WingNews logo WingNews
top | item 20563588

(no title)

suvelx | 6 years ago

There are already companies out there doing 'biometric' analysis of user sessions to discern between authentic, fraudulent and automated sessions, and they're already being applied to things such as loss prevention in financial firms.

I had always assumed that this sort of analysis was already done on the 'slider captchas'. It wouldn't surprise me if this becomes a thing.

Humans are almost never going hit the exact centre of the box, and unless the browser does some smoothing I suspect they never swipe smoothly and horizontally.

discuss

order

Anarch157a|6 years ago

Then bot makers will start applying fuzzing to the movements, randomly placing the cursor inside a region over the target, varying the speed, releasing the slider and trying again, etc.

There's no reason yet to go to such lenghts, so the extra effort would be wasted, but as soon as it becomes necessary, someone will do it.

adrianN|6 years ago

The endgame is probably training some neural net with real user behavior and using that to generate realistic usage patterns.

nguoi|6 years ago

Even the bot in this blog does fuzzing

higherkinded|6 years ago

Trained human is likely capable of doing it exactly like the Puppeteer does minus the fact that the pointer may move instantly in case of the machine doing it. One wrong assumption covered, two more to go.

The second assumption made here is that the (as pointed out) fuzzing is a thing.

The third one is that you can't be sure of the input device. Joystick like the one seen on ThinkPad is uncommon but still used as the input device. Touchscreens are common but human-ish, though you will have to cover them too. The extreme case is that some X-savvy person may just move the pointer sometimes using the X's built-in capabilities, by dmenu and stuff, and even if that's highly unlikely, it still will fail.

There's no point in doing all the possible checks you may come up with: egde cases, no matter how impossible they look, still exist and break the consistency of the slider solution easily. Google captcha and Funcaptcha are nearly the best options you can readily get, freeing your hands and head of a huge deal of hassle you will face when dealing with this task.