Most active commenters

    ←back to thread

    Bot or human? Creating an invisible Turing test for the internet

    (research.roundtable.ai)
    132 points timshell | 13 comments | 25 Jun 25 15:00 UTC | HN request time: 1.113s | source | bottom
    1. qoez ◴[25 Jun 25 15:22 UTC] No.44378354[source]
    I totally assumed typing cadence and mouse behaviour was incorperated into bot detection for years before this already, interesting.
    replies(5): >>44378493 #>>44378607 #>>44378715 #>>44378901 #>>44379408 #
    2. NoMoreNicksLeft ◴[25 Jun 25 15:34 UTC] No.44378493[source]
    You can never go wrong betting on laziness and aversion to ambition for excellence.
    3. bgwalter ◴[25 Jun 25 15:45 UTC] No.44378607[source]
    chess.com had this a long time ago.
    4. lq9AJ8yrfs ◴[25 Jun 25 15:54 UTC] No.44378715[source]
    You are not wrong.

    The article is more of an intro piece for newcomers and doesn't discuss at all the state of the art or where the competition is--the high end of the market is pretty saturated already but the low end is wide open.

    There is a bit of a spread in the market, and the specific detection techniques are ofc proprietary and dynamic. Until you have stewed on it quite a bit, it is reasonable to assume everything you can think of has a- been tried b- is either mainstream or doesn't work well c- what working well means is subtle.

    Bots are adversarial and nasty ones play the field. Sources of truth are scarce and expensive to consult, and the costs of false positives are felt acutely by the users and the buyers, vs false negatives are more of a slow burn and a nagging suspicion.

    replies(1): >>44379802 #
    5. timshell ◴[25 Jun 25 16:10 UTC] No.44378901[source]
    That's definitely been the marketing. The point of Section 1 is to refute that point
    replies(1): >>44380851 #
    6. ipdashc ◴[25 Jun 25 16:53 UTC] No.44379408[source]
    Yeah, I feel like I'm going crazy looking at that first example video. Was Google's CAPTCHA not supposed to analyze exactly that? Yet the mouse is insta-jumping to the input boxes, the input text is being pasted in instantaneously, and somehow it gets past? That seems utterly trivial to detect. Meanwhile us normal users are clicking on pictures of traffic lights all day?
    replies(2): >>44379425 #>>44379504 #
    7. timshell ◴[25 Jun 25 16:54 UTC] No.44379425[source]
    me and you both
    8. mitchitized ◴[25 Jun 25 17:00 UTC] No.44379504[source]
    That is because I do not think Google's aims for captcha are the same as ours.

    I can tell you that as soon as you download Chrome and login to any Google account of yours, the captcha tests are suddenly and mysteriously gone.

    Use firefox in full-lockdown mode, and you will be clicking fire hydrants and crosswalks for the next several hours.

    My crazy conspiracy theory is that Google is just using captcha as an opportunity to force everyone out of privacy mode, further empowering the surveillance capitalism engines. The intent is not to be effective, but inconvenient.

    replies(1): >>44381135 #
    9. hinkley ◴[25 Jun 25 17:29 UTC] No.44379802[source]
    As I understand it detection software is also at great pains to make it difficult for bots to analyze the patterns of rejections to figure out what rule is catching them.

    If they can narrow down the possibilities to quadratic space then you lose.

    10. lucb1e ◴[25 Jun 25 19:08 UTC] No.44380851[source]
    I had a security manager at a big bank (one of my first clients) tell straight to my face that the website decides whether to let me in before I even start typing the password(-equivalent) and that the password is just a formality not to scare people. Near as I could tell, he believed it himself

    Marketing indeed. He had me doubting for a while what magic they weren't sharing with the rest of us to avoid countermeasures being developed, but I know better now (working in infosec, seeing what these systems catch, don't catch, and bycatch)

    11. Animats ◴[25 Jun 25 19:39 UTC] No.44381135{3}[source]
    Yes. As someone who runs with Firefox in full lockdown mode, including Privacy Badger and total blocking of Google Tag Manager, I have to click on a lot of fire hydrants and crosswalks.

    Very few sites are broken by blocking Google's features, incidentally. Even Privacy Badger warns that blocking Google Tag Manager may break sites. It doesn't break anything important.

    replies(2): >>44382416 #>>44388108 #
    12. busymom0 ◴[25 Jun 25 22:37 UTC] No.44382416{4}[source]
    For me it's having to click on bikes. Except the pictures are of motorcycles and not bicycles. English isn't my first language, so when I hear bike, I am thinking of bicycles and not motorcycles.
    13. codedokode ◴[26 Jun 25 14:59 UTC] No.44388108{4}[source]
    I started using duckduckgo when Google requires to solve a captcha for searching.