captchas like these that don't tell you which part of the text you're supposed to input
This was for querying package delivery status. I finally got one right after many attempts. The layout, layers, colors change after every attempt so good luck on figuring out which letters count.
i'd go with WXU86
Shh don't tell the machines
woopsie!
Yeah but it's still obnoxious. I would bet it fucks with dyslexics as well.
Looks pretty obvious to me.
I'm more infuriated by the "abnormal activity from your IP". It seems pretty much everything is abnormal to these CDNs, including using Firefox on Linux. On the stack/exchange/ask networks I get that shit every fucking time. And no, I'm not using a VPN/Tor.
Considering the amount of traffic from LLM bots nowadays, everything human/"natural" traffic seems to be abnormal as it doesn't behave like the majority of requests
Especially when it’s a website that requires an account but they want to use SMS-based or Google Authenticator style 2FA in 2025. “Magic links” are stupid as hell too if you’re not a moron and use a decent password manager — I have no clue what random email address I generated for you since I can’t trust any company not to sell off my PII.
How hard is it to implement FIDO2 then let valid users make requests from whatever IP address they want? IP-based blocking is pretty fucking stupid if you’re already doing secure account-based authorization.
Saying all this as a heavily privacy-conscious web developer. All my traffic looks “suspicious” because how dare I not want your shit hole website to put its grubby little hands all over my IP address.
OK, that last sentence made me laugh!
With browser extensions and other programs becoming tunnels for AI scrapers, consumer IPs are becoming less and less trustworthy. I receive bots from just about every Brazilian consumer ISP. All it takes is one person on your network with a shitty app/extension installed and your home becomes indistinguishable from a bot farm. It's extra bad if you're behind CGNAT so you can't even influence your IP's reputation.
Nobody wants these CAPTCHAs, but they're still pretty effective, even with AI image interpretation. Plus, it still beats remote attestation in terms of Linux friendliness, and that's the inevitable next step in the war against scrapers.
the problem isn't captcha as a concept, it's how it's executed
there are good captchas that aren't obviously making you train an AI model and which seem like they'd actually be effective at identifying humans, like dragging a circle over a specific feature of an image.
@skullgiver@popplesburger.hilciferous.nl @Anornymousse@feddit.org
I receive bots from just about every Brazilian consumer ISP.
Greetings. Brazilian here.
I can confirm that a lot of websites unexpectedly block my access with a pretty opaque "403 Forbidden". No Captchas, no Anubis-like man-in-the-middle, just an invisible and ruthless Gandalf digitally yelling "you shall not pass".
I have read similar stories about how Brazilian IP addresses seem to be infested with bots. It's often Brazil: it's odd how people rarely complain about other countries on this matter... Not pointing fingers towards you, specifically, but I wonder how much of geofencing against Brazilian IP addresses stems from prejudice and xenophobia of foreign webmasters.
It's worth mentioning that bots have no borders and aren't restricted to a specific country, but the vast majority of Brazilians (myself included) are restricted to an entire biological existence within Brazilian territory, with hundreds of millions of people never having set foot on an airplane or cruise ship.
Webmasters of the world should think about this before geofencing entire countries. Not just Brazil, but any country out there. Because living beings can't choose where they're born and humans often can't even afford to travel and/or reside elsewhere.
(My sincere apologies for my outburst, but it resonates with the community's name: being blocked from websites just because of nationality is not just Mildly Infuriating: it can be totally infuriating sometimes, and this exact phenomenon happened earlier today while I tried to access a psychology website)
I deal with this a lot since I do most of my browsing through a VPN.
As great as VPNs are, there probably are a lot of bad actors using them and sometimes I'm the next person using that IP.
That hand is facing the wrong way, bot….
How so?? It looks like he's looking at the back of his hand?
captcha: please click on all the stairs
stairs: literally every box
captcha: incorrect
I hate those the most. I get it wrong every single time. Well excuse me for including the rider as part of the motorcycle. I'm trying to save them from self-driving cars clipping their arm or leg on public roads.
Steam uses this, and I swear I've been sober and awake when attempting them, but...
If you do the first too fast, it will just show a new one and nauseum. Or that's my experience anyways.
Its just busy work. The computer uses the time to check for extraneous packets running to your address.
it's really astounding EVERYONE isn't just using hcaptcha, it's the only one that actually fucking makes sense and works
It's WXU86 or I don't need this website after all.
Name and Shame.
The only way this is going to stop is when the organisation is either forced by legislation or embarrassed by public pressure into change.
Legislation only happens due to public pressure.
Legislation only happens due to public pressure.
Or a few wealthy people who want something bad enough to throw money at.
Actually, in neoliberalism, nearly exclusively that.
Voter Support for a Bill Has Near Zero Influence on Whether It Will Become Law
It's ironic, because AI would have less trouble with this than humans.
Are you sure you're not a machine?
This means you're a Cylon
It doesn't look like anything to me.
Bizarre grammar there: "Our firewall detects abnormal activity from your IP". It does? When?
These "verify you are human" things should be made illegal at this point. They were training OCR scanners, then self-driving cars, now they're designing them to be anti-AI and we've gone full circle where captchas are on the defense.
They were always abusive and exploiting free labor, and more so now. If you dumb companies can't figure out how to filter fraudomation/AI/whatever, just go out of business.
Tech industry, stop using us.
Thank you!! I’ve been saying this for years. I have always said that I shouldn’t be forced to train Google’s trash software just because I want to go on some random website. It’s infuriating.
I liked it when it was used to digitise books. Beyond that... nah.
I don't see the problem. It's WXU86.
Much better when they have the little "vision impaired? click here!" button :(
Id imagine it's the forward most set of characters.
