45
    ·
    1 year ago

    Except we know its not true.

    Just one month ago, Lemmy didn’t have CAPTCHAs, and we were hit by so many script-kiddies that signups to https://lemmy.world had to be disabled.

    The hackers who will create thousands-of-accounts and make thousands-of-spam posts are largely low-quality hackers who don’t know how to make an AI bot. Proof? When the Admins added the dumbest of CAPTCHAs to https://lemmy.world, those fake-signups stopped.

    CAPTCHAs work, at least at the level that lemmy.world is at. We’ll have to get better as we get more popular but there’s an ocean of difference from wget/curl script-kiddie and AI-using bot master.

    • agent_flounder@lemmy.one
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      I suspect it is just a matter of time before someone makes the tech easy to use and affordable enough for the masses of bad actors.

    • Terrasque@infosec.pub
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      Yeah, they still work somewhat as in they raise the bar on how complex the bot needs to be.

      Believe me, there’s tons of spammers out there that have captcha cracking bots. They’re just not as dumb as the basic skiddie that can barely make a http POST.

      Captcha’s were supposed to separate bots from humans. Now it separates simple bots from complex bots.

      Oh, and as a bonus, a lot of places hire people to create accounts and post spam for pennies.

    • asudox@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      It’s a very bad decision to not implement CAPTCHA when you are going to allow signups. There’s always someone that will take advantage of this and annoy you with constant sign ups.

  • deong@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    I’ve been saying for a while now that the actual test should be that you miss a couple. If you can look at a this 4 nanometer picture of what is either a bird, a sofa, or the titanic, and correctly tell me if it has part of one pedal from a bicycle in it, you’re a robot.

    • Brokkr@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      That’s already built in. If you answer too quickly or too accurately (with the pictures at least), it will give you another one. Best way to beat this is to select an incorrect answer and then deselect it before submitting

      • fuzzzerd@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Mind blown. I’ve observed this and it’s fucking infuriating, only to just realize they’re judging me for doing it too quickly and making me try again.

  • OfficerBribe@lemm.ee
    link
    fedilink
    English
    arrow-up
    16
    ·
    edit-2
    1 year ago

    Furthermore the bots’ solving times are significantly lower in all cases, except reCAPTCHA, where human solving time of 18 seconds is nearly similar to the bots’ time of 17.5 seconds.

    Due to this solving time captchas still provide an easy method how to reduce spammy request count. Also kind of doubt it is super easy to create your own setup that would bypass captchas so everyone could do this, but there probably are 3rd party services exactly for this.

    • JohnEdwa@kbin.social
      link
      fedilink
      arrow-up
      4
      arrow-down
      1
      ·
      1 year ago

      Countless services exist where you can buy captcha solving, though currently it’s done by actual humans in developing countries for tiny pay. Yet another job that’s going to soon be replaced by AI, though this time it almost certainly will result in some people starving to death.

      • Buddahriffic@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 year ago

        You’re not going to get me to feel any sympathy for the dying market of paid human bad faith internet actor.

        It would be like acting sad if improvements to the phone system’s security resulted in spoofing numbers no longer being possible and putting phone scammers out of business.

  • Brokkr@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    I thought the point of captchas was to train AI models?

    So does this mean all that work is finally paying off? This is a success right?

  • MeetInPotatoes@lemmy.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Caught one of those wavy block letter captchas the other day that was so distorted I couldn’t make out a single letter.

    Cue: “Maybe I AM a robot.”

  • imgonnatrythis@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Good. Glad I won’t have to deal with these anymore. I suck at them and have a complex now about being a robot.