Ironic that we are so intent on creating bots that ask and check questions unsolvable by other bots.
https://en.wikipedia.org/wiki/Goodhart%27s_law
BRB, changing the simulated latency in my bot.
Proof-of-work CAPTCHAs work well for making bots expensive to run at scale, but they still rely on accurate bot detection. Avoiding both false positives and negatives is crucial, yet all existing approaches are not reliable enough.
One comment re:
> While AI agents can theoretically simulate these patterns, the effort likely outweighs other alternatives.
For now. Behavioral and cognitive signals seem to work against the current generation of bots, but will likely also be defeated as AI tools become cheaper and more accessible. It's only a matter of time until attackers can train a model on real human input, and inference to be cheap enough. Or just for the benefit of using a bot on a specific target to outweigh the costs.
So I think we will need a different detection mechanism. Maybe something from the real world, some type of ID, or even micropayments. I'm not sure, but it's clear that bot detection is at the opposite, and currently losing, side of the AI race.
Have you never once looked at the captcha and couldn't decide whether the 3 pixels of the motorcycle sticking out into the grid square meant that you should select that grid square too? Not once? As the tests become ever more sophisticated, more and more of you all will be locked out.
I think the most likely long-term solution is something like DIDs.
https://en.wikipedia.org/wiki/Decentralized_identifier
A small number of trusted authorities (e.g. governments) issue IDs. Users can identify themselves to third-parties without disclosing their real-world identity to the third-party and without disclosing their interaction with the third-party to the issuing body.
The key part of this is that the identity is persistent. A website might not know who you are, but they know when it’s you returning. So if you get banned, you can’t just register a new account to evade the ban. You’d need to do the equivalent of getting a new passport from your government.
The article is more of an intro piece for newcomers and doesn't discuss at all the state of the art or where the competition is--the high end of the market is pretty saturated already but the low end is wide open.
There is a bit of a spread in the market, and the specific detection techniques are ofc proprietary and dynamic. Until you have stewed on it quite a bit, it is reasonable to assume everything you can think of has a- been tried b- is either mainstream or doesn't work well c- what working well means is subtle.
Bots are adversarial and nasty ones play the field. Sources of truth are scarce and expensive to consult, and the costs of false positives are felt acutely by the users and the buyers, vs false negatives are more of a slow burn and a nagging suspicion.
I have the opposite view. This already played out in the Minecraft community and it turns out ghost clients are effective in spoofing such behavioral signals and avoiding anticheat. Also I doubt you can get any meaningful signal from the couple of a seconds a user's ai agent is scrolling through a site.
Whether the person interacting with your website is human or not isn't relevant anymore. What matters is what they are doing; be they human, bot, or AI agent.
This concept has been studied already extensively, e.g [1] (in 2000!) by people like Rivest and Chaum, who have actual decade-old competence in that field.
[1] https://people.csail.mit.edu/rivest/pubs/pubs/LRSW99.pdf
See also Elon demanding ad spend on his platform or like it’s literally just like when the Nazis invaded Poland. Anyone got some E? PLUR, bro but also fewer vacay days for you.
Empty economic activity driven by fiat decree of wealth hoarders suffering from post war and Cold War and leaded gas fume, lead water fueled paranoias and psychosis.
People made insane by memorization of illusory social obligations to history always run the world.
the governments powerful enough to roll something like this out are not trusted authorities which will protect the privacy of their citizens. remember before the Snowden revelations when the NSA's director of national intelligence swore under oath that they did not collect "any type of data at all on millions of Americans"?
https://en.wikipedia.org/wiki/James_Clapper#Testimony_to_Con...
I can tell you that as soon as you download Chrome and login to any Google account of yours, the captcha tests are suddenly and mysteriously gone.
Use firefox in full-lockdown mode, and you will be clicking fire hydrants and crosswalks for the next several hours.
My crazy conspiracy theory is that Google is just using captcha as an opportunity to force everyone out of privacy mode, further empowering the surveillance capitalism engines. The intent is not to be effective, but inconvenient.
Like the case recently of builder.ai which had humans pretending to be ai.
Turing was a visionary - but even he could not imagine a time when humans pretend to be bots.
This is wrong, badly wrong.
CAPTCHA stood for “Completely Automated Public Turing test to tell Computers and Humans Apart”. And that’s how people are using such things: to tell computers and humans apart. But that’s not the right problem.
Spam and abuse can come from computers, or from humans.
Productive use can come from humans, or from computers.
Abuse prevention should not be about distinguishing computers and humans: it should be about the actual usage behaviour.
