• polonius-rex@kbin.run
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    5 months ago

    it was both

    it used to be two screenshots of books, one of which was blurred as fuck, and one of which was usually pretty easy

    the easy one was to verify that you were a human, and the blurry one was to train ai

    now that they’ve moved on to “select all the fire hydrants” or whatever, you can still see a distinction between the ones the system knows and the ones the system doesn’t know, and if you get good enough at spotting it, you can pass the captcha while feeding it deliberately incorrect information

    similarly, the audio test will normally be a short phrase, the first half of which is harder to understand; if you get the second part of it right, you can basically write whatever you want for the first part

     

    also, i’m not sure security theater really exists as a concept in cybersecurity, because the psychology isn’t really the same

    bad actors will always be able to just hire people in meatspace to solve whatever shibboleth you throw at them, which is pennies per solve

    however, pennies per request is still a cost orders of magnitude higher than what each request would cost otherwise, so the hope is it pushes whatever scam or whatever you’re running into the territory of unprofitability