The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?

That’s hardly the Turing Test I’d expected.

  • Platypus@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    It tests whether your mouse movement looks human–we’re really bad at things like moving in straight lines, so it’s pretty evident from a mouse movement log whether you’re a human or a simple bot. It also takes a bunch of auxiliary browser/environment data into account. It’s not perfect, but it’s complicated enough to defeat to provide fine protection against cheap spam.

    • Melatonin@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      Interesting that my mouse movement is available to anyone who wants it.

      It seems like a small step from that to accessing my keyboard.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        They can only access it while you’re focused on their webpage. CORS is all about that.

        If you click off to another web page and enter information or type of password into a secondary app they can’t gather that. As soon as they lose focus they lose the ability to capture your data.

        • Septimaeus@infosec.pub
          link
          fedilink
          arrow-up
          0
          ·
          4 months ago

          Nbd, but it sounds like you’re talking about encapsulation of event capture (viewport stops receiving events after losing focus).

          CORS is a protocol for client-side enforcement of a server-side security policy. It ensures that a resource request (e.g. “my-totally-safe-resource.wasm”) only loads from a location your server permits (e.g. “my-valid-origin.biz”, “friends-valid-origin.org”, etc).