CAPTCHAs are fundamentally solving the wrong problem. Twenty years ago, they were a tolerable proxy for the right problem: imperfect, but generally good enough. But they have become a worse proxy over time.
Also, “human-friendly CAPTCHAs” are just flat-out impossible in the long term. As you identify, it’s only a “for now” thing. Once it’s a target, it ceases to be effective. And the range in humans is so broad that it’s generally distressingly easy to make a bot exceed the lower reaches of human performance.
> Proof-of-work CAPTCHAs work well for making bots expensive to run at scale, but they still rely on accurate bot detection. Avoiding both false positives and negatives is crucial, yet all existing approaches are not reliable enough.
Proof-of-work is even more obviously a temporary solution, security by obscurity: it relies upon symmetry in computation power, which is just wildly incorrect. And all of the implementations I know of have made the bone-headed decision to start with SHA-256 hashing, which amplifies this asymmetry to ludicrous degree (factors of tens of thousands with common hardware, to tens of millions with Bitcoin mining hardware). At that point, forget choosing different iteration counts based on bot detection, it doesn’t even matter.
—⁂—
The inconvenient truth is: there is no Final Ultimate Solution to the Spam Problem (FUSSP).
With a hobby wiki, eventual consistency is fine. I believe ghost bans and quarantine and some sort of invisible captcha would go a long way toward my goal, but it’s hard to find invisible captcha.
There was a research project long ago that used high resolution data from keyboards to determine who was typing. The idea was not to use the typing pattern as a password, but to flag suspicious activity. To have someone walk past that desk to see if Sally hurt her arm playing tennis this weekend of if Dave is fucking around on her computer while she’s in a meeting
That’s about the level I’m looking for. Assume everyone is a bot during a probationary period and put accounts into buckets of likely human, likely bot, and unknown.
What I’d have to work out though is temporary storage for candidate edits in a way they cannot fill up my database. A way to throttle them and throw some away if they hit a limit. Otherwise it’s still a DOS attack.
If they can narrow down the possibilities to quadratic space then you lose.
I agree that better authentication methods for AI agents are needed. But right now bots and malicious agents are a real problem for anyone running sites with significant traffic. In the long run I don’t think human traffic will go to zero even if its relative proportion is reduced.
> Productive use can come from humans, or from computers.
I agree in principle, but the reality is that 37% of all internet traffic originates from bots[1]. The overwhelming majority of that traffic (89% according to Fastly) can be described as abusive. In turn, the abusive traffic from humans likely pales in comparison. It's vastly cheaper to setup bot farms than mechanical turk farms, and it's only getting cheaper.
Identifying the source of the traffic, while difficult, is a generalizable problem. Whereas tracking specific behavior will depend on each site, and will likely require custom implementation for each type of service. Or it requires invasive tracking of users throughout the duration of their session, as many fraud prevention systems do.
Both approaches can be deployed at the same time. A CAPTCHA is not meant to be the only security solution anyway, but as a first layer of defense that is generally simple to deploy and maintain.
That said, I concede that the sentence "[CAPTCHAs] are the only solution" is wrong. :)
> Proof-of-work is even more obviously a temporary solution, security by obscurity
I disagree, and don't see how it's security by obscurity. It's simply a method of increasing the access cost for abusive traffic. The more signals are gathered that identify the user as abusive, the higher the "price" they're required to pay to access the service. Whether the user is a suspected bot or not could just be one type of signal. Behavioral and cognitive signals as mentioned in TFA can be others. Yes, these methods aren't perfect, and can mistakenly penalize human users and be spoofed by bots, but it's the best we currently have. This is what I'd like to see improved.
Still, even with all their faults, I think PoW CAPTCHAs offer a much better UX than traditional CAPTCHAs ever did. Yes, telling humans apart from computers is getting more difficult, but it doesn't mean that the task is pointless.
[1]: https://learn.fastly.com/rs/025-XKO-469/images/Fastly-Threat...
These tests here are easily bypassable, just adding a random delay somewhere during the action phases to mimic humans, and there's already tools for mimicking human mouse movements.
Are you sure? And how do you know?
There are a lot of CAPTCHA cracking services. Given the price, they are hardly sustainable even under developing country wage level. I believe they actually solve the easy ones automatically and humans are only involved for the harder ones.
“Expensive” depends on the value of what you do behind the captcha
There are human-solving captcha services that charge USD 1 for 1k captchas solved (0.1 cents per captcha)
So as long as you can charge more than what solving the captchas cost, you are good to go
Unfortunately, for a lot of tasks, humans are currently cheaper than AI
I want it. I don't want my message boards to be people's AI agents...
