It is incredibly obvious that CAPTCHAs are at the very least a way of exploiting distributed labor to train AI.
They had been used to help with text recognition for book scanning for more than a decade. It has never been secret, it was explained on them time ago.
This is the logical progression, regardless of your feelings with “AI”
deleted by creator
Okay, this “$1 trillion” metric is a bit of a reach, and seems to be based on an arbitrary value assigned to an estimated amount of data Google has collected, and not actually $1,000,000,000,000 in revenue. It does not appear that Google has actually made a trillion dollars from CAPTCHA data.
This sounds like a conspiracy theory but I’d like to know more.
The study that they reference: https://arxiv.org/abs/2311.10911 [PDF]
They don’t seem to actually identify the cookies as tracking (as opposed to just identifying that the account can bypass further challenges), just assuming that any third party cookie has a monetary tracking value.
It also appears to be unreviewed and unpublished a few years later. Just being in paper format and up on arXiv doesn’t mean that the contents are reliable science.
we do so via a large-scale (over 3, 600 distinct users) 13-month real-world user study and post-study survey
results indicate that the website context directly influences (with statistically significant differences) solving time between pass- word recovery and account creation.
We explore the cost and security of reCAPTCHAv2 and conclude that it has an immense cost and no security. Overall, we believe that this study’s results prompt a natural conclusion: reCAPTCHAv2 and similar reCAPTCHA technology should be deprecated.
It’s true. They make us work to identify data, we are checking for them not confirming, then they also track us.
Since Cloudflare published Turnstile I’ve hated Captchas even more, because Turnstile does it so much better. Captchas are such a hassle. One website I occasionally visit does not keep me logged in and then presents one of the worst captcha puzzle systems. Shitty captchas are a huge barrier.
Turnstile is, in almost all cases, one checkbox to click (I’ve never been challenged beyond that). All captcha puzzles should be replaced with Turnstile or similar simple (for the user to solve) tech.
Cloudflare turnstile is also the only captcha system that works ok with most browsers and adblockers.
Especially Google recaptcha freaks out if you use Firefox or an adblocker or anything and asks you the hardest possible questions.
That’s a feature, not a bug.
Anticompetitive feature!
How’s that work anyway. Fingerprinting?
The announcement blog post linked on the bottom of the linked Turnstile page has some info on that
For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser. The current deployment of Turnstile checks billions of visitors every day, and we are able to identify browser abnormalities that bots exhibit while attempting to pass those tests.
I’m a simple guy. If a website I visit uses any kind of captcha other than Cloudflare’s Turnstile, then I close that website and don’t use it ever again. I’m not interested in wasting five minutes picking which squares have busses in them because ReCaptcha has decided I have to do the captcha 200 times.
What is infuriating, is that some government official website in my country used google captcha
Is that cloudflare one the one that just verifies you’re human automatically? Like it pops up with a check box you sometimes don’t even have to manually click? How does that one even work? 🤔
The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
It checks user agent to see if you are using something generic in a user agent switcher. It gives me fits sometimes if I leave it on chrome from Firefox too long.
Yes, that’s the one. It works by just using Javascript to check that the browser is OK.
It’s a lot easier to determine the intent of this hed with the quote being closed somewhere. Just after “service” would have been my guess, but it’s a disservice to remove that and leave people dangling.
My larger issue is that when I’m faced with traffic lights – or, god forbid, motorcycles – this is performative nonsense wherein I’m supposed to guess percentage coverage on a given square without having been provided parameters.
At this point, CAPTCHAs feel designed to make sure you can never get through the first time, thus needing to continue training image models several times before I can just fucking do what I originally came to the site for.
At this point, CAPTCHAs feel designed […] training image models
It was never a secret:
The reCAPTCHA program originated with Guatemalan computer scientist Luis von Ahn, and was aided by a MacArthur Fellowship. An early CAPTCHA developer, he realized “he had unwittingly created a system that was frittering away, in ten-second increments, millions of hours of a most precious resource: human brain cycles”
I was fine with it when it was wavy text to digitise old works. This shit is just asinine and a time sink.
Yeah… only OCR and AI have advanced to the point where a spammer/bot can easily bypass them.
20+ years ago, Microsoft proposed a [Penny Black project](https://en.m.wikipedia.org/wiki/Penny_Black_(research_project)), which was superseded by reCAPTCHA. Nowadays, we might have to go back to that… maybe by mining crypto as a proof of effort.
Past tense?
