I’m a simple guy. If a website I visit uses any kind of captcha other than Cloudflare’s Turnstile, then I close that website and don’t use it ever again. I’m not interested in wasting five minutes picking which squares have busses in them because ReCaptcha has decided I have to do the captcha 200 times.
Is that cloudflare one the one that just verifies you’re human automatically? Like it pops up with a check box you sometimes don’t even have to manually click? How does that one even work? 🤔
The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
It checks user agent to see if you are using something generic in a user agent switcher. It gives me fits sometimes if I leave it on chrome from Firefox too long.
I’m a simple guy. If a website I visit uses any kind of captcha other than Cloudflare’s Turnstile, then I close that website and don’t use it ever again. I’m not interested in wasting five minutes picking which squares have busses in them because ReCaptcha has decided I have to do the captcha 200 times.
What is infuriating, is that some government official website in my country used google captcha
This happened to me recently. Worse, there’s an error message saying I didn’t solve the CAPTCHA…but I wasn’t prompted for the CAPTCHA!
I opened a bug report and the gov said “works for me”
So, yeah, people breaking laws because they can’tsubmit legally required data to the gov due to reliance on faulty Google services is real.
Is that cloudflare one the one that just verifies you’re human automatically? Like it pops up with a check box you sometimes don’t even have to manually click? How does that one even work? 🤔
The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.
That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.
All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.
It checks user agent to see if you are using something generic in a user agent switcher. It gives me fits sometimes if I leave it on chrome from Firefox too long.
Yes, that’s the one. It works by just using Javascript to check that the browser is OK.