> what if the turing test already runs silently across every site you open. just passive gating based on scroll cadence, mouse entropy, input lag without captcha or prompt
>what if you already failed one today. maybe your browser fingerprint was too rare, maybe your keyboard rhythm matched a bot cluster from six months ago. so the UI throttled by 200ms. or the request just 403'd.
> what if the system doesn't need to prove you're a bot. it just needs a small enough doubt to skip serving you the real content.
> what if human is no longer biological but statistical. a moving average of behavior trained on telemetry from five metro cities. everyone outside that gets misclassified.
>what if you'll never know. timeline loads emptier than someone else with explicit rejection to the content
2. Send link to coworkers via Slack so they can spend five minutes doing the tasks.
3. Capture that data and create thousands of slight variations saved to db as profiles
4. Bypass bot protections.
There is nothing anyone can do to prevent bots.
I use keyboard navigation on many pages. Using the firefox setting "search when you start typing", I don't have to hit ctrl+f to search on the page, I just type what I want to click on and press enter or ctrl+enter for a new browser tab, or press (shift+)tab to go to the nearest (previous/next) input field. When I open HN, it's muscle memory: ctrl+t (new tab) new enter (autocompletes to the domain) thr enter (go to threads page) anything new? type first few chars of username, shift+tab+tab enter to upvote. Done? Backspace to go back. View comments of a link? Type last char of a word in the link, space, and first char of next word, that's almost always unique on the page, then escape, type men, enter, to almost always activate the comment link. Or shift+tab enter instead to upvote. On the comments page, reading top-level comments is either searching for [ and then enter+f3 when I want to collapse the next one, space for page down... Don't have to take my hands off the home row
etc. on lots of website, also ones I've never visited before (it'll be slower and less habitual of course, but still: if there is text near to where I want to go, I'm typing it). I use the mouse as well, but I find it harder to use than the keys that are always in the same place, much easier to press
So will it tell me that my mouse movements don't look human enough or will I see a "Sorry, something went wrong" http 403 error and have no clue if it's tracking cookies, my IP address, that I don't use Google Chrome®, that I went through pages too fast, that I didn't come past the expected page (where a cookie gets set) but clicked on a search result directly, that I have a bank in country A but residence in country B, that I now did too many tries in figuring out which of these factors is blocking me.... I can give examples of websites where I got blocked in the last ~2 months for each of these. It's such a minefield. The only thing that always passes is proof-of-work CPU challenges, but I dread to think what poor/eco people with slow/old computers are facing. Will this "invisible" captcha (yeah, invisible until you get banned) at least tell me how I'm supposed to give my money to whatever service or webshop will use this?
No they don't, that's the point: you can serve everyone a PoW and don't have to discriminate and ban real people. This system you're enthusiastic about is what tries to do this "accurate bot detection" (scratch the first word)
Distinguishing en mass seems like a waste to me. Deal with the actual problems like resource abuse.
I think part of the issue is that a lot of people are lying to themselves that they "love the public" when in reality they really don't and want nothing to do with them. They lack the introspection to untangle that though and express themselves with different technical solutions.
https://github.com/TecharoHQ/anubis/blob/main/data/botPolici...
Marketing indeed. He had me doubting for a while what magic they weren't sharing with the rest of us to avoid countermeasures being developed, but I know better now (working in infosec, seeing what these systems catch, don't catch, and bycatch)
I work for Stytch and for us, that looks like:
1) make it easy to provide Connected Apps experiences, like OAuth-style consent screens "Do you want to grant MyAgent access to your Google Drive files?"
2) make it easy to detect all bots and shift them towards the happy path. For example, "Looks like you're scraping my website for AI training. If you want to see the content easily, just grab it all at /LLMs.txt instead."
As other comments mention, bot traffic is overwhelmingly malicious. Being able to cheaply distinguish bots and add friction makes your life as a defending team much easier.
You always have to show people their own edits. It's a common form of proofreading. But what's added and how often does matter. Misinformation is one thing. External links are potentially something much worse. I used to think SO had it figured out as far as mutual policing, but that's not working so well now either.
It might work for a while, but that's a losing battle.
The ultimate challenge is to replicate end-to-end natural human cognition, which is currently an unsolved and hard problem (and also not necessarily the main focus of AI researchers).
Very few sites are broken by blocking Google's features, incidentally. Even Privacy Badger warns that blocking Google Tag Manager may break sites. It doesn't break anything important.
Hi this is incorrect. Different =/= dumber. The insight is that humans and computers have different constraints / algorithmic capabilities / objective functions / etc.
https://www.nytimes.com/2006/02/05/technology/postage-is-due...
