cherrykraken

@cherrykraken@lemmy.ca

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨CAPTCHAs are 'a tracking cookie farm for profit that made us spend 819 billion hours clicking to generate nearly $1 trillion for Google⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
The code basically tracks mouse movements, or the lack thereof. If a bot is using a cursor, it might move in a straight line at constant speed to the “I’m not a robot” checkbox. Most bots though just check the HTML and jump directly to the checkbox. There are other checks it might do as well, e.g. the user-agent of the browser, whether the user came from a search engine, etc.

That being said it’s that not difficult to break, e.g. Puppeteer has a plugin specifically for getting around Captchas and Cloudflare’s offerings.

All this is to say: automatic captchas are better at allowing legitimate users than they are at blocking bots entirely.