You are viewing a single comment's thread.

view the rest of the comments →

0
2

[–] heygeorge 0 points 2 points (+2|-0) ago 

This would be a good time to list the safe captcha alternatives.

0
0

[–] butters4eva [S] 0 points 0 points (+0|-0) ago  (edited ago)

Things that use simple matching of bot illegible characters, using images of uniform data size, are safe if the answer is sent in a uniform data size.

You could narrow down the possible users using the time the packets were sent, but the amount of internet traffic passing through the ISPs would probably make that impossible. It is possible that the captcha servers could delay the loading of the captcha and use a statistically unlikely image data size, but in order for that data to be relevant they would have to have real time information on the entire internet to ensure their traffic was not sent at the precise time as other information of the same size. It would also be hindered possibly by VPNs that add superflous data, but I'm not sure that's a thing yet.

My understanding of how the internet works is actually pretty small. I was only made aware of Google's captcha tracking system by an insider who explained it roughly.

0
1

[–] heygeorge 0 points 1 points (+1|-0) ago 

My understanding of how the internet works is actually pretty small.

It’s a series of tubes!

Anyway, the captcha exploit as vaguely described still sounds like it would take a lot of effort and coordination between multiple corps.