Why Can’t Robots Pass Simple Verification Questions?

Have you ever wondered why bots, which are the nightmare of websites, can't prove they are not robots when they can do site attacks?
 Why Can’t Robots Pass Simple Verification Questions?
READING NOW Why Can’t Robots Pass Simple Verification Questions?

We see that technology, which is in continuous development, provides great advantages in the field of “automation” today. In this context, we witness that functional robots and bots show themselves in both industry (such as automobile production) and entertainment (such as Discord bots).

However, programmed bots, which can make applications from scratch, process flawless materials, entertain people and have many more skills, do not seem to pass the “I am not a robot” box. So, what is behind this hair-raising situation that has been the material of countless internet memes?

Let’s fix the mistake from the beginning; There are many things that robots excel at. But we are at fault

When you see the box in question, you first move your cursor to it. Maybe you even went a little too far and you’re bringing it back. When you click it, you are asked to select all images that include, for example, a pedestrian crossing. You think on a small scale and mark images with pedestrian crossings. And congratulations, you’ve proven you’re human, now you can access the site.

Now let a bot try to enter, programmed behind your back. When that box appears, he won’t bother dragging the cursor there like we do. Instead, since he knows what pixel range the tile is in, he will pinpoint the cursor there and click. It will then instantly select all images containing a pedestrian crossing and try to enter.

But even though it has chosen the right images like you, the bot will not be able to enter the site.

Instead, an error code may appear in the validation section, or the CAPTCHA (Automatic Turing Test to Differentiate Humans and Bots) box may loop, prompting the bot to constantly find images. This keeps him away from the site. But wasn’t this validation exceeded by choosing the right images?

There’s a lot more going on behind it, and that’s where the actual validation happens:

ReCAPTCHA, which is part of Google and you can see at the end of almost every site membership, is also interested in your current internet activity history. For example, if you surf the internet for a few hours and then become a member of the site in question, which is what most of us do if we didn’t go online for that purpose, you are more likely to be human.

But going directly to that page and marking that box in milliseconds with a pinpoint shot is not very human work. Speaking of pinpointing the box, did you know that your mouse movements are also instantly monitored while you are on that page? Let’s witness this together right now.

Do the CTRL+SHIFT+J combination on your keyboard and click once on the sidebar and click the quoted command “onmousemove = function(e){console.log(“mouse location:”, e.clientX, e.clientY)}” without including the quotation marks. paste it. Hover your mouse cursor over the site after pressing Enter. Did you see? It’s that easy to watch these moves.

When you look at your own cursor movements, you will see that you follow a certain path from one place to another:

But since the bots do not do this and go directly to the target, the probability of them being human is close to impossible. Because even if you try, you cannot tick that box like a machine. In other words, your activity on the page, your cursor movements, your internet activity from YouTube to Twitter, from Webtekno to the site you will subscribe to, and many more are analyzed and it is decided whether you are human or not. Therefore, the way we use the internet allows us to pass these boxes smoothly every time.

But if you use VPN-style tools, instant location changes can affect the verification process, just like bots. In this context, you may have to choose an image again and again, or the verification box may give an error. Depending on the authentication type, you may also be able to pass, regardless of whether you use a VPN or not.

Let’s briefly describe the types of verification we are all familiar with and the methods they use:

The difference between CAPTCHA and reCAPTCHA itself, which we are blinded to trying to solve:

CAPTCHA emerged in 1997 and in its original form, “Are we robots?” It contained words that made you question, with different lines and methods that were barely read. Later, when bots started to overcome this, images were added to CAPTCHA to protect security, which brought different challenges.

  • How I felt when I couldn’t do the CAPTCHA test 10 times in a row

Let’s come to reCAPTCHA:

We can describe reCAPTCHA as “Google’s CAPTCHA”. Because different companies have the opportunity to process it in their own way. It appeared in 2007 and was acquired by Google 2 years later. In the first versions of this, it was necessary to write the word in the image as we saw in the original CAPTCHA.

The first version of reCAPTCHA, which was unplugged in 2018, appeared in its second version with the most common box we see today. In this version, users are asked to tick the box and according to the conditions we have stated above, they are either automatically taken in or they have to choose images taken from Street View such as “pedestrian crossing”, “traffic lamp”. Then they are taken to the site.

Additional Information: In this version, the verification box can be hidden on different buttons. In other words, when you press the register button, you may be confirming that you are a robot without your knowledge. But when a friend does this, they may encounter verification based on their current internet activity.

In the third version, the direct box ticking requirement is eliminated:

Instead, the system determines a score that indicates whether you are human or not, based on your internet activity. If your score is at a questionable level, you are asked to verify just like before. Then you can enter the site.

In conclusion, we can say that thanks to our flaws, we were able to surf the Internet and the bots were not taken to the sites because they were flawless. But we know that bots will adapt to these systems at some point. When that time comes, what kind of verification methods do you think will be used? You can share your thoughts in the comment section.

Sources: Google, DataDome, Logically Answered

Comments
Leave a Comment

Details
186 read
okunma32167