“This step is necessary to prove I’m not a bot,” wrote the bot as it passed an anti-AI screening step.
Makes sense.
- Google’s “anti bot” verification has long been considered woefully inadequate.
- It works largely by tracking how long the user takes to click on it.
- LLMs are inherently fuzzy and for a bot, incredibly slow.
The article talks about Cloudflare’s very different CAPTCHA, not Google’s, but I agree.
I count on Cloudflare’s useless captcha for my *arr stack.
Wait. Your *arr apps are public?
You have to have a Cloudflare captcha solver for some of the *arr stack to work with certain indexers or something, idk. When my old *arr stack died and had to be rebuilt I ran into that problem, and after a short investigation, I promptly said fuck it and learned usenet. So happy that I did.
I think the confusion comes from people misunderstanding that cloud flare isn’t being set up in front of the arr stack, Instead, what people are talking about is flaresolverr, an application that helps services like jackett bypass cloudflares verification.
*ourr apps, apparently
Yeah, if they want it accessible over the internet, hide it behind a Wireguard tunnel.
Big yikes if so. The only public-facing part of my stack is Overseerr.
Ah yes, cloudflare’s captcha that just tracks how many hits you’ve done in a timeframe on a site recently.
Same shit different pile.
From the screenshot in the article, the bot is bypassing Cloudflare’s Turnstile which is not just tracking hits.
I work in bot detection. You and anyone else reading this should understand that, behind the scenes, proof-of-work, proof-of-space, and other tests are being run to verify if the device is what it says it is. Typically, a bot is run with a tool like Playwright or Puppeteer. These frameworks are detectable with the right tests. Bots will also attempt to spoof another device’s fingerprints to blend in. These changes are also detectable if you know what to test for.
We implement tools like Turnstile and other CAPTCHAless CAPTCHA because bots are pretty good at passing CAPTCHA while humans, rightfully, hate verifying they they’re human. Humans also struggle at passing CAPTCHA.
The general population has zero idea the massive volume of bot traffic that is being generated right now. These tools are implemented for a reason. So the fact that a bot just breezes past this test is a problem for us all.
Definitely not “same shit different pile”, friend.
Thanks for the write up, but I was blocked from logging in on a cloudflare website because I opened too many windows once and their tracking cookie flagged that browser as a bot.
Meanwhile the bot I built to track mod updates to my modlist for Rimworld and Mw5 on nexus? Never ran into any issues.
So when I refer to Cloudflare’s bot detection as shit, that is a highly personal and professional opinion.
Cloudflare is one of many contributing factors to how annoying the internet is now.
The modern breed of CAPTCHAs is mostly only trying to verify that it’s a full-fat browser. undetected-chromedriver, camoufox, pydoll, patchright and a million other libraries/tools exist. Nothing’s perfect and it’s a cat & mouse game, but this single incident is a sample size of one as well.
Meanwhile google slapped me with nine captchas to fill out a form like wtf?
Also Anubis means I can’t access websites that use it because I run noscript
and Nepenthes breaks my self-hosted search engineGuys, I think all those things to “verify if you’re humans” are hmm… doing something else ?
Meanwhile my ass is in tears every time I have to do a fucking “click all the squares that show a motorcycle” prompt. Maybe I should just join the bots.
Ooh, sorry, you missed the single pixel on the corner of the adjacent tile, FAIL
You didn’t miss it the second time, ALSO FAIL
Well now you can just have a bot do that for you
There was a really interesting video (can’t remember the title) that went into Google’s captcha specifically, and found that it really isn’t designed to detect bots. It’s designed to detect a unique digital fingerprint that can be used by advertisers.
So, you can use a really simple mouse script to click the checkbox automatically with no issue, but as soon as you use a VPN you get served with the photo games. It doesn’t care if you’re a robot, it cares if you’re a valuable ad target.
This video is excellent
On another note
The internet is becoming a nightmare
I need to escape
ESCAPE AAAAAAAHHHHHHHHGo outside?
And do what ? Walk down the road into darkness ? There is nothing. The only walkable land here is the side of the road, everywhere else is trespass. In all directions for at least 30 kilometers. Even the wild forests are owned, not that there is anything there to see or do.
We have to face it, the internet is where other people are.
Inside the prison.Knowing the geocaching community there will still somehow be geocaches in your area
LLM is a model/algorithm and the robot is an automatic machine. LLM is not a robot. All is ok.
Oh. Well, I was worried for a bit but you’ve put my heart at ease.
Now that we’ve made our problems go away by redefining them, I’m ready to tackle
cancer, a natural body resource management issue.</s> [and assuming parent comment is also </s> in spite of
Poe’s LawNathan’s astute online parody observations]Yes. Exactly this. No way for a bot to make an API call to a LLM and get back a solution formatted in JSON that it could easily parse for the solution. Could never happen.
Prowlarr has had a thing to do this for a good while now. No AI needed.
Probably because it accessed it through a user’s browser/connection which until that point hadn’t been flagged as a bot and had consistently shown signs of human use.
I’m sure if you set up a bot farm with this your connections would be flagged very quickly.
The CAPTCHA is question is Cloudflare Turnstile, which slowly ramps up a different assortment of invisible challenges while not tracking your mouse movement or cross-site activity.
If a bot can find all images with crosswalks in grainy photos faster than we can, surely it can check a box as well. Bots definitely can check a box, and they can even mimic the erratic path of human mouse movement while doing so. For Turnstile, the actual act of checking a box isn’t important, it’s the background data we’re analyzing while the box is checked that matters. We find and stop bots by running a series of in-browser tests, checking browser characteristics, native browser APIs, and asking the browser to pass lightweight tests (ex: proof-of-work tests, proof-of-space tests) to prove that it’s an actual browser.
Wow, agents built to monitor and reflect human behaviour, accurately model and reproduce human behaviour.
This is what is what shits me off when people complain “Oh this AI isn’t real AI” or “This isn’t consciousness” The limiting factor is is the training data. Humans have just had a few more million years of training data passed on through genetics. It’s replication and fakery all the way down. If this is you, if you fucking need the reassurance that you are better at being fucking conscious compare to a machine fuck the fuck right off and go do something amazing with it then. Compose something. Create something. Feel the wind in your hair and the sand at your feet. Fuck off, we’re all dirt.
What does being able to fill a captcha have to do with consciousness? “Wow the ai being good at this pattern matching task surely is proof of it being humanlike because humans are also good at pattern matching!” Is such a stretch, dude.
… That’s a lot of expletives for anyone who might have a differing opinion about the nature of consciousness or reality.
Noted.
I calmed down and started searching for some recommendations to counter this view.
Although at the moment I still think The Chinese Room argument doesn’t prove what Searle thinks it does.
