this post was submitted on 24 Jul 2024
1080 points (98.4% liked)
Technology
59534 readers
3195 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Considering the article states that reCAPTCHA v2 and v3 can be broken/bypassed by bots 70-100% of the time, they are obviously not the solution.
At what cost?
100% success rate isn't even moderately useful if it costs $5 per pass. The discussion is completely pointless without a concrete, documented analysis of the actual hardware and energy costs involved.
“Google should bear the cost”
Google should shut it down and make sites roll their own verification. Give everyone a month to implement a new solution on millions of websites.
This is unironically the answer. You can't make a general-purpose captcha solver AI if every website or group of websites uses a completely different kind of captcha.
I’m actually 100% for rolling your own… almost everything.
20 years ago I made an e-commerce website for a client. Looking at the code now I’m embarrassed how insecure it is. However, because it was totally custom no one ever found the bugs and it has never been cracked. (Knock on wood) that’s the benefit of not using a prebuilt solution that isn’t a target for mass exploits.
how do you get the metric of 70-100% of the time?
the best bots doing it 70-100% of the time is very different to the kind of bot your average spammer will have access to
Did you read the article or the TL:DR in the post body?
So yeah, while these are research numbers, it wouldn't be surprising if many larger bots have access to ways around that - especially since those numbers are from 2016 and 2019 respectively. Surely it is even easier nowadays.
that doesn't answer the question?
i'd argue "bespoke system, deployed in a very limited context, built by researchers at the top of their field" is kind of out of reach for most people? and any bot network scaled up automatically becomes easier to detect the further you scale it
the cost of just paying humans to break these already at or below pennies per challenge
Then what is?
Maybe a billion dollar company has the budget to come up with something?
Looking at the numbers in this post, reCAPTCHA exists to make Google money, not to keep bots out.
I’d rather have no reCAPTCHA than the current state.
Hi it's me. I work for a billion dollar company with a budget. We have no ethical ideas on how to stop bots. Thanks for coming to my tech talk.
Yeah, that's about the way I'd expect it to go.
There might be a tiny chance they're not interested in changing things.
Something something free market?