The trolly problem as captcha. AI's literally cannot answer that.
this post was submitted on 26 Jun 2023
114 points (97.5% liked)
Asklemmy
44278 readers
791 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
It's not so important to tell the difference between a human and a bot as it is to tell the difference between a human and ten thousand bots. So add a very small cost to passing the test that is trivial to a human but would make mass abuse impractical. Like a million dollars. And then when a bot or two does get through anyway, who cares, you got a million dollars.
Yeah this seems to be the idea behind mCaptcha and other proof of work based solutions. I noticed the developers were working on adding that to Lemmy
Captcha or recaptcha is good enough imo, no point in reinventing the wheel. Alternatively, split instructions in an email and on the website. For ex: Send email with What is the square of 3 (sent as an image for every word) And on the website Email + 25 = xxxxx
load more comments
(6 replies)
Ask how much is 1 divided by 3; then ask to multiply this result by 6.
If the results looks like 1.99999999998 , it's 99.999999998% a bot.
I just tried this with snapchat bot and it relied 2
Damn! Now I'm wondering if I married a fellow human or a bot.
I'd ask for their cell number and send a verification code. That'll stop 95% of all duplicate accounts. Keep the hash of their phone number in a hash list, rather than the number itself. Don't allow signups from outside whatever region you can SMS for free.
I realize this would mean relying on an external protocol (SMS), but it might just keep the crap out. Would help for ban evasion too, at least within an instance.
No need to store the phone number hash at all. Discard it after the code is sent. What is the purpose of keeping the phone number hash?
It would set a higher bar for a bot, but SMS wouldn't stop them.
There are SMS providers that will happily spin you up a number with one API call, then return any messages sent to them.
The spam account could have a number, confirm the message, then delete the account faster than a human could solve a captcha.
Is this really true?
Twilio is the biggest sms back end and it's like $10 per number month or something.
$1.15/number/month, though that is still some cost.
You're right, the cost would make it a huge filter for spam. But you could conceivably have 1000 accounts on a verified server for just over a grand.
load more comments
(6 replies)