LOL no. Bots can pass Captchas, but I hit the back button.
I’ve spent, collectively, probably days of my life clicking squares with just the tip of a handlebar or the faintest shade of the edge of a stoplight, only for bots to still be able to get past it.
Isn’t that because the bots were trained on us solving those? That’s what I’ve heard anyways.
No, but it raises the difficulty bar for an attacker.
To expand on what others here have said: no they can’t, and there was a recent article here on Lenny taking about how AI (which I know is different from average bots) has figured out most of the visual captcha types.
there was a recent article here on Lenny taking about how AI
Funny you’d mention Lenny, he’s also a bot! A good one though!
No, CAPTCHAs can and will be bypassed. But you can make it expensive for bot hosters using PoW CAPTCHAs instead of normal ones. It’s also better privacy-wise.
Absolutely not. While a captcha can stop somebody with a simple python script and nothing else. It is not effective against sophisticated bots which either use AI or which connect through API to a captcha solving service run by humans. Much to the chagrin of captcha operators.
From what I’ve seen the main purpose of captcha is to act as security theater to dissuade normies. If there’s anything that captcha has been successful at it’s been permeating pop culture as a trope. As far as actually stopping the malicious actors it hasn’t really done that much, mainly because these people will adapt and change their tactics. They’re not just going to keep trying the same methods that aren’t working, they’re not stupid. Many do it as a business.
Captchas were never about keeping bots out: they’ve always been an excuse to turn ordinary internet visitors into mechanical turks to tag photos to train AI systems without paying the workforce.
Think about it: how many hours total did you spend in your life tagging photos for Google and Google never paid you for your work?
It depends on the captcha and the bot.
If you run a whitelist firewall, you never see CAPTCHA’s. The vast majority on the internet have nothing to do with the website you’re visiting. When the website cannot redirect you to the CAPTCHA host site, it just continues on to the intended destination. The only way I ever see a CAPTCHA is if it is hosted on the same server as the site I am trying to visit, and that is very nearly never. I bet the vast majority of them are actually some advertiser collecting more data to mine in addition to whatever fingerprinting they can collect. Ads only work by opening a hidden frame that is basically another browser tab where you then visit the ad server’s website. This is no different than visiting them in a browser tab. They can access everything available to fingerprint. If you’re using anything Google controls that means they know everything about you down to how dirty your underwear is right now. /s÷2
Manhattan Film Festival has a great short invoking captchas