Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Google Robotics

Can A Robot Fool 'I Am Not A Robot' Captchas? (businessinsider.com) 54

Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."
This discussion has been archived. No new comments can be posted.

Can A Robot Fool 'I Am Not A Robot' Captchas?

Comments Filter:
  • If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I keep tripping the I'm not a robot alarm anyway. Turns out they don't like text mode browsers.

    • Some years back, I wrote a couple of screen-scraping bots to play simple Flash games. I always added some random movements and timings just to be sure. I can't imagine being the first one to think of this (around 2008-2010 or so).
    • Or you could use generative adversarial networks [wikipedia.org]. Basically, you set up two neural networks: one tries to simulate human mouse movements, and the other tries to detect non-human behavior. You pit them against each other in a loop, so they drive each other's improvement.

      • That's interesting. One problem I've happened upon when playing with adversarial learning like that (though in a genetic algorithm context) is that the programs forget what has happened before; e.g. in a rock-paper-scissors setting, the first system learns rock, then the second learns paper, then the first learns scissors, then the second learns rock and you're back where you started. Presumably they have some way of avoiding this with GANs.
        • Presumably they have some way of avoiding this with GANs.

          You just use many (millions at least) samples of human data. You mix the computer generated movements in with the human, and let the 2nd network try to discriminate which are which. You can prevent overfitting by inserting a little random noise into the human samples.

    • Sometimes you really need the arm, but sometimes you wish you never built it...
      https://www.youtube.com/watch?v=r-VJLz65QhM [youtube.com]
    • If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).

      It was my thinking, the 'robot' could be as simple as a usb device that appears to the computer to be a mouse. I'd think one could easily enough program such a simulated mouse to jiggle and wiggle like a human using the mouse would.

  • by religionofpeas ( 4511805 ) on Sunday January 29, 2017 @10:50AM (#53759579)
    If the software can send coordinates to the robot arm, it can also send them directly to the browser.
    • The detection software basically looks for perfection. The robotic intereface provides multiple places for imperfections. Rough mouse pads, electrical resistance, slightly off motors, all contribute small mistakes.

      It is these mistakes that fool the detection software, not the measured, identical commands.

      • Re:Makes no sense (Score:5, Interesting)

        by 0100010001010011 ( 652467 ) on Sunday January 29, 2017 @11:19AM (#53759737)

        Write a bit of software to record raw mouse pad input. Do an FFT to see what noise there is. Add the noise back to your command signal.

        • Three choices:

          1) Real noise from robot, = no way to tell as it is real noise.

          2) Recording of real noise = good till they update the software to ignore that specific pattern of noise.

          3) Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored. Basically you are now both building noise detection systems and the winner is the guy that is better.

          It makes more sense to just use the real noise. Why get into

          • Re:Makes no sense (Score:5, Insightful)

            by religionofpeas ( 4511805 ) on Sunday January 29, 2017 @02:22PM (#53760889)
            A robot arm, trying to follow the same path over and over, will also produce very specific noise that could be detected. So you have the same problem, except it will be more work to generate different patterns.
            • A mechanical device is more likely to show a predictable pattern than a good simulation.

              Someone beat casino roulette wheels with this, IIRC.

              E.g. an uneven tooth on a cog will always show a change in speed at a particular position. With software you can choose a good source of randomness. You can choose several sources of randomness and switch between them - randomly.

          • by djinn6 ( 1868030 )

            Artificially generated noise (fake noise) based on multiple real noise samples = good till they detect a pattern in the fake noise, and then pattern is ignored.

            1. There may not be any pattern in the fake noise for you to detect. If I generate the noise not by using real noise samples but by using a cryptographic hash, then you cannot detect any patterns in it, because that's what a cryptographic does.

            2. Pattern detection may take too long. If I hack 10 peoples computers and record what they're doing with their mouse, I'll have a continuous stream of mouse movement samples and new noise patterns.

            3. All else fails, I can run a physical simulation of a robot, a

          • 3) is an incorrect assessment. As an example it is very easy to generate 500 random data points sampled from a normal distribution mean 0 variance 1. It is much harder to go in reverse, taking those 500 points and saying "these come from a normal distribution mean 0 variance 1". Point is that the random number generation problem is significantly easier than the random number modelling problem. One possibility: Record a human mouse movement, and then just reuse that same movement every time. For them to
  • by OzPeter ( 195038 ) on Sunday January 29, 2017 @10:54AM (#53759611)

    The object to my adblocker. I object to the manner in which ads are served. And this story is not worth the $1 they want me to pay in order to keep my adblcoker on while I read it.

    • And before the peanut gallery calls you an "entitled millennial cheapskate":

      I use Firefox Tracking Protection, which blocks resources that track the user from one site to another. The functionality is similar to that of the Disconnect extension. But the detection code used by WIRED is so coarse grained that it can't tell an ad blocker from a tracking blocker. The site makes no attempt to fall back to serving ads that don't track users in this manner.

  • I can't stand the captchas where I can't possibly read what the fuck the letter/number/??? is.
  • by slashkitty ( 21637 ) on Sunday January 29, 2017 @11:37AM (#53759839) Homepage
    This was a stupid remote controlled arm. This says nothing about robots being able to fool a clickbox.
    • This was done by a human using a robot to move the mouse pointer. The robot itself has no optics to determine where the mouse pointer is. It has no intelligence at all.

      If the creators of this video wish to refute my claim, then I say, "OK, now click that box 10 Million more times and automate the download of content". I bet you they can't/won't do it.
  • If it involves an arm it's slow enough to prevent the kind of mass fraud this is designed to defeat.
  • I said it once, for the thousandth time, I never use a touchpad EVER, you insensitive one-armed clod!

  • It's a play on words (Score:2, Interesting)

    by allo ( 1728082 )

    Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser used with a mouse with realistic movement patterns". Probably some more advanced plugin for systems like selenium would do better than a robot arm, but a simple "curl" script won't fool google. That's the point. Their image puzzles are very repetative as well and a good machine learning algorithm should beat them soon. Its really about collecting some behaviour patterns inside the

    • by T.E.D. ( 34228 )

      Google writes "i am not a robot", but actually means "i am not a simple piece of automated code, but a full featured webbrowser ...".

      That would explain why I don't always see those captchas on my old IE browser I use at work.

  • They're a fairly defeatable technology - but they do serve to keep honest people honest.
  • In the worst case you can proxy the capture. Solve it for one site solve it for another. How do you know when you fill a capture if it's one from a bot or genuine for the site? This is how: Make your own site, capture script (put it on stack overflow, npm, composer, etc everyone will copy and pasta it without checking) or something, make your bot. Your bot constantly puts captchas on a buffer. When a site needs it if the buffer is empty it generates, else it uses on off the buffer. Then it just forwards the

I bet the human brain is a kludge. -- Marvin Minsky

Working...