Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can A Robot Fool 'I Am Not A Robot' Captchas? (businessinsider.com)

Posted by EditorDavid on from the humans-vs-robots dept.

Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."

54 comments

  1. of course by Anonymous Coward · · Score: 0, Insightful

    If anillegal indo-chip can fool employers with their phony yoga masters degrees, so can a robot

    1. Re: of course by Anonymous Coward · · Score: 2, Funny

      Our bestest Mandacrishna university teaches a 3 month Masters in PhD for rocket science. We accept credit cards. You will be a very good rocket science PhD, our priests guarantee it. Upon passing you will get H1B visa to work as an american scientist. No experience required.
      Revert us application for the same.

  2. Dino Arigato by Anonymous Coward · · Score: 0

    Mister Roboto

    1. Re:Dino Arigato by Anonymous Coward · · Score: 0

      Who the hell is "Dino Arigato"?

    2. Re:Dino Arigato by Farmer+Tim · · Score: 3, Funny

      It means "thank you terrible lizard".

      --
      Blank until /. makes another boneheaded UI decision.
    3. Re: Dino Arigato by Anonymous Coward · · Score: 0

      Gigantor

    4. Re:Dino Arigato by syntotic · · Score: 1

      Who was that AC? It is one of the computers stolen from me. Mind this, eh? I need all files back.

  3. Wait a minute... by Anonymous Coward · · Score: 0

    You don't necessarily have to mark street signs, house numbers or storefronts in pictures in order to pass the Captcha? I cannot remember a single instance when I didn't have to solve one of those annoying puzzles, so this makes me wonder ... am I a robot?

    1. Re:Wait a minute... by Anonymous Coward · · Score: 0

      You're probably a somewhat privacy-conscious technically literate human being who blocks some google tracking.
      Those are the only parties who suffer from Google's captcha system. By design.

    2. Re:Wait a minute... by Anonymous Coward · · Score: 0

      Existential crisis captchas?

      Captcha: homemade

    3. Re:Wait a minute... by 0100010001010011 · · Score: 2

      This is how this works. You check the box then they check for a cookie set from a time you previously finished the captcha. In addition to checking if you're signed in to a Google account of some sort (Gmail, Google+, Youtube, etc).

      I want to see this work on a brand new browser install.

    4. Re: Wait a minute... by Anonymous Coward · · Score: 0

      Yeah; in practice it only lets you through if you're logged in / don't block tracking. If not, you end up doing mechanical turk work for a few minutes. Our robot overlords will monetize your gray matter one way or another.

    5. Re:Wait a minute... by allo · · Score: 1

      I learned it as well from this video. Some mouse movements seem to make the image patterns go away, in many cases even when you deleted cookies. I am not sure, if the site can decide to use a "higher security" captcha, which enforces clicking, though.

  4. Shouldn't need an actual stylus by Some+nick+or+other · · Score: 1

    If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).

    1. Re:Shouldn't need an actual stylus by Anonymous Coward · · Score: 2, Insightful

      I keep tripping the I'm not a robot alarm anyway. Turns out they don't like text mode browsers.

    2. Re:Shouldn't need an actual stylus by TeknoHog · · Score: 1

      Some years back, I wrote a couple of screen-scraping bots to play simple Flash games. I always added some random movements and timings just to be sure. I can't imagine being the first one to think of this (around 2008-2010 or so).

      --
      Escher was the first MC and Giger invented the HR department.
    3. Re:Shouldn't need an actual stylus by FatdogHaiku · · Score: 1

      Sometimes you really need the arm, but sometimes you wish you never built it...
      https://www.youtube.com/watch?v=r-VJLz65QhM

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
    4. Re:Shouldn't need an actual stylus by duke_cheetah2003 · · Score: 1

      If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).

      It was my thinking, the 'robot' could be as simple as a usb device that appears to the computer to be a mouse. I'd think one could easily enough program such a simulated mouse to jiggle and wiggle like a human using the mouse would.

  5. Makes no sense by religionofpeas · · Score: 2

    If the software can send coordinates to the robot arm, it can also send them directly to the browser.

    1. Re:Makes no sense by gurps_npc · · Score: 2

      The detection software basically looks for perfection. The robotic intereface provides multiple places for imperfections. Rough mouse pads, electrical resistance, slightly off motors, all contribute small mistakes.

      It is these mistakes that fool the detection software, not the measured, identical commands.

      --
      excitingthingstodo.blogspot.com
    2. Re:Makes no sense by 0100010001010011 · · Score: 4, Interesting

      Write a bit of software to record raw mouse pad input. Do an FFT to see what noise there is. Add the noise back to your command signal.

    3. Re:Makes no sense by gurps_npc · · Score: 2

      Three choices:

      1) Real noise from robot, = no way to tell as it is real noise.

      2) Recording of real noise = good till they update the software to ignore that specific pattern of noise.

