- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Anyone who has been surfing the web for a while is probably used to clicking through a CAPTCHA grid of street images, identifying everyday objects to prove that they’re a human and not an automated bot. Now, though, new research claims that locally run bots using specially trained image-recognition models can match human-level performance in this style of CAPTCHA, achieving a 100 percent success rate despite being decidedly not human.
ETH Zurich PhD student Andreas Plesner and his colleagues’ new research, available as a pre-print paper, focuses on Google’s ReCAPTCHA v2, which challenges users to identify which street images in a grid contain items like bicycles, crosswalks, mountains, stairs, or traffic lights. Google began phasing that system out years ago in favor of an “invisible” reCAPTCHA v3 that analyzes user interactions rather than offering an explicit challenge.
Despite this, the older reCAPTCHA v2 is still used by millions of websites. And even sites that use the updated reCAPTCHA v3 will sometimes use reCAPTCHA v2 as a fallback when the updated system gives a user a low “human” confidence rating.
You must log in or register to comment.
CAPTCHA doesn’t stop bots, and let us be honest, it never really did. It frustrated the hell out of people though, and caused people to waste time doing these challenges. Meanwhile even before AI bad actors and bots could get past it simply by using captcha solver services run by exploited humans solving captchas for the service.
It’s a display of security theater meant to make normies feel safe but in reality doesn’t stop most bad actors.
Meanwhile I sometimes fail those. I have been locked out of applications because I missed a square of a bus, or perhaps because I like to be efficient in my mouse cursor movements. I ducking hate CAPTCHAs.
And yet I can’t beat the CAPTCHAs because reCAPTCHA doesn’t like VPNs lol
I was going to say I’ve straight up just left whatever website I was trying to access because I was stuck in some endless loop of clicking on street crossings, buses, bikes, and street lights.
This is actually a good sign for self driving. Google was using this data as a training set for Waymo. If AI is accurately identifying vehicles and traffic markings, it should be able to process interactions with them easier.
As I understand it, the point of those captchas was never really “bots can’t identify these things” (though you’re right on that it was used to train). They use cursor movement, clicks, and other behaviours while you’re solving it to detect if you are a bot or not.
The image choosing was always just to train their own bots
i hope you’re joking. please, tell me you’re joking?
Its never been confirmed by Google, so I may be wrong. It still tracks that the data harvesting company with a AI self driving car project would use free human labor to identify road hazards.
I was referring to the “This is actually a good sign for self driving” part of their comment.
The captcha circumvention arms race has been going on for over two decades, and every new type of captcha has and will continue to be broken as soon as it’s widely deployed enough that someone is motivated to spend the time to.
So, the notion that an academic paper about breaking the current generation of traffic-related captchas (something which the captcha solving industry has been doing for years with a pretty high success rate already) is “good news” for the autonomous vehicle industry (who has also been able to identify such objects well enough to continue existing and getting more regulatory approval for years now) is…
Technically the “correct” answer is set by the highest percentage of people choosing it. EG: 19 people select Box A and 1 selects Box B, then the machine decides Box A is in fact correct.
That means these AI could be selecting the wrong answers for all anybody knows, if enough of them are answering the prompts, and still passing.
I fail more of those checks then these AI bots do. Surreal.
There is a Russian captcha solver bot called xevil that costs under $100 (I think, last time I looked) that has been able to solve nearly all captchas for years. You just have to supply it with relatively expensive proxy IP addresses because Google rate limits solve attempts.
So the title of this article has been true for a long long time. Capatchas are absolutely useless except against poor or uninformed script kiddies.
When it’s asking for motorcycles but it’s clearly a scooter
Or, like, “there’s the bottom 10% of a traffic light in this one. Do I click that box? Ia that supposed to count?”
What they are doing is comparing your answer and seeing if it is consistent with how it has been answered previously. They realize that not everyone is going to give the exact same answer, so as long as you answer it in a way that enough other people have answered it, it should let you in.
I’ll usually go with the minimum number of clicks that I think will get me through, since I’m lazy and it’ll also at times slow down how fast you can click which is annoying.
I’ll also answer them wrong if I think it’s a mistake that enough other people will make. “Yes… that RV over there is a bus…”
They are also overly US centric.
One of the questions asks you to click on only the school buses. I had to Google how you tell the difference between a school bus and not a school bus.
Also is it a crosswalk if it’s at an intersection or is it only a crosswalk if it’s in the middle of a road somewhere?
The questions either need to be not cultural or they need to be adapted for where they detect the user is coming from, the first option seems easier.
Interesting. Do you not have school buses, or are school buses not distinctly marked? How do kids get to school when it’s beyond walking distance?
They are just buses.
I guess the British government just assume that school children are smart enough to get on the right bus without them being individually distinct.
I knew school buses are yellow but I did not realize that they are always yellow. I did not realize that the yellow color meant school. I just assumed that the yellow color was a color busses could be.
The size of the UK verses the exponentially larger size of the US probably has a lot to do with it.
And if you knew school busses where yellow… Where’s the problem?
But, I cannot pass those 50% of the time… what does that mean?
You should schedule an eye appointment.
Everywhere I look, all I see is fire hydrant, buses, and bicycles
You’re walking in the desert and you see a tortoise
Aren’t these Captchas designed to get training data for AI models anyway?
“System does what it was designed to do” doesn’t feel that surprising…
Aren’t these Captchas designed to get training data for AI models anyway?
Yes and no, the captchas are just meant to be hard for computers to solve but easier for humans. People saw that, and thought that “if we’re making people do this might as well have them do something useful” not meant to be malevolent- and the purpose is still stopping bots, training them is a side-effect.
Pro-tip for webscrapers: using AI to solve captchas is a massive waste of effort and resources. Aim to not be presented with a captcha in the first place.
I think thats much more difficult than it seems, because usually only residential IPs are the ones that don’t get those. And if you start to use a residential proxy too much then that IP can also get flagged.
That’s why companies like Oxylabs exist
That’s when you rotate the proxy. By default most residential proxies will give you a new proxy for each request unless you specify.
the new ones suck so fucking much though
If I see the newer ones pop up at all I just skip what ever the task is that was requiring me to bother with it.
i love when websites (twitter is a really bad example) hit me with like 8 captchas, and then if i get my username/password wrong i have to do another 8. It’s just so obviously gaming for training data on shit lmao.
What is it actually training? Google owns captcha right?
i have no clue, but i would assume it’s native to twitter if they’re pushing it that hard, either that or someone is paying a lot of money for that captcha access lol.
So…if CAPTCHA are already beaten by bots what’s the point if it still exists ? to mock our weakness ?
In the old days CAPTCHA could do its job, but nowadays nah…even crawler/scrapper/meta bots can bypass it easily.
The real question is why do we as real humans still often fail to beat CHAPTCHA? Are we less human? Are we really robots in CHAPTCHA perspective ?Just because it’s possible, doesn’t mean it’s common.
To train Google/Cloudflare’s AI tools, and to double check against DDOS. That’s it.
So now we’re going to have AI training other AIs
