I have noticed that some CAPTCHA pages, like Cloudflare’s, simply ask you to check a box to proceed. There is no clicking on traffic lights or entering characters. How does clicking on a check box tell them I am not a robot?
I have noticed that some CAPTCHA pages, like Cloudflare’s, simply ask you to check a box to proceed. There is no clicking on traffic lights or entering characters. How does clicking on a check box tell them I am not a robot?
You passed the test before you clicked the checkbox. Your mouse movement, momentary pause, IP address, browsing history, etc, gave away that you’re a human.
Then why do we still need to click it, instead of just loading the page at once?
Because it measures how your mouse moves to the checkbox. If there was nothing to move to, you wouldn’t move your mouse.
I get the checkbox even on mobile sometimes, I imagine as long as you’re not perfectly hitting the center pixel it knows you’re human.
Yeah, that sounds reasonable. Touch input is reported similar to mouse input, so it would translate to a touch screen pretty well.
But that would be easy to program a bit for
I don’t think random websites get access to my browser history without me explicitly giving them permission.
They pretty much do if they’re run through something like Cloudflare or they use Google Analytics. That probably covers about 80% of websites. Not the website, but the company that’s running the Captcha.
Why do so many websites use cloudflare? Isn’t the Internet meant to be decentralised and resilient? It’s not so resilient if so much is dependent on the servers of one company.