      3) Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored. Basically you are now both building noise detection systems and the winner is the guy that is better.

      It makes more sense to just use the real noise. Why get into a noise detection war.

      --
      excitingthingstodo.blogspot.com
    4. Re:Makes no sense by religionofpeas · · Score: 4, Insightful

      A robot arm, trying to follow the same path over and over, will also produce very specific noise that could be detected. So you have the same problem, except it will be more work to generate different patterns.

    5. Re:Makes no sense by djinn6 · · Score: 1

      Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored.

      1. There may not be any pattern in the fake noise for you to detect. If I generate the noise not by using real noise samples but by using a cryptographic hash, then you cannot detect any patterns in it, because that's what a cryptographic does.

      2. Pattern detection may take too long. If I hack 10 peoples computers and record what they're doing with their mouse, I'll have a continuous stream of mouse movement samples and new noise patterns.

      3. All else fails, I can run a physical simulation of a robot, and capture noise down to the physical level.

      Most importantly, using a real robot does not get around the fact that it has a particular set of imperfections that might have a detectable pattern, and because its a real robot, it would take much more effort to remove that pattern, versus a simulated robot.

    6. Re:Makes no sense by Hognoxious · · Score: 2

      A mechanical device is more likely to show a predictable pattern than a good simulation.

      Someone beat casino roulette wheels with this, IIRC.

      E.g. an uneven tooth on a cog will always show a change in speed at a particular position. With software you can choose a good source of randomness. You can choose several sources of randomness and switch between them - randomly.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    7. Re: Makes no sense by ihearthonduras · · Score: 2

      3) is an incorrect assessment. As an example it is very easy to generate 500 random data points sampled from a normal distribution mean 0 variance 1. It is much harder to go in reverse, taking those 500 points and saying "these come from a normal distribution mean 0 variance 1". Point is that the random number generation problem is significantly easier than the random number modelling problem. One possibility: Record a human mouse movement, and then just reuse that same movement every time. For them to search a database of all used movements would be prohibitively expensive.

    8. Re:Makes no sense by DontTrustWhatIType · · Score: 0

      A robot arm, trying to follow the same path over and over, will also produce very specific noise that could be detected.

      Well, not quite.

      Assuming the arm uses aggregated deep learning neural networks, it will (eventually) look like the same "person" clicking over and over again, but there is no guarantee that it will look like a "non-person". If you practice on CAPTCHAs 10,000 times, the variance with which you do things will be much smaller than someone who as only done it 10 times, but it will not make you a robot.

  6. Pity I can't read TFA by OzPeter · · Score: 2

    The object to my adblocker. I object to the manner in which ads are served. And this story is not worth the $1 they want me to pay in order to keep my adblcoker on while I read it.

    --
    I am Slashdot. Are you Slashdot as well?
  7. They defeat humans regularly by Patent+Lover · · Score: 1

    I can't stand the captchas where I can't possibly read what the fuck the letter/number/??? is.

    1. Re:They defeat humans regularly by antdude · · Score: 1

      These days, I see images like "select images that are store fronts". Argh!

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  8. Captcha? by Anonymous Coward · · Score: 0

    Whaz tha... It has been broken a long time. You rely on captcha's, you are just feeding the myth. As once mentioned, the coordinates can be sent directly to the browser, though most captcha breaking programs do not use a browser - the emulate one, including cookies. Google had a news release a few years ago that they had a program that broke every captcha. If Google has it, don't you think others can code it up?

  9. Adversarial networks by ShanghaiBill · · Score: 1

    Or you could use generative adversarial networks. Basically, you set up two neural networks: one tries to simulate human mouse movements, and the other tries to detect non-human behavior. You pit them against each other in a loop, so they drive each other's improvement.

    1. Re:Adversarial networks by Some+nick+or+other · · Score: 1

      That's interesting. One problem I've happened upon when playing with adversarial learning like that (though in a genetic algorithm context) is that the programs forget what has happened before; e.g. in a rock-paper-scissors setting, the first system learns rock, then the second learns paper, then the first learns scissors, then the second learns rock and you're back where you started. Presumably they have some way of avoiding this with GANs.

    2. Re:Adversarial networks by ShanghaiBill · · Score: 1

      Presumably they have some way of avoiding this with GANs.

      You just use many (millions at least) samples of human data. You mix the computer generated movements in with the human, and let the 2nd network try to discriminate which are which. You can prevent overfitting by inserting a little random noise into the human samples.

  10. Tracking blocker causes false positive by tepples · · Score: 1

    And before the peanut gallery calls you an "entitled millennial cheapskate":

    I use Firefox Tracking Protection, which blocks resources that track the user from one site to another. The functionality is similar to that of the Disconnect extension. But the detection code used by WIRED is so coarse grained that it can't tell an ad blocker from a tracking blocker. The site makes no attempt to fall back to serving ads that don't track users in this manner.

