The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?

That’s hardly the Turing Test I’d expected.

  • Platypus@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    It tests whether your mouse movement looks human–we’re really bad at things like moving in straight lines, so it’s pretty evident from a mouse movement log whether you’re a human or a simple bot. It also takes a bunch of auxiliary browser/environment data into account. It’s not perfect, but it’s complicated enough to defeat to provide fine protection against cheap spam.

    • Random_Character_A@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      Shitty situation if you are used to using hotkeys and only use mouse cursor when no other means are available by moving it using numpad.

      • Thorry84@feddit.nl
        link
        fedilink
        arrow-up
        2
        ·
        3 months ago

        If it’s in doubt it just gives you extra challenges. So in the end everybody will get there, or not and then fuck you I guess.

      • Wugmeister@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        Nah that’s different as well. What they are filtering out is

        • a mouse teleporting to the exact center of the checkbox
        • a mouse smoothly gliding in a straight line to the center if the checkbook
        • a mouse traveling in a straight line to the center of the checkbook with some momentary stutters to add noise

        Et cetera. Humans are much noiser than anything a python script will spit out. Of course there are ways to get around this, like recording and reenacting a human mouse movement, but the point of any capcha system is to make it significantly more difficult to bot, not impossible.

        • s3p5r@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Some provide screen-reader instructions, but most places barely remember blind people exist. It’s another example of people with disabilities being ignored and marginalised.

          And then even if they do remember blind people exist, they probably forget there are people who aren’t blind who can’t do their tests for other reasons, like dyslexia or dexterity impairments.

          And then you have hCaptcha who makes disabled people to sign up to their database to use their cookie.

    • Lucidlethargy@sh.itjust.works
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      This feels only partially accurate. I’m a web developer, and I know websites don’t track all of what you suggest. Can you clarify, or come clean on what actually takes place?

      Honestly, I doubt it… I’m sorry. I don’t mean to be abrasive.

  • elrik@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    3 months ago

    Proof of work, which becomes computationally expensive to scale, along with other heuristics based on your browser and page interaction. I believe it’s less about clicking the box and what happens after you’ve clicked the box.

    • SerotoninSwells@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      3 months ago

      This is correct. I work in bot detections. There are baseline checks for various browser automation used as bot frameworks like Puppeteer or Playwright. Then there is basic analysis of server side and client side fingerprints; meaning, do the fingerprints you claim make sense. There are other heuristics too and I imagine Cloudflare is monitoring movements that point to automation. All of this happens after you click. I personally prefer this over Google’s captcha which frequently doesn’t recognize me as a human but is easily bypassed by bots.

  • isolatedscotch@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    https://blog.cloudflare.com/turnstile-private-captcha-alternative/

    TL:DR cloudflare made a new recaptcha which does some complex math and other stuff on your browser, which done once has no noticable effect but if someone were to scrape websites at an absurd speed it slows everything down significantly.

    this is not only cool because you don’t have to manually solve the captcha, but also because it allows for low-speed scraping to be feasible, with tools like flaresolverr

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    I always fail Cloudflare captchas because I’m clicking it with Vimium-C lol. I hate captchas for making me reach for my mouse. It also seems like a genuine accessibility issue if people who cannot use a mouse can’t pass a captcha.

    I’ve found that Google’s reCAPTCHA has also started rejecting me no matter what I do. I think it might be because my IP address is a VPN, but that’s pretty stupid; if I can pass the test by clicking the squares why not let me in?