LOL no. Bots can pass Captchas, but I hit the back button.
Fediverse
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
I've spent, collectively, probably days of my life clicking squares with just the tip of a handlebar or the faintest shade of the edge of a stoplight, only for bots to still be able to get past it.
The whole point of captchas is to train bots. Did you think they were all road object and optical character recognition based because those are the categories humans really excel at?
No, but it raises the difficulty bar for an attacker.
No, CAPTCHAs can and will be bypassed. But you can make it expensive for bot hosters using PoW CAPTCHAs instead of normal ones. It's also better privacy-wise.
To expand on what others here have said: no they can't, and there was a recent article here on Lenny taking about how AI (which I know is different from average bots) has figured out most of the visual captcha types.
there was a recent article here on Lenny taking about how AI
Funny you'd mention Lenny, he's also a bot! A good one though!
Absolutely not. While a captcha can stop somebody with a simple python script and nothing else. It is not effective against sophisticated bots which either use AI or which connect through API to a captcha solving service run by humans. Much to the chagrin of captcha operators.
From what I've seen the main purpose of captcha is to act as security theater to dissuade normies. If there's anything that captcha has been successful at it's been permeating pop culture as a trope. As far as actually stopping the malicious actors it hasn't really done that much, mainly because these people will adapt and change their tactics. They're not just going to keep trying the same methods that aren't working, they're not stupid. Many do it as a business.
If you run a whitelist firewall, you never see CAPTCHA's. The vast majority on the internet have nothing to do with the website you're visiting. When the website cannot redirect you to the CAPTCHA host site, it just continues on to the intended destination. The only way I ever see a CAPTCHA is if it is hosted on the same server as the site I am trying to visit, and that is very nearly never. I bet the vast majority of them are actually some advertiser collecting more data to mine in addition to whatever fingerprinting they can collect. Ads only work by opening a hidden frame that is basically another browser tab where you then visit the ad server's website. This is no different than visiting them in a browser tab. They can access everything available to fingerprint. If you're using anything Google controls that means they know everything about you down to how dirty your underwear is right now. /s^÷2^
No, but it raises the difficulty bar for an attacker.
Captchas were never about keeping bots out: they've always been an excuse to turn ordinary internet visitors into mechanical turks to tag photos to train AI systems without paying the workforce.
Think about it: how many hours total did you spend in your life tagging photos for Google and Google never paid you for your work?