It’s definitely trivial for an AI to solve the “game” or task, I think an interesting question would be whether you could filter them by checking how efficiently they do so.
I’m thinking something like giving two consecutive math tasks, first you give e.g. 1+1, then you give something like 11 + 7. While probably all people would spend a small, but detectable, longer amount of time on the “harder” problem, an AI would have to be trained on “what do humans perceive as the harder problem” in order to be undetectable. That is, even training the AI to have a “human like” delay in responding isn’t enough, you would have to train it to have a relatively longer delay on “harder” problems.
Another could be:
Sort the words (ajax, zebra) alphabetically
Sort the words (analogous, analogy) alphabetically
where the human would spend more time on the second. Do you think such an approach would be feasible, or is there a very good, immediate reason it isn’t a common approach already?
I know a lot of sites now use browser fingerprinting and the like in order to determine how likely a user is to be a bot. The modern web tracks a lot of information about users, and all of that can be used to gauge how ‘human’ the user is, though this does raise some other concerns. A sufficiently stalkerish site already knows if you’re human or not.
With that idea, you (the captcha maker) would also have to write some code that computes how long humans should take to do a task (so that you can time the user and compare that with what your code spits out). Whatever code you write, the bot makers could eventually figure out what you wrote, and copy that.
To put it another way, when you say “humans would spend more time on the second task” with your two examples, you would have to write specific rules about how long humans would take, so that your captcha can enforce those rules. But then the bot makers could use trial and error to figure out what your rules were and then write code that waits exactly as long as you’re expecting.
It’s true that a bot can be specialised to solve it, but i feel that is the case no matter what you do.
To me the appeal of this approach is that it is very simple for a human to make the rules (e.g. numbers with two digits are harder to add than numbers with one digit, or "the more leading letters two words have in common, the harder they are to sort) but for a bot to figure out the rules by trial and error (while answering at human-like speed) will take time. So the set of questions can be changed quite often at low cost, making it less feasible to re-train the bot every time.
Another alternative could be to only give questions that are trivial for a bot, but annoyingly difficult for a human, and let them through if they press “reset captcha” a couple times, though some people might find that annoying…
But note that humans also take awhile to learn these games/rules, and each version of these rules is probably going to accidentally lock people out (and those people will probably get angry). There’s a nonzero cost to making people do new things, even when those things are net positive (think about a favorite game that had a UI patch or some such).
It’s definitely trivial for an AI to solve the “game” or task, I think an interesting question would be whether you could filter them by checking how efficiently they do so.
I’m thinking something like giving two consecutive math tasks, first you give e.g. 1+1, then you give something like 11 + 7. While probably all people would spend a small, but detectable, longer amount of time on the “harder” problem, an AI would have to be trained on “what do humans perceive as the harder problem” in order to be undetectable. That is, even training the AI to have a “human like” delay in responding isn’t enough, you would have to train it to have a relatively longer delay on “harder” problems.
Another could be:
where the human would spend more time on the second. Do you think such an approach would be feasible, or is there a very good, immediate reason it isn’t a common approach already?
I know a lot of sites now use browser fingerprinting and the like in order to determine how likely a user is to be a bot. The modern web tracks a lot of information about users, and all of that can be used to gauge how ‘human’ the user is, though this does raise some other concerns. A sufficiently stalkerish site already knows if you’re human or not.
This CGP Grey video is great, and covers how many captchas are often used to train the bots. https://www.youtube.com/watch?v=R9OHn5ZF4Uo
With that idea, you (the captcha maker) would also have to write some code that computes how long humans should take to do a task (so that you can time the user and compare that with what your code spits out). Whatever code you write, the bot makers could eventually figure out what you wrote, and copy that.
To put it another way, when you say “humans would spend more time on the second task” with your two examples, you would have to write specific rules about how long humans would take, so that your captcha can enforce those rules. But then the bot makers could use trial and error to figure out what your rules were and then write code that waits exactly as long as you’re expecting.
It’s true that a bot can be specialised to solve it, but i feel that is the case no matter what you do.
To me the appeal of this approach is that it is very simple for a human to make the rules (e.g. numbers with two digits are harder to add than numbers with one digit, or "the more leading letters two words have in common, the harder they are to sort) but for a bot to figure out the rules by trial and error (while answering at human-like speed) will take time. So the set of questions can be changed quite often at low cost, making it less feasible to re-train the bot every time.
Another alternative could be to only give questions that are trivial for a bot, but annoyingly difficult for a human, and let them through if they press “reset captcha” a couple times, though some people might find that annoying…
But note that humans also take awhile to learn these games/rules, and each version of these rules is probably going to accidentally lock people out (and those people will probably get angry). There’s a nonzero cost to making people do new things, even when those things are net positive (think about a favorite game that had a UI patch or some such).