EU CAPTCHA, an Open Source solution for all Web services(joinup.ec.europa.eu)
joinup.ec.europa.eu
EU CAPTCHA, an Open Source solution for all Web services
https://joinup.ec.europa.eu/collection/eupl/news/eu-captcha-under-eupl-12
17 comments
I think the ship has sailed with regarding making captchas harder to automate, tech is too good.
However, my experience has been that if you can protect a comment form against a curl command, or a login form against wfuzz, it's done the job. If we accept this, we might make captchas less annoying to the humans trying to deal with them, and those 1% of people playing with headless chrome or whatever were always going to need manual moderation.
However, my experience has been that if you can protect a comment form against a curl command, or a login form against wfuzz, it's done the job. If we accept this, we might make captchas less annoying to the humans trying to deal with them, and those 1% of people playing with headless chrome or whatever were always going to need manual moderation.
Java as the only implementation ... well no.
Also found a bug within my first try. The slider asked me to put it BETWEEN 167 and 168 and then putting in on the lower number failed and there was no was to put it between two numbers.
Also found a bug within my first try. The slider asked me to put it BETWEEN 167 and 168 and then putting in on the lower number failed and there was no was to put it between two numbers.
Wow, these are pretty bad.
The "Sliding CAPTCHA" is simple but tedious to slide the slider to the exact right number.
The "Image rotation CAPTCHA" can be very difficult for some images. (for example I got a wind turbine where the shaft wasn't perfectly vertical in the image, so I had to guess if it should be slightly left or right leaning. I did get it right but I had low confidence)
The "Alphanumeric CAPTCHA" was ok but some of the numbers were fairly obscured. For the one I got (the line ran right though the string, this seems rare, usually it only interacts a few characters).
But not only are these awful for humans it seems like they would be pretty easy to solve for robots. The image one maybe a bit hard, but that was also the least confident for myself.
The "Sliding CAPTCHA" is simple but tedious to slide the slider to the exact right number.
The "Image rotation CAPTCHA" can be very difficult for some images. (for example I got a wind turbine where the shaft wasn't perfectly vertical in the image, so I had to guess if it should be slightly left or right leaning. I did get it right but I had low confidence)
The "Alphanumeric CAPTCHA" was ok but some of the numbers were fairly obscured. For the one I got (the line ran right though the string, this seems rare, usually it only interacts a few characters).
But not only are these awful for humans it seems like they would be pretty easy to solve for robots. The image one maybe a bit hard, but that was also the least confident for myself.
I found the sliding one rather impossible on mobile
had to zoom all the way in, and even then it was still difficult
had to zoom all the way in, and even then it was still difficult
I found them quite solvable. But I have to say I didn't try the slider on mobile. Rest seems okay, when you have bad luck with an rotating image, you could just refresh and get a new one.
I was hoping this would be a combination captcha/EU cookie notification. Kill 2 birds with one stone.
When did the EU start competing with companies?
That doesn't seem like a good idea.
I think it's a very good idea. Why should private companies that steal our data be the only ones sharing such (needed) tech?
When companies grew to size of governments unchecked.
Cringe.
Your comment? What's cringe about a governmental organisation going against those fucked up private companies that steal our perosonal data, like Google?
the solution is cringe. This is captchas from 10 years ago.
Technically terrible.
It's also an outdated solution, AI does captcha better than humans.
It looks like the EU enjoy so much ruining the web experience of people for no reason, that they feel the need to own a crucial piece of annoyance like a captcha. Weren't GDPR and cookie banners enough damage to the world?
Also, after the Cyber Resiliance Act (aka the biggest threat to the existence of OSS software in eu - all in the name of BS security) the EU are the last people that should talk about open source.
It's also an outdated solution, AI does captcha better than humans.
It looks like the EU enjoy so much ruining the web experience of people for no reason, that they feel the need to own a crucial piece of annoyance like a captcha. Weren't GDPR and cookie banners enough damage to the world?
Also, after the Cyber Resiliance Act (aka the biggest threat to the existence of OSS software in eu - all in the name of BS security) the EU are the last people that should talk about open source.
Captchas seem like they are not long for this world. AI is only going to get better at them. We might as well be pushing OS-level solutions along like Private Access Tokens.
Said jokethrowaway
GDPR is the best thing to happen to technology in a long time. The only problem with it is that it still doesn't have enough teeth, it needs to be enforced much more often.
I worry that it will be possible to automate solving it, particularly for the slider ones, which I think could be automated in a straightforward way.
I think with further refinement, it would be possible to build a captcha that respected privacy that was as secure as the leading alternatives. I am just not certain that a captcha is necessarily going to be a workable solution at all as time goes on (especially in light of advances in computer vision and AI more generally).
I think that the crux of the problem is that bots are going to get better and better at solving these kinds of challenges, and humans are pretty much going to stay where they are. I suspect the bots have already caught up.