This was for querying package delivery status. I finally got one right after many attempts. The layout, layers, colors change after every attempt so good luck on figuring out which letters count.
L̶̨̢̢̮̼̬̼̬̠̗̳̜͈̣͇̮̼̱̪͙̰̯̝͉̽̃̏̓́̂̈́͗̂͋̇̍͊̈́̏̌̔̓̐̈́̈́͐̃͋̀͛̃͑̕͝o̶̯͉͂̽̏̇̄̑́̈́̾̋̄̎͗͝o̸̧̨̭̭͙̲̫̲͖͇͊̉̉̎͒̓̃́̌̍̓́̌͛̈́̔͌͌̏͌̕̕̚̕͠͝͝ͅǩ̴̪̹̺͓̭̤̗͉̟̰̣̫̻̙̳̞̐̈́s̵̡̨̢̨̩̖̜͉̺̖̼͇̲͕̩͎͖͒̉̃͒̂̽̇̂̉̈́̓̇́͌͑͆̇̈́̍̄͌͑̕̕̚̕̚̚͝͝ͅ ̸̢̡̢͙͔͙̦̺̪͖͎̪͖͔͖̙̘̯̠̙̙̱̠̖̻̳͖̰͔̜͌̔̍̐͛̐̓̒͐̂̎̀̄̈̄͐̇̎͒̃͊̇̈́̈͘͝͝f̶̧̡̟̤͈͍͇͖͔̹̲̘̫͈̟̙̫̙͓͎̙̘̰̹̅̽̓͌̐͗̊̓̀̒͒͛̌̎̆̇̈͋̐̀̋̍̓̿̚͜͝͝i̴̛̬̠͉̺̪̮̮̻̞̬̳̗͎̺͔̘̖͈͖̖̻̝͔͍̬̖̪̙̫̦̓̓͋̍̂̀̌̅͆͂͋̏͌̓͋́̀͑͆̉̚̚n̴͓̰̗̘̞̍̍̽͛̃e̶̡̨̳̼͍̮̼̤̮̮̹͕̜̭̬̭̳̣͍̰̾͗̈́̉́͆̄͑́̎̀͑̈́̉͐̈́͑̍̇͑̆͌̕͠͠͝͝͝͠ ̵̨̨̛̲͕̞̻̜̳̞̻̯̹̦̗͓̮̈́̈͝t̷̢͇͉͈̲͎͉̘̩̼͖̖̤̝͂̂̍͆͊̈́͑͆͌͛͗̔̃͐̎͛͋̍̂̒̈́̂̀̒̈́͌̕͝͝͝ͅơ̷̺̊̾̑̈́̾̑̊̾̃̋̆̾͝ ̷̡̮͇̺̙͕̝̯͚̦̥̝̬̉́̓̄̏̂̄̏̎̒̐͒̓̐͌̋̅̀͊̎̐̓̄̊̂̓̊̕m̴̢̡̛̬̟͖̖͎̰̹͊̍̈͗͑̐͑͐̇͒̈̎̏̍̏́̾̿̐̚̚͜͝ȩ̸̡̛̫̩̞̲͉̩̪̳͊̂̃́̊́̌̑͋͆͛͗̏̒͐̉̊͌̋̉͘̕̚͝.̵̧̪͖̳͇̩̫̺̜̱͍͍̻̋͗̉̔̾̈́́̈́͋̏͒̾̍̾̉͌͆̉͑̎͐͑͌̄͆̓͜͠͝ͅ
It’s WXU86 or I don’t need this website after all.
captcha: please click on all the stairs
stairs: literally every box
captcha: incorrect
Its just busy work. The computer uses the time to check for extraneous packets running to your address.
it’s really astounding EVERYONE isn’t just using hcaptcha, it’s the only one that actually fucking makes sense and works
I hate those the most. I get it wrong every single time. Well excuse me for including the rider as part of the motorcycle. I’m trying to save them from self-driving cars clipping their arm or leg on public roads.
Here’s the kicker. You’re not getting it wrong, you’re just being forced to train AI on another one because greedy corpos gonna be greedy.
Wrong in the sense that the machine thinks it is right (or enough people disagreed with your judgement).
