I’ve actually noticed this in some websites the past ~two months. It’s neat to have a captcha that finally doesn’t need slowly clicking images to pass through.

  • 30mag@lemmy.world
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser.

      • Skull giver@popplesburger.hilciferous.nl
        link
        fedilink
        arrow-up
        12
        ·
        edit-2
        1 year ago

        Cloudflare is rather late with this to be honest, Google has had interaction free reCAPTCHA for ages.

        User simulation is something these automated tools are designed to detect. It’s also why attempts to remove identification mechanisms are treated with more suspicion.

        For example, very few bots actually have real, usable GPUs, relying on software rendering instead. This can be detected and kept in mind with a bunch of other signals. Running Selenium on your desktop will make you hard to detect, but running it in the cloud (even when proxied through a botnet like the big scrapers) will make bots quite obvious.

        I think CAPTCHA is fighting a losing battle, and I think in the future remote attestation technology will determine whether you have access to certain websites or not. This technology has already been built into Safari and it’s on its way to becoming an internet standard, so I kind of expect CAPTCHAs to disappear in a couple of years.