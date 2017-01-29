Slashdot is powered by your submissions, so send in your scoop

 


Google Robotics

Can A Robot Fool 'I Am Not A Robot' Captchas? (businessinsider.com) 20

Posted by EditorDavid from the humans-vs-robots dept.
Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."

  • If it's possible to do by a robot arm, it should be possible to do by faking the input from the stylus system. All you'd need is something like a finite element model of the physical system involving the robot and stylus (in the very worst case).
    • Some years back, I wrote a couple of screen-scraping bots to play simple Flash games. I always added some random movements and timings just to be sure. I can't imagine being the first one to think of this (around 2008-2010 or so).

    • Or you could use generative adversarial networks [wikipedia.org]. Basically, you set up two neural networks: one tries to simulate human mouse movements, and the other tries to detect non-human behavior. You pit them against each other in a loop, so they drive each other's improvement.

  • If the software can send coordinates to the robot arm, it can also send them directly to the browser.

    • The detection software basically looks for perfection. The robotic intereface provides multiple places for imperfections. Rough mouse pads, electrical resistance, slightly off motors, all contribute small mistakes.

      It is these mistakes that fool the detection software, not the measured, identical commands.

      • Write a bit of software to record raw mouse pad input. Do an FFT to see what noise there is. Add the noise back to your command signal.

  • The object to my adblocker. I object to the manner in which ads are served. And this story is not worth the $1 they want me to pay in order to keep my adblcoker on while I read it.

    • And before the peanut gallery calls you an "entitled millennial cheapskate":

      I use Firefox Tracking Protection, which blocks resources that track the user from one site to another. The functionality is similar to that of the Disconnect extension. But the detection code used by WIRED is so coarse grained that it can't tell an ad blocker from a tracking blocker. The site makes no attempt to fall back to serving ads that don't track users in this manner.

  • I can't stand the captchas where I can't possibly read what the fuck the letter/number/??? is.

