The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?
That’s hardly the Turing Test I’d expected.
Proof of work, which becomes computationally expensive to scale, along with other heuristics based on your browser and page interaction. I believe it’s less about clicking the box and what happens after you’ve clicked the box.
It tests whether your mouse movement looks human–we’re really bad at things like moving in straight lines, so it’s pretty evident from a mouse movement log whether you’re a human or a simple bot. It also takes a bunch of auxiliary browser/environment data into account. It’s not perfect, but it’s complicated enough to defeat to provide fine protection against cheap spam.
This feels only partially accurate. I’m a web developer, and I know websites don’t track all of what you suggest. Can you clarify, or come clean on what actually takes place?
Honestly, I doubt it… I’m sorry. I don’t mean to be abrasive.
Interesting that my mouse movement is available to anyone who wants it.
It seems like a small step from that to accessing my keyboard.
They can only access it while you’re focused on their webpage. CORS is all about that.
If you click off to another web page and enter information or type of password into a secondary app they can’t gather that. As soon as they lose focus they lose the ability to capture your data.
Nbd, but it sounds like you’re talking about encapsulation of event capture (viewport stops receiving events after losing focus).
CORS is a protocol for client-side enforcement of a server-side security policy. It ensures that a resource request (e.g. “my-totally-safe-resource.wasm”) only loads from a location your server permits (e.g. “my-valid-origin.biz”, “friends-valid-origin.org”, etc).
Shitty situation if you are used to using hotkeys and only use mouse cursor when no other means are available by moving it using numpad.
If it’s in doubt it just gives you extra challenges. So in the end everybody will get there, or not and then fuck you I guess.
I always fail Cloudflare captchas because I’m clicking it with Vimium-C lol. I hate captchas for making me reach for my mouse. It also seems like a genuine accessibility issue if people who cannot use a mouse can’t pass a captcha.
I’ve found that Google’s reCAPTCHA has also started rejecting me no matter what I do. I think it might be because my IP address is a VPN, but that’s pretty stupid; if I can pass the test by clicking the squares why not let me in?
I think it might be because my IP address is a VPN, but that’s pretty stupid; if I can pass the test by clicking the squares why not let me in?
They want your tasty IP data
That’s when I just use another search engine.
Reddit blocks VPN and won’t let me in. OK bye reddit too lazy to turn off VPN ffs
I’ve had a few burner reddit accounts using a randomly generated yopmail email for the rare moments that I just want to read an answer for something I can only find on reddit lol
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
TL:DR cloudflare made a new recaptcha which does some complex math and other stuff on your browser, which done once has no noticable effect but if someone were to scrape websites at an absurd speed it slows everything down significantly.
this is not only cool because you don’t have to manually solve the captcha, but also because it allows for low-speed scraping to be feasible, with tools like flaresolverr
Oh, so it’s Hashcash; cool to see that idea getting real use.