How would they even know when they’re using it to train bots?
The same image is shown to a lot of people. If a majority of people click on the same things, that is assumed to be the correct answer. And it is added to the training database. Occasionally you’ll get one that hasn’t been shown to enough people yet to know for sure. For those, they’ll usually accept any answer, even wildly incorrect ones. The thing is, you as a user never know which ones they already know and which they don’t.
Steam uses this, and I swear I’ve been sober and awake when attempting them, but…
If you do the first too fast, it will just show a new one and nauseum. Or that’s my experience anyways.
i’d go with WXU86
Shh don’t tell the machines
woopsie!
Yeah but it’s still obnoxious. I would bet it fucks with dyslexics as well.
Looks pretty obvious to me.
I’m more infuriated by the “abnormal activity from your IP”. It seems pretty much everything is abnormal to these CDNs, including using Firefox on Linux. On the stack/exchange/ask networks I get that shit every fucking time. And no, I’m not using a VPN/Tor.
Especially when it’s a website that requires an account but they want to use SMS-based or Google Authenticator style 2FA in 2025. “Magic links” are stupid as hell too if you’re not a moron and use a decent password manager — I have no clue what random email address I generated for you since I can’t trust any company not to sell off my PII.
How hard is it to implement FIDO2 then let valid users make requests from whatever IP address they want? IP-based blocking is pretty fucking stupid if you’re already doing secure account-based authorization.
Saying all this as a heavily privacy-conscious web developer. All my traffic looks “suspicious” because how dare I not want your shit hole website to put its grubby little hands all over my IP address.
OK, that last sentence made me laugh!
Considering the amount of traffic from LLM bots nowadays, everything human/“natural” traffic seems to be abnormal as it doesn’t behave like the majority of requests
With browser extensions and other programs becoming tunnels for AI scrapers, consumer IPs are becoming less and less trustworthy. I receive bots from just about every Brazilian consumer ISP. All it takes is one person on your network with a shitty app/extension installed and your home becomes indistinguishable from a bot farm. It’s extra bad if you’re behind CGNAT so you can’t even influence your IP’s reputation.
Nobody wants these CAPTCHAs, but they’re still pretty effective, even with AI image interpretation. Plus, it still beats remote attestation in terms of Linux friendliness, and that’s the inevitable next step in the war against scrapers.
the problem isn’t captcha as a concept, it’s how it’s executed
there are good captchas that aren’t obviously making you train an AI model and which seem like they’d actually be effective at identifying humans, like dragging a circle over a specific feature of an image.
@skullgiver@popplesburger.hilciferous.nl @A_norny_mousse@feddit.org
I receive bots from just about every Brazilian consumer ISP.
Greetings. Brazilian here.
I can confirm that a lot of websites unexpectedly block my access with a pretty opaque “403 Forbidden”. No Captchas, no Anubis-like man-in-the-middle, just an invisible and ruthless Gandalf digitally yelling “you shall not pass”.
I have read similar stories about how Brazilian IP addresses seem to be infested with bots. It’s often Brazil: it’s odd how people rarely complain about other countries on this matter… Not pointing fingers towards you, specifically, but I wonder how much of geofencing against Brazilian IP addresses stems from prejudice and xenophobia of foreign webmasters.
It’s worth mentioning that bots have no borders and aren’t restricted to a specific country, but the vast majority of Brazilians (myself included) are restricted to an entire biological existence within Brazilian territory, with hundreds of millions of people never having set foot on an airplane or cruise ship.
Webmasters of the world should think about this before geofencing entire countries. Not just Brazil, but any country out there. Because living beings can’t choose where they’re born and humans often can’t even afford to travel and/or reside elsewhere.
(My sincere apologies for my outburst, but it resonates with the community’s name: being blocked from websites just because of nationality is not just Mildly Infuriating: it can be totally infuriating sometimes, and this exact phenomenon happened earlier today while I tried to access a psychology website)
It’s not just Brazil. China and Huawei’s Singapore datacenter are common bots for me too, but I have less of a problem blocking those off for most services, as I only have a few applications running where server-to-server traffic makes sense. There are a few Indian CGNAT exit points that sometimes show up as well, but their traffic is low enough that it doesn’t stand out. When spam traffic is coming from local (European) sources, it’s almost always from server IP blocks. Not a lot of domestic ISPs in my spam logs from most countries.