Maybe it was my fault to advertise my own solution in comments.
Such behavior however triggered bot detection. I might have behaved like a NPC. So currently a human can be identified as a bot, and banned on that premise. Crazy times.
Currently I feel I must act like a human.
I'm also not sure what "we" are doing now that makes the web look dead to you. I receive no more email spam than ten years ago, less if anything, and I haven't seen any spam on the places that I frequent like HN, stackexchange, wikipedia, mastodon, signal, github, etc.
https://en.bitcoin.it/wiki/Hashcash
https://en.wikipedia.org/wiki/Hashcash
C implementation (feature-rich): https://github.com/hashcash-org/hashcash/tree/master/c
A Factor (Forth-like language) implementation of it: https://github.com/factor/factor/blob/master/extra/hashcash/...
If the only way to associate a user with their ID is by fingerprinting them, you can do the same thing without an ID with having shadow profiles. If the proof system is designed for privacy, the ID doesn't make you more trackable.
In other words, if the ID never directly leaks companies can just make up a static ID for you and get the same results.
Visit a website that require identification. Generate a random unique identifier in your user agent. Live your life on that site. Download from that site a certificate that prove that your didn't abuse their site. Repeat that a few times.
Visit the site that wants to know if you are an abusive user. Share your certificates. They get to choose if they accept you.
If you abuse that site, it reports the abuse to the other sites that delivered you a certificate. Those sites gets to decide if they revoke their certificate or not.
It is a self policying system that require some level of cooperation. Users make themselves vulnerable to the risk of having sites they like loose trust in them.
It takes a long time and enormous amounts of money to make new chips for a specific proof of work. And sites can change their algorithm on a dime. I don't think this is a big issue.
There is a permanent ID, but it doesn't have to be told to the site.
In which case it doesn't make tracking any easier than the site making up a "fake" ID for you.
How hard is it to obtain one of these certificates as a bot?
What you are describing though is possibly comparable to Privacypass.
Apple seems to be on board with Privacypass, perhaps they'll include a digital voucher of some kind with their devices and that presumably contributes to old devices getting worse as the voucher is spent down.
Just imagine if the whole web can contribute to planned obsolescence and you can pay for a fast, hassle free internet experience again just by buying a new phone.
And then you can dump the old ones on eBay for cheap as long as you don't plan on using them to access online services. Unless you are willing to settle for basic economy web experience.
At the time, Ticketmaster’s anti-bot measures were the gold standard. They gave us fair warning that they planned to implement Mastercard’s SaaS-based solution (same as described in OP’s article), so I had everyone on the team capture keyboard-typing cadence, mouse movements, and other behavioral metrics. I used that as the excuse to build a Chrome extension that handled all of those tasks, and I leaned on the backend team to stop procrastinating and integrate the new API endpoints that Ticketmaster was rolling out. For about a week, that extension managed millions of dollars in inventory—until I got our headless browsers back up and running.
In the end, any lock can be picked given enough time; its only real purpose is to add friction until attackers move on to an easier target. But frankly, nobody can stop me from scraping data or automating site interactions if it’s more profitable than whatever else I could be working on. I have some ideas how to prevent me from using automated bots but all of the companies I've applied to over the years never respond -- that's on them.
Could that just be because the modern LLM generated spam doesn't look like old-school spam? Just recently we learnt that a university conducted a study on Reddit changemyview subreddit using LLM generated comments without getting caught.
They're the only solution that doesn't require a pre-existing trust relationship, but the web is more of a dark forest every day and captchas cannot save us from that. Eventually we're going to have to buckle down and maintain a web of trust.
If you notice abuse, you see which common node caused you to trust the abusers, and you revoke trust in that node (and, transitively, everything that it previously caused you to trust).
It is getting easier and easier to create questions/problems that humans can't answer at LLM speed.
Of course, that solves a complementary problem, not the original. But in terms of instances, by any definition, the demographics are quickly moving in one direction.
The web, HTML that is, is a grammar, an app is a grammar, the buttons of my car are a grammar, I want each grammar served, transformed to my grammar however I like it, probably org-mode file grammar.
I don't want each website's colors, or clickable elements to be determined by any other person than the user. There are themes, I want to select exactly what theme I am browsing the internet today. I also want my fridge to be connected to the internet, accessed using an authentication layer on top of IPv6, and using it's functionality with a grammar.
In other words, the web, browsers, apps and physical buttons will go down the drain soon and they will be replaced by something which can open and manipulate org filetypes.
The web was/is a huge financial bubble anyway, and it will burst quickly when that happens.
Took me ages to figure out what its issue was.
