I have noticed that some CAPTCHA pages, like Cloudflare’s, simply ask you to check a box to proceed. There is no clicking on traffic lights or entering characters. How does clicking on a check box tell them I am not a robot?

  • Kissaki@feddit.de
    link
    fedilink
    English
    arrow-up
    7
    ·
    10 months ago

    Cloudflare announced their CAPTCHA replacement Turnstile here in 2023

    They don’t particularly go into the technical details, but announce:

    We don’t rely on tracking user data, like what other websites someone has visited, to determine if a user is a human or robot. Our business is protecting websites, not selling ads, so operators can deploy Turnstile knowing that their users’ data is safe.

    The tracking reference is about Google captchas using logged-in user account and tracking information to gain confidence in a user being a person and not requiring challenges for them.

    Simple CAPTCHA systems give you a challenge to complete, to show you are human. (As the Cloudflare post points out, it’s most of the time easier for bots to solve challenges than it is for humans. But botters still require expertise and solutions.)

    Sophisticated CAPTCHA systems may use any information the web-browser sends them to make a guess on whether the user is human or not, according to probabilistic models. For example the click interaction means you move your cursor, which can be tracked and analyzed against patterns.