For some reason, Brazillian consumer ISPs just seems infested with certain strains of malware. It’s probably a brand of cheap IP cameras or routers that keeps getting infected, I remember Mirai hitting Brazil pretty badly. But I also get the feeling that Brazilian ISPs care even less about their networks’ security than the ones I’m used to with how much infected customers find their way to my servers. I would’ve expected similarly populous countries like the USA and India to hit my servers at a similar rate, but Brazil seems to stand out for some reason.
I don’t tend to block countries directly (they have too many IP ranges for me to bother, to be honest), not that I have anything that they’d be interested in anyway. I do get waves of Brazilian IP addresses trying to submitp spam to my mail server, though. I haven’t seen those coming from other countries yet. I know it’s not Brazilians themselves sending those, but that doesn’t make the spam any less annoying. For larger websites, I can see why they block IP ranges so aggressively.
I don’t think of ISPs in terms of nationality per se. I block per ISP, not per country, with the exception of China whose great firewall should probably “protect” their citizens from my websites anyway, and there I’m probably missing a whole bunch of ASNs anyway. It’s up to ISPs to maintain the reputation of their networks and to stop their infected customers from bothering everyone else, and if they don’t do it, I block their networks. In fact most filters that throw up blockades and CAPTCHAs and fail2ban blocks are doing this entirely automatically, if countries get blocked out it’s usually for legal reasons rather than anti bot protection.
If you get a lot of these blocks, it’s possible you’re in the same subnet as someone with a hacked device or shitty VPN app and got hit as collateral damage. I got that for a while after switching to an ISP that had just bought a block of IP addresses from a Ukrainian ISP. It’s just an unfortunate side effect of the modern Internet that you must either figure out how to get a new IP or hope the malware on your IP neighbours gets cleaned up. I don’t have enough time and energy to protect the innocent from the guilty when it comes to my small, insignificant websites, and I shouldn’t be needing to take such aggressive action against these IP ranges in the first place.
In a similar vein, I get a lot of 403 errors when browsing websites like Reddit because news websites still block off GDPR countries. I know how annoying it can be.
I deal with this a lot since I do most of my browsing through a VPN.
As great as VPNs are, there probably are a lot of bad actors using them and sometimes I’m the next person using that IP.
That hand is facing the wrong way, bot….
How so?? It looks like he’s looking at the back of his hand?
These “verify you are human” things should be made illegal at this point. They were training OCR scanners, then self-driving cars, now they’re designing them to be anti-AI and we’ve gone full circle where captchas are on the defense.
They were always abusive and exploiting free labor, and more so now. If you dumb companies can’t figure out how to filter fraudomation/AI/whatever, just go out of business.
Tech industry, stop using us.
I liked it when it was used to digitise books. Beyond that… nah.
Thank you!! I’ve been saying this for years. I have always said that I shouldn’t be forced to train Google’s trash software just because I want to go on some random website. It’s infuriating.
Bizarre grammar there: “Our firewall detects abnormal activity from your IP”. It does? When?
No accessibility options in the captcha? I guess they don’t care about people with vision disability.
That would cost money silly!
FЦᄃK ƬΉΣ BᄂIПD
what vision disability would prevent someone from seeing a monochrome image?
Blindness?
Furthermore, we kind of have rules for accessibility.
forgot about that one
Okay as stupid as this is, it’s pretty funny lol
I don’t see the problem. It’s WXU86.
It’s ironic, because AI would have less trouble with this than humans.
Name and Shame.
The only way this is going to stop is when the organisation is either forced by legislation or embarrassed by public pressure into change.
Legislation only happens due to public pressure.
Legislation only happens due to public pressure.
Or a few wealthy people who want something bad enough to throw money at.
Actually, in neoliberalism, nearly exclusively that.
Voter Support for a Bill Has Near Zero Influence on Whether It Will Become Law
Thanks, I remember reading that a long time ago but hadn’t been able to find it again since.
Says the bot
Are you sure you’re not a machine?
This means you’re a Cylon
It doesn’t look like anything to me.
