This is not my pic because I forgot to screenshot it when I did it. Microsoft has the hardest captcha I have ever had to complete. This one looks easier but I had a similar one that on my phone the images were too small, not recognizable and were more abstract looking shapes. It was so hard, I failed like 8 times (there were several ‘rounds’) and it almost made me second guess whether I might actually be a robot lol. Luckily, there was an audio version where you have to pick from a number of melody recordings and choose the one that was a pattern. Anyone else have trouble with this?

  • TheoOP
    link
    English
    9
    edit-2
    4 days ago

    I am usually good at puzzles but this was hard to see on my phone. The pictures were much smaller in my version compared to the image. It wasn’t an intelligence issue, it was a vision issue. Yet, many sites still just use a check box even the bank I work for does. Bigger companies than MS use a checkbox.

    • @[email protected]
      link
      fedilink
      English
      6
      edit-2
      3 days ago

      The checkbox is only the first step. When it’s a google recapcha, cloudflare, etc that have the checkbox, this is the trigger to check. It sees how long since you loaded the page to when the checkbox is checked, how the mouse moved (perfectly straight line or instant jump to position indicates bot), and other info they have about previous visits (they store a cookie on your PC and when you go to another site they know where you have been and can compare that against the much higher risk of a blank slate user or against whether you’ve tried the same form 100 times).

      If you pass that, as 90%+ of users should, then you see no more. If you are like me, you use a VPN and fail the first check and have to do endless recapcha “click on the busses” until you give up and quit the site.

      I hate the google ones. Not only do they make life unbearable for people with VPNs, they use the info about what sites you visit to sell ads. And half the time you don’t even know because the recapcha is the hidden in page one not the one in the form when you click the box.

      The cloudflare ones are nicer. They virtually always pass me even though I’m behind a VPN, and although they technically can track me across sites (and probably do to track threat level), they aren’t in the business of selling ads based on that data.

      I have also generally had a nice experience with hCapcha. And recently I came across one that is using proof of work, mCaptcha - not sure what to think on that as it probably uses excess energy but it’s nice to have your computer sort it out in the background. The idea here is a sort of rate limit. It takes a few seconds to do the work to pass the test (variable difficulty depending on how many accesses are happening on the site - i.e. whether they are under attack), but it all happens in the background while you fill the form in so you don’t notice. It slows down bots but doesn’t really detect them - more of a rate limiter or something designed to reduce the cost effectiveness of bots.

      Thank you for coming to my ted talk.