I'm starting a new project and I need to understand how effectively modern captchas stop bots. I'm aware that bots can sometimes pay individuals to solve captchas, but I'm focusing on what bots can manage on their own. I've done some research but most of it feels anecdotal rather than scientific. I know captchas utilize metadata like mouse movement and input speed, which complicates things for bots. From what I've seen, AI can identify the required squares in captcha images, but when it tries to input that data, it fails due to those additional checks. Is this accurate, or have AI capabilities improved to the point where they can bypass those checks? I realize no captcha is foolproof, but if they're around 90% effective, that could work for me. I'm also open to other verification methods that are quick and practical. Any insights would be great!
5 Answers
AI has probably found ways to solve captchas by now. Captchas are somewhat just annoyances laid on regular users.
Finding reliable data on this is tough. Captchas are designed more to catch the cheaters rather than be infallible. Think of them like trick questions in a test where a perfect score looks suspicious. Bots might even accidentally fail, which undermines their purpose. Generally, sketchy individuals will likely just use humans to solve captchas instead of trying to create complex bots.
No, AI can't reliably solve captchas. While it might click the right boxes, it often misses the more nuanced checks that determine whether the user is a bot or not.
A good web application firewall (WAF) can help. It won't make you completely bot-proof, but it can slow them down significantly unless you're a high-profile target. I personally use Cloudflare's WAF for extra protection.
Captchas are constantly changing. Some of the earliest captchas are actually used for training AI, which makes it only a matter of time before AI can solve them. There’s a bit of an arms race here where captchas have to keep up with AI advancements. Ideally, modern captchas should be unsolvable by AI if they're up-to-date, but older ones might fall to AI.
Exactly, there's nothing stopping a scammer from having a bot pause and then do the captcha manually. The big-time scammers will invest in human solvers, but casual ones won’t want to deal with that hassle. I'm also looking at users who run bots without supervision, so I want to figure out how to detect them effectively.