WingNews logo WingNews
top | item 37058062

(no title)

Fice | 2 years ago

Telling computers and humans apart is a wrong goal. Every request comes from a computer that is commanded by some human. And why shouldn't users be allowed to use automated user agents when they don't do it for spamming or anything malicious?

CAPTCHA is essentially a proof-of-work variant where challenges are designed to be solved by humans rather than computers, and same as any PoW it works by means of consuming some limited resource (human time, processor time, energy).

discuss

order

teacpde|2 years ago

A lot of times the purpose is more on rate limiting than disallowing bot access. The goal to tell apart is on the premise that humans are a lot slower than bots.

weird-eye-issue|2 years ago

In our SaaS we have usage limits and rate limits. Have never needed to implement "bot detection" for this reason

kalleboo|2 years ago

I always figured that CAPTCHAs worked because they limited on a resource that was harder to steal - human attention.

Rate limit by IP, and you get attacked by a botnet that "steals" IP addresses with malware.

Rate limit by PoW and you get people stealing AWS accounts, or using aforementioned botnet. See bitcoin mining.

Rate limit by CAPTCHA and you have to get a lot more clever (see things like setting up porn sites and proxying CAPTCHAs there)

So while you can pay to have CAPTCHAs solved, you actually DO have to pay and can't just steal your way in, so it means your target has to be more valuable.

runeks|2 years ago

> So while you can pay to have CAPTCHAs solved, you actually DO have to pay and can't just steal your way in, so it means your target has to be more valuable.

None of these things you listed above are available for free. They all require either effort to obtain or paying someone to do the work.

rmbyrro|2 years ago

Can you steal AWS accounts with no effort?

And keep stealing them after you get blocked on the first ones?

j16sdiz|2 years ago

The main goal usually like anti-spam or anti-scraping.

Some shop (for example, concert ticket-selling) have very limited supply and high demand, and don’t want automation in buying.

ozim|2 years ago

I see you don’t understand why people make websites or systems. Or why people make bread.

I don’t make application so that users benefit or to make them happy. I make applications so that I can earn money.

Earning money requires having human on the other side. Just like you are not making bread to make bread and throw it into a shredder.

If someone has scheme where automation is beneficial they will create API for their system. You should use API if I provide one. But when I create UI then I create it for people to use it.

xigoi|2 years ago

> I don’t make application so that users benefit or to make them happy. I make applications so that I can earn money.

This is why most commercial software is so bad.

figassis|2 years ago

Why not both, make money and benefit people. I think that’s what earning money means. Otherwise you’re just making money at someone else’s cost.