    1. Re:Tracking blocker causes false positive by Anonymous Coward · · Score: 0

      Ads and trackers serve the same function from the magazine's point of view: they bring in revenue. They don't want you blocking their revenue streams, no matter into how many categories you might care to differentiate them.

      If you think ads are somehow better or more virtuous than trackers, you are not looking at the question from the publisher's perspective. If you think you matter to the publisher as anything more than another component of the revenue stream, you are gravely mistaken.

    2. Re:Tracking blocker causes false positive by tepples · · Score: 1

      Newspapers don't get to track what other publications their readers read. Why should websites?

  11. Fake News, Clickbait, not a robot by slashkitty · · Score: 2

    This was a stupid remote controlled arm. This says nothing about robots being able to fool a clickbox.

    --
    -- these are only opinions and they might not be mine.
    1. Re:Fake News, Clickbait, not a robot by freeze128 · · Score: 1

      This was done by a human using a robot to move the mouse pointer. The robot itself has no optics to determine where the mouse pointer is. It has no intelligence at all.

      If the creators of this video wish to refute my claim, then I say, "OK, now click that box 10 Million more times and automate the download of content". I bet you they can't/won't do it.

  12. Arm is slow enough by jader3rd · · Score: 1

    If it involves an arm it's slow enough to prevent the kind of mass fraud this is designed to defeat.

  13. So where is the weakest link? by Provocateur · · Score: 1

    I said it once, for the thousandth time, I never use a touchpad EVER, you insensitive one-armed clod!

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  14. It's a play on words by allo · · Score: 1, Interesting

    Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser used with a mouse with realistic movement patterns". Probably some more advanced plugin for systems like selenium would do better than a robot arm, but a simple "curl" script won't fool google. That's the point. Their image puzzles are very repetative as well and a good machine learning algorithm should beat them soon. Its really about collecting some behaviour patterns inside the browser, not about robots.

    1. Re:It's a play on words by Anonymous Coward · · Score: 0

      Their image puzzles are very repetative as well and a good machine learning algorithm should beat them soon.

      I can't even get through the "click on the store fronts" question.

    2. Re:It's a play on words by T.E.D. · · Score: 1

      Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser ...".

      That would explain why I don't always see those captchas on my old IE browser I use at work.

    3. Re:It's a play on words by allo · · Score: 1

      Yep, this doesn't work for me either. And then it falls back either to traffic signs (works good) or house numbers (which usually loads like 10 new images when you clicked all correct numbers).

  15. Can't A11y features be automated? by Anonymous Coward · · Score: 0

    As long as there is a11y features available, is it that hard to automate this with tools like dogtail (in GNU/Linux)? Is a physical hardware ever required?

  16. Can they? Fuck yeah and faster than most humans! by Anonymous Coward · · Score: 0

    Scripts, which incidentally are NOT robots, have been able to crack Captcha for many years. Why is this not already more widely known? Even a Google search will turn up hundreds of such scripts, many of which are freely available.

  17. I can't beat them... by Anonymous Coward · · Score: 0

    ...maybe I should buy this robot.

    (What do these things detect anyhow? Because for me it's about 50/50 whether I get through or get diverted for "further testing").

  18. I am not a human (apparently) by Anonymous Coward · · Score: 0

    I often fail these checks, as well as the image picking task that follows.

    I think its some combination of script blocking and and just being a bit abnormal with my interpretation of ambiguous tasks (pick all squares containing street signs? Is the private billboard a street sign? Is the post part of the sign?). I feel like such tasks are trying to normalize thought: the more similarly I match other people, the better I do: I don't like that.

  19. Captchas are just like door locks. by mmell · · Score: 1

    They're a fairly defeatable technology - but they do serve to keep honest people honest.

  20. Make humans do it. by joboss · · Score: 1

    In the worst case you can proxy the capture. Solve it for one site solve it for another. How do you know when you fill a capture if it's one from a bot or genuine for the site? This is how: Make your own site, capture script (put it on stack overflow, npm, composer, etc everyone will copy and pasta it without checking) or something, make your bot. Your bot constantly puts captchas on a buffer. When a site needs it if the buffer is empty it generates, else it uses on off the buffer. Then it just forwards the success result. If you captcha site has good load the buffer can always be quickly consumed. Really good if you have enough control to just make it appear for a user already logged in to continue.

  21. No how "I'm not a robot" actually works by Anonymous Coward · · Score: 0

    The real work behind "I am not a robot" is in the reputation score that Google computes for you by looking at all the baggage you carry-around with you by virtue of them having their fingers in every pie in the world. Most of the time, the "I am not a robot" checkbox is a formality, and even that will be removed very soon for people who are good little consumers. Whether this thing was a robot (it wasn't) or a pantograph or whatever is irrelevant, because the robot needs to establish a reputation with Google to even begin the hack.

    Of course, eventually that will happen as well. Robots will be competing with humans to establish online profiles which ... can be used to establish more online profiles.