I work in a related space. There is no good solution. Companies are quickly developing DRM that takes full control of your device to verify you’re legit (think anticheat, but it’s not called that). Android and iPhones already have it, Windows is coming with TPM and MacOS is coming soon too.
Wistful@discuss.tchncs.de 3 months ago
So what would be a good solution to this? What is something simple that bots are bad at but humans are good at it?
OsrsNeedsF2P@lemmy.ml 3 months ago
parpol@programming.dev 3 months ago
[deleted]henfredemars@infosec.pub 3 months ago
Not if we build our own open and free Internet first.
Bonesince1997@lemmy.world 3 months ago
Only to be discovered by the bots and other ne’er-do-wells…
brbposting@sh.itjust.works 3 months ago
I love Microsoft’s email signup CAPTCHA:
Repeat ten times. Get one wrong, restart.
iPhones already have it
Private Access Tokens? Enabled by default in Settings > [your name] > Sign-In & Security > Automatic Verification. Neat that it works without us realizing it, but disconcerting nonetheless.
So, the spammers will need physical Android device farms…
IphtashuFitz@lemmy.world 3 months ago
I know some sites have experimented with feeding bots bogus data rather than blocking them outright.
My employer spotted a bot a year or so ago that was performing a slow speed credential stuffing attack to try to avoid detection. We set up our systems to always return a login failure no matter what credentials it supplied. The only trick was to make sure the canned failure response was 100% identical to the real one so that they wouldn’t spot any change. Something as small as an extra space could have given it away.
Lost_My_Mind@lemmy.world 3 months ago
Pizza toppings. Glue is not a topping.
Imgonnatrythis@sh.itjust.works 3 months ago
Neither are pineapples. Fight me.
NegativeInf@lemmy.world 3 months ago
Isn’t the real security from how you and your browser act before and during the captcha? The point was to label the data with humans to make robots better at it. Any trivial/novel task is sufficient generally, right?
theneverfox@pawb.social 3 months ago
I think this is a non-issue
Captchas aren’t easy to bypass - run of the mill scammers can’t afford a bunch of servers running cutting edge LLMs for this
Captchas were never a guarantee - one person could sit there solving captchas for a good chunk of a bot farm anyways
So where does that leave us? Sophisticated actors could afford manually doing captchas and may even just be using a call-center setup to do astroturfing. My bigger concern here is the higher speed LLMs can operate at, not bypassing the captcha
Your run of the mill programmer can’t bypass them, it requires actual skill and a time investment to build a system to do this. Captchas could be defeated programically before and still can now - it still raises the difficulty to the point most who could bother would rather work on something more worthwhile
IMO, the fact this keeps getting boosted makes me think this is softening us up to accept less control over our own hardware
I_Miss_Daniel@lemmy.world 3 months ago
Smell? :)
hakunawazo@lemmy.world 3 months ago
Yes, or:
Which of these images makes you horny?
theneverfox@pawb.social 3 months ago
I think this is a non-issue
Captchas aren’t easy to bypass - run of the mill scammers can’t afford a bunch of servers running cutting edge LLMs for this
Captchas were never a guarantee - one person could sit there solving captchas for a good chunk of a bot farm anyways
So where does that leave us? Sophisticated actors could afford manually doing captchas and may even just be using a call-center setup to do astroturfing. My bigger concern here is the higher speed LLMs can operate at, not bypassing the captcha
Your run of the mill programmer can’t bypass them, it requires actual skill and a time investment to build a system to do this. Captchas could be defeated programically before and still can now - it still raises the difficulty to the point most who could bother would rather work on something more worthwhile
IMO, the fact this keeps getting boosted makes me think this is softening us up to accept less control over our own hardware
tal@lemmy.today 3 months ago
Image
imgs.xkcd.com/comics/constructive.png