1mo ago

MS new captcha: Why did it have to be that hard!?!?

This is not my pic because I forgot to screenshot it when I did it. Microsoft has the hardest captcha I have ever had to complete. This one looks easier but I had a similar one that on my phone the images were too small, not recognizable and were more abstract looking shapes. It was so hard, I failed like 8 times (there were several 'rounds') and it almost made me second guess whether I might actually be a robot lol. Luckily, there was an audio version where you have to pick from a number of melody recordings and choose the one that was a pattern. Anyone else have trouble with this?

90 comments

Pretty sure any decent model could easily solve that anyways. To borrow a quote about bears from the National Park Service, there's now significant overlap between your dumbest users and the smartest AI.
- Pretty sure any decent model could easily solve that anyways.
  True, but often these things also track the mouse movements or touch inputs and analyse those to see if they match natural human input or not. Of course advanced AI would be able to simulate proper inputs but most bots today would fail this check.
- I am usually good at puzzles but this was hard to see on my phone. The pictures were much smaller in my version compared to the image. It wasn't an intelligence issue, it was a vision issue. Yet, many sites still just use a check box even the bank I work for does. Bigger companies than MS use a checkbox.
  
  The checkbox is only the first step. When it's a google recapcha, cloudflare, etc that have the checkbox, this is the trigger to check. It sees how long since you loaded the page to when the checkbox is checked, how the mouse moved (perfectly straight line or instant jump to position indicates bot), and other info they have about previous visits (they store a cookie on your PC and when you go to another site they know where you have been and can compare that against the much higher risk of a blank slate user or against whether you've tried the same form 100 times).
  If you pass that, as 90%+ of users should, then you see no more. If you are like me, you use a VPN and fail the first check and have to do endless recapcha "click on the busses" until you give up and quit the site.
  I hate the google ones. Not only do they make life unbearable for people with VPNs, they use the info about what sites you visit to sell ads. And half the time you don't even know because the recapcha is the hidden in page one not the one in the form when you click the box.
  The cloudflare ones are nicer. They virtually always pass me even though I'm behind a VPN, and although they technically can track me across sites (and probably do to track threat level), they aren't in the business of selling ads based on that data.
  I have also generally had a nice experience with hCapcha. And recently I came across one that is using proof of work, mCaptcha - not sure what to think on that as it probably uses excess energy but it's nice to have your computer sort it out in the background. The idea here is a sort of rate limit. It takes a few seconds to do the work to pass the test (variable difficulty depending on how many accesses are happening on the site - i.e. whether they are under attack), but it all happens in the background while you fill the form in so you don't notice. It slows down bots but doesn't really detect them - more of a rate limiter or something designed to reduce the cost effectiveness of bots.
  Thank you for coming to my ted talk.

I got this one the other day during a checkout process. This site lost the sale, I couldn't crack it.
- I would have picked the only picture of a dog. Bees and Tapirs/Capybaras don't seem to fit
  
  Me and all my friends agree, but the site did not accept that as the correct answer. I originally took that picture to get a second opinion and make sure I wasn't going crazy heh. I even tried for a new captcha, and it was still nonsense.
  We did it, we beat AI. And humans.
- That one is terrible. I assume by "object" they mean "dog wearing accessories". That captcha was made to trick humans.
- What does that even mean?
  
  It means you're not human.

So, it's a little known fact that captchas and such like no longer test to see if you can solve something, because the bots have evolved to pass those kinds of tests.
They also tried to set them up to succeed where humans failed, but then bots evolved to pass those, too.
So now they look at how you fail or pass, or how you keep trying. Basically, they're checking if you're human by seeing how you respond to frustration.
- They also use captchas to train AI more so.... 🤷
  
  well, there's that too.
  Kind of a "we need to put this out there anyway" kind of thing...
  The way they verify you're human is how you respond, but they're also getting you to train AI's while they do it.
- seeing how you respond to frustration
  Great UX design...

try this one: https://iqcaptcha.us.to/
- A few years ago when I was in college, I would've been able to solve that equation probably but that information has since left my brain lol.
  
  Yup same, i looked it up and it all came back. However, it's still a completely useless knowledge in my normal adult life, though i'm a software engineer
- My solution:
  The outer square lines in the third column/row is the result of the difference between what exists in the first two items in that row/column. Only outer lines appearing only once will be in the 3rd shape. The center lines seem to be only center lines that appear in both shapes. Therefore x is 52, since all outer shapes cancel and there are no shared center lines. The rest is fairly simple.
  The second derivative of f(x) is 78x + 22, so the answer is 78(52) + 22 + 52 = 4130
  I'm not completely confident in this solution but it seems to be consistent with the known columns and rows.
  
  I agree with your solution! GG
  f'(x) = 3(13)x²+2(11)x+10
  f"(x) = 6(13)x+22 = 72x + 22
  f"(52) = 4056 + 22 = 4 078
  4078 + 52 = 4 130
  
  The patterns work from top to bottom too.
  The outside is XOR and the clock is AND.
- Claude 3.5 sonnet seems to think the answer is 23
  CharGPT o1 thinks it's 6, but the formula answer is 496 and just a "bonus"
  o1 also "thought" about for a LONG TIME 1 minute and 11 seconds, which is the longest I've ever been able to get it to "think" about anything LMAO\
  
  Notice how it doesn't explain what's going on in the pattern that got it to number 6. It's just a guess. If push comes to shove, anyone can make a straight faced lie that whatever option is the correct answer, they'll justavoid explaining it.
  
  that's really impressive, parsing so much information from a 2 step problem displayed skewed on a garbled background
- Wouldn’t it be 79x + 22 ? But they don’t give you a value to use for x. Wtf
  
  no, you need to derivate the f(x) function twice because the last line asks for f"(x). you do that by taking down the exponent in front of each power of the polynomial and decreasing the power by one each time you derivate.
  So for the 13x³: derived once it becomes 3 times 13 x², which equals 39x². Derived a second time, it is 2 times 39x, so 78x.
  The 11x² becomes 2 times 11x, and then just 22 (times x power zero). the rest disappears after two derivatives.
  The x is given when finding the correct pattern that matches the missing symbol in the first part of the problem, being the dot, so 52. I explained how you find this in a comment somewhere up here :)
- Honestly some capchas make me wish it was just a derivative.
  
