this post was submitted on 19 Jul 2024
450 points (99.3% liked)

Technology

59224 readers
2973 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Bots can now solve CAPTCHAs better than humans

https://www.youtube.com/watch?v=IWUHv3S8JVI

#tech #video

@[email protected]

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 3 months ago (2 children)

I love Microsoft’s email signup CAPTCHA:

Repeat ten times. Get one wrong, restart.


iPhones already have it

Private Access Tokens? Enabled by default in Settings  > [your name] > Sign-In & Security > Automatic Verification. Neat that it works without us realizing it, but disconcerting nonetheless.

So, the spammers will need physical Android device farms…

[–] [email protected] 17 points 3 months ago* (last edited 3 months ago) (1 children)

More industry insight: walls of phones like this is how company's like Plaid operate for connecting to banks that don't have APIs.

Plaid is the backend for a lot of customer to buisness financial services, including H&R Block, Affirm, Robinhood, Coinbase, and a whole bunch more

Edit: just confirmed, they did this to pass rate limiting, not due to lack of API access. They also stopped 1-2 years ago

[–] [email protected] 2 points 3 months ago (1 children)

No way!! Can’t find anything about it online - is this info by the way of insiders? Thanks for sharing, would have NEVER guessed. Not even that they’d have to use Selenium much less device farms.

[–] [email protected] 4 points 3 months ago

Yup insider info they definitely don't want public. Just confirmed the phone farms were to bypass rate limit, although they do use stuff like Selenium for API-less banks

[–] EliteDragonX 6 points 3 months ago (1 children)

Oh my god. I lost my fucking mind at the microsoft one. You might aswell have them solve a PhD level theoretical physics question

[–] [email protected] 3 points 3 months ago

Just noticed the screenshot shows 1 of 5.

So five wasn’t good enough… they had to double it. Do kinda respect that they’re fighting spammers, but wonder how Google does it with Gmail. They seem to have tightened then recently loosened up on their requirement for SMS verification (but this may be an inaccurate perception).