Hacker News new | past | comments | ask | show | jobs | submit login

Sorry, but Google captcha is specifically designed to annoy real people in some cases. They literally implemented slow fade-in / fade-out for images. This does absolutely nothing against actual bots, but annoying as hell for a real person.

Literally any other captcha is better than this.




I thought the fade thing was specifically to trip up bots. Like bots know what the picture is long before it is shown to the user, so if the bot clicks on it then the CAPCHA knows something is up.


Which is solved exactly after this is encountered the first time, eg

if opacity -ne 100% do_not_click_yet = true

So this is totally useless to prevent bots from solving it.


Surely then they look at timing, people will click anywhere from, let's say 50% opacity, but bots always wait?


Easy for a bot to fake that with a random number generator. If nothing else bot authors can collect their own statistics. I understand the bots have an army of people in the background for images they don't understand yet, just collect timing data from that set and have your random number generator emulate that timing data. (I'm guessing a bell curve)


Actually having army of people it's exactly how complex recaptha's are bypassed. It's less than $1 for 1000 captcha:

https://anti-captcha.com/

There of course options with image recognition, but they're less reliable.


Honestly, that service looks like something I'm almost tempted to pay for myself. $1 per 1000 recaptchas is a lot cheaper than how I value my time, at the very least. It's not like google couldn't pay people to do these ML training datasets; I resent giving them free labour.


Unfortunately I doubt that "recaptcha solver" can be built as browser extension. Most of advanced bots for parsing automation built on proprietary platforms like ZennoPoster and they basically heavily modify Firefox / Chromium.

Also latency of human-recognition service is quite high so while you wouldn't need to solve it you'll need to wait for number of seconds anyway.


I wonder if we could get Firefox to automatically solve them. That is in the main version so nobody has to see those stupid things again.


Few years ago back when I created such bots I had similar idea .

For certain this can't be mainlined. And if we talk about extensions then at least in past extension code didnt have enough capacities to automatically bypass recaptchas.

This would require fake mouse pointer control and it's obviously not one of features that extension api expose.


Do you seriously think that people who programm the bots incapable of taking it into account?

Bypass for this fading was obviously implementrd next day this first appear on reCaptcha.


Isn't it more for rate limiting?


You dont need fade-in / fade-out effects for rate limiting. Bots are obviously get to see images instantly once they're returned by the server as they dont need to wait for fade-in to complete. Because bots API is injected into browser internals instead.

If rate limiting is needed there is always CloudFlare way where you're literally show user "wait" and refresh page a bit later. This is annoying, but nowhere as much as reCaptcha fading is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: