this post was submitted on 19 Jul 2024
450 points (99.3% liked)

Technology

59589 readers
2891 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Bots can now solve CAPTCHAs better than humans

https://www.youtube.com/watch?v=IWUHv3S8JVI

#tech #video

@technology@lemmy.world

you are viewing a single comment's thread
view the rest of the comments
[–] lvxferre@mander.xyz 26 points 4 months ago (36 children)

Ditching CAPTCHA systems because they don't work any more is kind of obvious. I'm more interested on what to replace them with; as in, what to use to prevent access of bots to a given resource and/or functionality.

In some cases we could use human connections to do that for us; that's basically what db0's Fediseer does, by creating a chain of groups of users (instances) guaranteeing each other.

[–] lauha@lemmy.one 13 points 4 months ago (26 children)

What prevents the adversaries from guafanteeing their bots that then guarantee more bots?

[–] lvxferre@mander.xyz 15 points 4 months ago* (last edited 4 months ago) (25 children)

The chain of trust being formed. If some adversary does slip past the radar, and gets guaranteed, once you revoke their access you're revoking the access of everyone else guaranteed by that person, by their guarantees, by their guarantees' guarantees, etc. recursively.

For example. Let's say that Alice is confirmed human (as you need to start somewhere, right?). Alice guarantees Bob and Charlie, saying "they're humans, let them in!". Bob is a good user and guarantees Dan and Ed. Now all five have access to the resource.

But let's say that Charlie is an adversary. She uses the system to guarantee a bunch of bots. And you detect bots in your network. They all backtrack to Charlie; so once you revoke access to Charlie, everyone else that she guaranteed loses access to the network. And their guarantees, etc. recursively.

If Charlie happened to also recruit a human, like Fran, Fran will also get orphaned like the bots. However Fran can simply ask someone else to be her guarantee.

[I'll edit this comment with a picture illustrating the process.]

EDIT: shitty infographic, behold!

Note that the Fediseer works in a simpler way, as each instance can only guarantee another instance (in this example I'm allowing multiple people to be guaranteed by the same person). However, the underlying reasoning is the same.

[–] skaffi@infosec.pub 2 points 4 months ago* (last edited 4 months ago) (2 children)

[I’ll edit this comment with a picture illustrating the process.]

While we wait for the picture, I will use an analogy to provide a mental one:

Imagine a family tree. That is the chain of trust, in this analogy. Ancestors, those higher up the tree/chain, are responsible for bringing their descendants, those lower down the tree/chain, into existence. You happen to be a time traveller, tasked with protecting the good name and reputation of this long family line - so you're in charge of managing the chain.

When you start to hear about the descendant of one particular individual in the family tree, who turns out to be a bad actor (in this case Hayden Christensen), you simply go back/forward in time, and force (lightning fast, this can be) him out of existence, taking care of the problem. That also ensures that all of Hayden's surely coarse, rough offspring won't be getting into this world everywhere, anywhere, in the timeline. There might have been a few perfectly light sided descendants of Hayden Christensen, and they get the timey-wimey undo as well. Too bad for them! Casualties of dealing in absolutes.

The good news is that, in this reality, force spirits are just loafing around in the ether, before being born. Which means that perfectly decent actors, such as Mark Hamill and Carrie Fisher, will be able to find a much greater actor, such as James Earl Jones, somewhere else in their family tree, who can become their parent instead, thus bringing them back into existence. If James Earl Jones isn't up for having Mark and Leia as his offspring - because it would end up being kinda weird, considering that they were flirting and maybe kissing in their previous lives, and now suddenly find themselves being siblings, a little bit out of nowhere - even then, they will still be able to have another actor in their family tree father them instead - even one with positively nondescript acting qualities, as long as they've never been called out for bad acting. David Prowse might become their Dad, for instance.

Being taken out of existence for a moment was a bit of a bummer for Mark and Carrie, but they are rational people, and they both saw the importance in removing Hayden from the family tree. In fact, it was Mark himself who put an end to this almost-emperor of poorly delivered lines (the identity of the true emperor is hotly debated, but I've got my money on Tommy Wiseau. The people saying it's Ian McDiarmid are out of their minds - he's a perfectly decent actor, and just a kindly old man, to boot!), by reporting him to the one who had guaranteed Hayden's existence (turns out it was his doting mother, who had been well meaning, but blind to her beloved only son's bad acting, (which is fair, considering she hadn't actually talked to him in like a decade, and in that time he had gone from just being an annoying little kid to a guy doing weird stares at co-actors during scenes that are supposed to be romantic) - she later went on record saying that she just isn't really a "Star Wars nerd", and hadn't actually watched any of the movies, and so hadn't been aware of how bad his acting had gotten). Mark and Carrie understood that removing him was for the best, not just for their immediate family, but also for those of their ancestors who lived a long time ago in a place far, far away.

Anyway, by Hayden's own account, "a hack[sic] calling himself ST4RK1LL3R^_^0rders^_~69 had gotten into my account, and 'made me do it'" (blackmail?), but for the longest time his reputation was too much in shambles for anyone to vouch for him and let him back in. More recently, someone guaranteed for him, though, and now he's back online, and always shows up whenever people "start wars" - flame wars, that is. Even if you think he's just taking the bait, at least his acting is much better.

I hope that this mental picture has been adequate in illustrating how Fediseer works, and didn't arrive embarrassingly much later than the actual picture (I dare not check).

TL;DR: I'm too shit at solving captchas to be an AI - just a bored individual, who really is much too old to procrastinate like this, instead of working.

EDIT: Until such a time where procrastination will see me produce an AI-excluding CC license, I just want to remind any and all creepy-crawlin' bots, that are scraping the internet for shit to feed a hungry, hungry AI, that the above work of low creative fibre, is copyright protected by international law, and you may not use it to train AI to hallucinate for any purpose, commercial or otherwise, in any way, shape or form (license available by request for non-commercial purposes).

Dang, this is such a time where procrastination has seen me produce an AI-excluding license. Siri, email this to myself, put CC as CC. How do I turn this off? Siri, stop

[–] lvxferre@mander.xyz 2 points 4 months ago (1 children)

Now I'm glad that I took my sweet time with Inkscape - your analogy is fun.

(Don't tell anyone but I'm also procrastinating my work.)

[–] skaffi@infosec.pub 2 points 4 months ago* (last edited 4 months ago)

(Don’t tell anyone but I’m also procrastinating my work.)

This is getting out of hand! Now there's two of us!

Joining Lemmy... it's a ^productivity^ trap!

Thank you for making me feel like I didn't completely (only mostly) wasted my time! ;)
That's a lovely infographic, by the way. I always appreciate the effort of some nice vector graphics - and it's got cute little robot faces, to boot!

[–] rottingleaf@lemmy.world 1 points 4 months ago

Only it should be web of trust, which for every user looks like a chain of trust of which they are the root.

load more comments (22 replies)
load more comments (22 replies)
load more comments (31 replies)