AI bots now beat 100% of those traffic-image CAPTCHAs

ForgottenFlux@lemmy.world to Technology@lemmy.world – 775 points – AI bots now beat 100% of those traffic-image CAPTCHAs
arstechnica.com

Anyone who has been surfing the web for a while is probably used to clicking through a CAPTCHA grid of street images, identifying everyday objects to prove that they're a human and not an automated bot. Now, though, new research claims that locally run bots using specially trained image-recognition models can match human-level performance in this style of CAPTCHA, achieving a 100 percent success rate despite being decidedly not human.

ETH Zurich PhD student Andreas Plesner and his colleagues' new research, available as a pre-print paper, focuses on Google's ReCAPTCHA v2, which challenges users to identify which street images in a grid contain items like bicycles, crosswalks, mountains, stairs, or traffic lights. Google began phasing that system out years ago in favor of an "invisible" reCAPTCHA v3 that analyzes user interactions rather than offering an explicit challenge.

Despite this, the older reCAPTCHA v2 is still used by millions of websites. And even sites that use the updated reCAPTCHA v3 will sometimes use reCAPTCHA v2 as a fallback when the updated system gives a user a low "human" confidence rating.

146

You are viewing a single comment
View all commentsShow the parent comment

As I understand it, the point of those captchas was never really "bots can't identify these things" (though you're right on that it was used to train). They use cursor movement, clicks, and other behaviours while you're solving it to detect if you are a bot or not.

The image choosing was always just to train their own bots

It's a combination.

Most captchas goals generally aren't 100% prevention, it's to put a workload in front, this makes spamming the site cost money, a bankrolled attempt could just as easily outsource the captchas to real humans.

a bankrolled attempt could just as easily outsource the captchas to real humans.

Exactly. I've been using 2captcha for that for over a decade now

Since I started getting good at yosu and that fishing mini game in farmrpg I've been failing more captchas. I wonder if they're related knowing this

Is that why I'm asked to do this over and over for 14 million times when I'm on a VPN?

It is probably part of it, yeah. But to be clear I'm not a captcha expert or anything, just a layman.