CAPTCHAs are over (in ticketing)

(behind.pretix.eu)

204 points pabs3 | 1 comments | 25 May 25 00:37 UTC | HN request time: 0s | source

Show context

timshell ◴[26 May 25 03:40 UTC] No.44093768[source]▶

I'm a founder in this space (www.roundtable.ai; YC S23)

Behavior is a big missing link. Many CAPTCHA services (including Google reCAPTCHA v3) claim to use behavioral analyses, but you can disprove this using Operator to fill out a form and see reCAPTCHA and other bot detection systems flag it as a human.

At Roundtable, we rely on first-order behavioral markers (keystroke, mouse, scroll, click) etc. When first-order are sufficiently spoofed, analyze higher-level cognitive traits (e.g. incongruent effect in Stroop)

replies(2): >>44094474 #>>44095197 #

metladsl ◴[26 May 25 08:19 UTC] No.44095197[source]▶

>>44093768 #

that's not entirely true. reCAPTCHA v3 relies on your Google account as a signal and what activities it has performed out in the wild. It's not exactly privacy-conscious, but certainly behavioral.

replies(1): >>44099225 #

timshell ◴[26 May 25 16:58 UTC] No.44099225[source]▶

>>44095197 #

Here's a GIF where reCAPTCHA v3 can't detect Operator: https://x.com/_magrawal/status/1925543620217905641

'Behavioral' is loosely defined, but it seems like the behavioral tells of Operator are quite simple

replies(1): >>44099251 #

1. metladsl ◴[26 May 25 17:01 UTC] No.44099251[source]▶

>>44099225 #

bot protection, and specially sophisticated bot protection systems like recaptcha and shape security really kick in at scale. there'll be no obvious signs you're detected until you try to scale up your automations.

↑