  ∫ x tan(x) dx
- is the correct pattern indeed 6 and why?
  
  no the correct pattern is 52, using the following method:
  for each column, superpose the outer diagonal lines of the first and second pattern, lines that appear in both symbols are suppressed in the third (bottom) pattern, lines that only appear in one of the two first patterns are kept.
  for each column, superpose the clock hands of the first and second pattern, only keep the clock hands that appear in both symbols at the same position.
  The third column has the same diagonal lines in the first and second pattern, so they disappear. Those two symbols have different clock hands so they also disappear. So the only remaining element in the pattern is the central dot (52).

I fucking hate captchas with a passion. They make me violent. Captchas should be illegal for the sake of my mental health. As a VPN user I see them 10x more than the average person.
- Honestly captchas and the enshittification of the internet has completely driven me away from tech. Its become so user hostile that it simply is no longer worth the effort. There have been times where just to access a page I have to do five rounds of captchas.
  
  Yeah, also, where did all the fun stuff go? Now it's just rage bait AI generated "articles" that pushes the dopamine button.
  Where are 3D printer projects, robots, science, the arts, longevity science, DIY, and so on?
  Mustn't we build a new internet without the idea that you should earn a living from whatever you do there?
  
  Yeah I feel that. I spend lots of time on my computer offline. I got games, music, movies, even some books. I'm pretty much set. Part of me does want to run away and live in the woods though.

Rapidly getting into the "overlap between the intelligence of the smartest bears and the dumbest tourists" levels of captcha
- Hey man, I don't like Chicago either, but to say that their football players are all dumb? I'm sure they're reasonably smart....
- I just feel jipped bc my version of the orbits and numbers were all jumbles so you couldn't tell which orbit pertained to which number.

I've been staring at this thing for like 30 seconds, and I have zero clue what it's asking you to do.
- drag the red circled piece into the orbit that is labeled 9
  
  But......9 is on a different orbit. It'll collide with the teal chess piece. Then we'll have chess pieces floating in space for all eternity!
- There is simple arrows at the bottom which changes availiable images. They just change orbits on different images and when it's in correct orbit click submit

I think we're way past the need for an "if you can't auto detect bots then that's a you problem, dog" legislation. I guess you could be boring and call it anti-hostile experience regulation or whatever. but this shit needs to die like most Google projects.

I haven't seen one like this but I am a little tired of looking at grainy traffic lights.
- The version I did had smaller circles, more abstract and nearly indistinguishable symbols and shapes and the numbers were scattered throughout the orbits. Some numbers were in between and it took a few seconds to figure out what orbit they were 'labeling'. Also as you scrolled through the options, it seemed as if none fit the appropriate answer so I defaulted to the audio.
- I'm tired of looking at clear, easy to spot traffic lights that I get 100% right but have to do page after page of them because I'm using a VPN. If it's not important I will give up on a site using reCaptcha.

Apparently if you wanted to *defeat AI you just need to ask the user how many R's there are in strawberry.
*edit because dictation is stupid
- OG captcha: What's this word?
  Feed that I told ML to get OCR.
  Now AI can't count letters.

Is this c/anarchychess ?

Someone shared with me having to calculate the resistance of a resistor once. I sent them the color band chart to figure it out lol

Today I learned I was a robot.

Unplug the network cable and reboot. When it asks about an account there should be an option to join a domain. Select that and you can make a local account. *
*Ms changes this a bit so it may be inaccurate
- This was for an online service. I don't want it to be restricted to one device. I was creating multiple accounts so I could have multiple free trials of things not affiliated with MS but had an option to use an MS account to log in.

They should just make a captcha that asks how many 'r's in 'strawberry'.

Because ai.
- I know why they do it, just the fact that they seem to be the only ones with a difficult one like this. Some people might not be able to. I could barely see it.
- It was already a problem before. Now it is much worse.
  The actual issue is that the entire system relies on obscurity

I can't make a github account for that reason, smh.

I recently set up a new GitHub account and it had the same crap. And you have to get 3 in a row correct. I got so frustrated and I was cursing enough that my wife came into my office to make sure I was okay.

I forget where I heard that these are actually used to help train AI, but I don’t doubt they are somehow.

It's interesting in how it combines three different tests - visualization of both the targets and the field to move them in, comprehension of what the task is, and correct movement. I had to take a second to understand the whole point myself.

People generally already don't want a ms account, so now they're making it even harder to get one lol morons
- Some services require an MS or Google sign in
  
  That's a fair point. But I've always seen it as a choice (sign in with ms, LinkedIn, google, or fb). Which services (besides Microsoft) require a ms account?
- The only thing i use A MS account for is Minecraft And thats my only exception.

I liked the captcha for the PlayStation forums (hard math problems)

worse than Roblox?

Are...are the hackers actually deterred by these...things? Are they not accessing the data in some other way?
- it's not meant to deter hackers, but spam bots and web cralwers, and such like. Possibly also meant to stop people hitting the service as a way of breaking the service.
  but mostly they want to know the person looking at it is a human so they can feed it advertisements.

90 comments