The trust I mentioned was the ability for third-parties to trust that the authority will not hand out IDs in an uncontrolled manner. I was not saying that the ID holders need to trust the authority:
> Users can identify themselves to third-parties without disclosing their real-world identity to the third-party and without disclosing their interaction with the third-party to the issuing body.
If the authority doesn’t know how your ID is used, you don’t have to trust the authority to keep that information private.
This doesn’t make sense. The whole point of using IDs in this way is in an authenticated context.
Did you think I was suggesting that this ID would be accessible to any website without asking? This is something you would send as part of a registration step. So, for instance, if you spam Hacker News, you get banned, you try to register again, it receives the same ID as before and knows not to let you register.
There's a huge economy out there based on wasting human time. They explicitly do not want agents acting on behalf of humans, because it means human time is no longer being wasted.
They also don't want to get paid in money, because the money would go to a different profit center. The only payment they accept (because they use that as a metric to justify their salary) is "engagement" aka proof of wasted human time.
It’s important to assume, in security and security-adjacent things, that the attacker has more compute power than the defender. You cannot win in this way.
Proof-of-work is bad rate limiting that relies upon the server having a good estimate of the capabilities of the client. No more, no less.
I bring up the SHA-256 thing as an argument that none of the players in the space are competent. None of them. If you exclude hand-rolled cryptography or known-bad techniques like MD5, SHA-256 is very literally the worst choice remaining: its use in Bitcoin and the rewards available have utterly broken it for this application. If you intend proof of work to actually be the line of defence, you start with something like Argon2d instead. I honestly think that, at this stage, these scripts could replace their proof of work with a “sleep for one second” (maybe adding “or two if I think you’re probably a bot”) routine and have the server trust that they had done so, without compromising their effectiveness.
Online identity verification is probably best handled by an organization with that as a single priority.
Under the government ID scheme, we have to trust [bad corrupt government] to verify all citizens of [bad corrupt government]. Since that government frequently lies and acts maliciously using every means at their disposal, platforms will treat IDs verified by that government similar to bot traffic and the country will be cut off from the public internet. You'll be banning scientists and journalists from working with others around the world, just because they live in a country with an obnoxious government.
Isn't it also best if people can have multiple identities? Or should someone's contributions to X field be discounted because of their dabbling in fringe Y field?
So I completely disagree with this; you can train youself to completely ignore the color and just read/act on the word very fast. In fact, this is a game that people play.
Second, I am surprised AI agents are this naive. I thought they would emulate human behavior better.
In fact, just based on this article, very little effort has been put into this race on either side.
So I wonder if is has to do with the fact that if companies like google reliably filtered out bot traffic, they would loose 90% of their AD revenue. This way they have plausible deniability.
The problem is that such a system could be easily abused or misused. A bad actor could intentionally or mistakenly penalize users, which would have global consequences for those users. So we need a web of trust for the judges as well, and some way of disputing and correcting the mistake.
It would be interesting to prototype it, though, and see how it could work at scale.
If you think people self-censoring themselves on social media is now a problem (the "unlive" novlang is always such a dystopic hint to me), you have seen nothing.
Like what?
https://docs.zkpassport.id/faq https://docs.zkpassport.id/examples/personhood
The whole point of having trusted issuers is that there aren’t any “disposable companies” who hand out many identities in an uncontrolled manner. If there were, they would quickly become untrusted, making the IDs worthless.
If you're not careful something like that can subvert the efforts to reduce cross-site tracking, but you can do resolve this with thoughtful cryptography: https://privacysandbox.google.com/protections/private-state-...
Even in 2009 I knew people who were using neural networks (in PHP no less!) to decode CAPTCHAs with superhuman peformance. I see the whole thing as performative as those things get in my way tens or hundreds of times a day when I browse the web as a human but in years of webcrawling they didn't give me any trouble until the last two weeks.
Y'all will balk at that but in a decade or so I think we'll have no other choice.
But even that will fail since certain countries will likely be less precious about their system for this and spammers will still get fake ids. Same problem as now with phone numbers/rcs spam.
I don't see this ever happening, though.
Then again, I noticed a few years ago in a previous "when to report as spam" discussion on HN that this is a lost cause. People will label things they signed up for as spam because they didn't want to receive it anymore, and others defended that behavior. Abuse and manipulation might as well go in that same category of "anything I don't want to read == spam", just know that when you say "spam", there's some people like me who will understand what it used to mean and try to interpret the message as referring to things such as the stereotypical viagra spam
The thing we're losing is the open web where anyone can view any page and buy any product they can afford without being banned (edit: or, reading back up what this was about, contributing to projects without the input going to /dev/null apparently)