Says the bot
L̶̨̢̢̮̼̬̼̬̠̗̳̜͈̣͇̮̼̱̪͙̰̯̝͉̽̃̏̓́̂̈́͗̂͋̇̍͊̈́̏̌̔̓̐̈́̈́͐̃͋̀͛̃͑̕͝o̶̯͉͂̽̏̇̄̑́̈́̾̋̄̎͗͝o̸̧̨̭̭͙̲̫̲͖͇͊̉̉̎͒̓̃́̌̍̓́̌͛̈́̔͌͌̏͌̕̕̚̕͠͝͝ͅǩ̴̪̹̺͓̭̤̗͉̟̰̣̫̻̙̳̞̐̈́s̵̡̨̢̨̩̖̜͉̺̖̼͇̲͕̩͎͖͒̉̃͒̂̽̇̂̉̈́̓̇́͌͑͆̇̈́̍̄͌͑̕̕̚̕̚̚͝͝ͅ ̸̢̡̢͙͔͙̦̺̪͖͎̪͖͔͖̙̘̯̠̙̙̱̠̖̻̳͖̰͔̜͌̔̍̐͛̐̓̒͐̂̎̀̄̈̄͐̇̎͒̃͊̇̈́̈͘͝͝f̶̧̡̟̤͈͍͇͖͔̹̲̘̫͈̟̙̫̙͓͎̙̘̰̹̅̽̓͌̐͗̊̓̀̒͒͛̌̎̆̇̈͋̐̀̋̍̓̿̚͜͝͝i̴̛̬̠͉̺̪̮̮̻̞̬̳̗͎̺͔̘̖͈͖̖̻̝͔͍̬̖̪̙̫̦̓̓͋̍̂̀̌̅͆͂͋̏͌̓͋́̀͑͆̉̚̚n̴͓̰̗̘̞̍̍̽͛̃e̶̡̨̳̼͍̮̼̤̮̮̹͕̜̭̬̭̳̣͍̰̾͗̈́̉́͆̄͑́̎̀͑̈́̉͐̈́͑̍̇͑̆͌̕͠͠͝͝͝͠ ̵̨̨̛̲͕̞̻̜̳̞̻̯̹̦̗͓̮̈́̈͝t̷̢͇͉͈̲͎͉̘̩̼͖̖̤̝͂̂̍͆͊̈́͑͆͌͛͗̔̃͐̎͛͋̍̂̒̈́̂̀̒̈́͌̕͝͝͝ͅơ̷̺̊̾̑̈́̾̑̊̾̃̋̆̾͝ ̷̡̮͇̺̙͕̝̯͚̦̥̝̬̉́̓̄̏̂̄̏̎̒̐͒̓̐͌̋̅̀͊̎̐̓̄̊̂̓̊̕m̴̢̡̛̬̟͖̖͎̰̹͊̍̈͗͑̐͑͐̇͒̈̎̏̍̏́̾̿̐̚̚͜͝ȩ̸̡̛̫̩̞̲͉̩̪̳͊̂̃́̊́̌̑͋͆͛͗̏̒͐̉̊͌̋̉͘̕̚͝.̵̧̪͖̳͇̩̫̺̜̱͍͍̻̋͗̉̔̾̈́́̈́͋̏͒̾̍̾̉͌͆̉͑̎͐͑͌̄͆̓͜͠͝ͅ
Nice try LLM Diddy
As others have pointed out, it's probably the foreground characters. They're easier to read and less ambiguous from occlusion by other characters.
In general I find you can resolve technical ambiguities or possible loopholes to instructions in these things by asking yourself "what would most people do, especially if not really thinking about it much?" That's particularly helpful for situations where you have to select all the tiles with x object in them. Often you'll see that technically there's a little bit of the object in squares other than the most obvious ones that everyone would have selected and you ask yourself "does that count? Technically a little bit of it's in this square" but if you just pretend you didn't notice that and only go for the most dead obvious squares you end up passing. Once I realised this the number of times I failed CAPTCHAs significantly reduced. For some reason the only ones that continued to be a problem were the click a checkbox ones that seemingly analyse your mouse movement because somehow I apparently move like a robot.
Tl;Dr
"just guess right"
Kinda... Slightly more helpful, but almost as vague. I'm advising against opting for solutions that are technically correct but would be more difficult for the average person to get right most of the time.
The OP's CAPTCHA as a case in point, it's frustrating for them because they're ostensibly asked to enter the characters that they see but there are several and the length of the string of characters is not known and some characters are hard to read and depending on how you interpret it you could be being asked to enter all these characters or you could look at them and say there's a background set and a foreground set in which case, which one is the correct one? That's at least 3 different ways to do it and that's assuming that what appears to us a representation of depth is indeed intended to be the basis of separation for 2 sets of characters and not some other arbitrary categorisation or no categorisation. Sounds complicated and ambiguous. Except, it's much harder to read the background set, and the idea that there would even be some other way of categorising, if it occurs to anyone at all would be impossible to work out since if it's there, it's not discernible. The easiest way is to just read the letters that aren't partially covered up and also smaller than the more obvious, easier to read, not occluded characters and disregard the ones behind it. What's easiest to do also most of the time turns out to have been the hidden instruction for what you were meant to do.
There's no explicit instruction to do this, it's wishy washy and hard to abstract for different CAPTCHAs which is why this advice doesn't look a whole lot better than "just guess right" but in a way that's kind of part of why they still have some effectiveness, they're unspoken rules that humans Intuit. Where some of us, like me before kinda "getting it", go wrong, is in overthinking and over analysing it. "but what if they mean this? I mean technically it could..." If you're thinking like that, odds are you're barking up the wrong tree and the solution is way less sophisticated.
Isn't anubis great? No captcha. Just wait like 15 seconds.