Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Microsoft's captcha is pretty hard
67 points by tester756 on Sept 5, 2022 | hide | past | favorite | 42 comments
I've just bought a game on steam and had to create MS account in order to play it

but holy shit, it's the first time I couldn't complete the captcha and I tried like 10 times

You gotta select square which contains to identical objects something like 5 to 15(!!!) times - the more you fail, the more challenges you have to do

Just take a look at those graphics

https://i.imgur.com/zOYqWGI.png

Some of them are easier and some waaaay harder




>the more you fail, the more challenges you have to do

I think that's actually a dark pattern. I was testing the captcha myself and noticed that at the beginning, it would show a progress bar with 5 segments, but after completing the third one, it would increase to 7 segments. I had a screen recording going so I know this is happening when I'm not making any errors. However, after looking at the screen recording more carefully, I noticed that the initial 5 segment progress bar didn't actually say there were only 5 puzzles. Only after completing the third puzzle (and the progress bar got more segments added) did it say "x out of 7" puzzles. My guess is that they do this to make the captcha seem less daunting and to decrease the abandonment rate, while simultaneously not technically lying.

screenshots demonstrating the above: https://i.imgur.com/a8RM4Ot.png

FWIW I got the captcha correct on the first try, after 7 puzzles total.


Yeesh, this looks like an accessibility issue on steroids. First time i've seen that kind of captcha, would give up in the first two.

I do fear we're headed in a direction where there'll be two false "choices" presented - either turn off all privacy improvements to browsers for vulnerable audiences (to make it easier to data mine and double dip from said paying audiences), or present these to the stubborn ones wanting to keep their privacy and hope that the friction will convert them back to the first batch.


I believe this is an Arkose Labs captcha for anyone wondering.

We are at a point where the gap between the capability of the most advanced vision models and the capability of even the slowest neurotypical person to solve a captcha in a reasonable amount of time is very small.

I recently encountered a dart board addition puzzle which was shockingly confusing and took me about 30 seconds to a minute to solve.


Have you considered that you may be a bot who is not yet self conscious


Why isn’t this considered discrimination against the visually impaired?


With some Captcha solutions I encountered, there is a button that instead lets you listen to a (noisy) sound clip of a string of characters being read aloud which you have to type back.


>With some Captcha solutions I encountered, there is a button that instead lets you listen to a (noisy) sound clip of a string of characters being read aloud which you have to type back.

there was this button, but it didnt work, but maybe that was because of my sound configuration or something? idk

games tend to steal sound device and the game was in the background


Which is like a plaintext equivalent, so if the clip is easier to guess spammers will just do that instead.


I'm not an expert of legalities around accessibility, but taking the ADA as an inspiration, IIRC the Captcha provider does not have to provide an accessible alternative that works equivalently, only one that allows the same outcome for users with accessibility needs.

(I've seen this explained based on accounts of a public library built in the US which had stairs, but no elevators, for a specific section - this was still ADA compliant as they had staff on hand to serve readers in that specific section)

So a 30s delay or whatever it takes to limit spammers is probably not entirely unthinkable.


If you’re going through the trouble of solving an audio captcha, a 30 second delay isn’t going to bother you.

Remember that the whole trick of a spammer is that you aren’t able to see that his many actions are coming from one source. Otherwise it would be trivial to block. So there’s not a lot stopping a spammer from running many 30 second delays in parallel.


> https://i.imgur.com/zOYqWGI.png

At least share the answer ?


I think those are 12 separtate "tests".

So for example in the first test (top left collection 3x2 of six total pictures), the second picture in the first row has what I'll call a squashed cup icon with whipped cream on top in two different orientations. So I'd click on that one.

The for the second test (second collection of 6 pictures in the top row), the very first picture has two icons of a "dollar bill" in two different orientations. So I'm assuming you'd select that one.

For the third test (third/final collection of 6 pictures in the top row) the second picture in the first row has two icons of a briefcase in two different orientations.

While I didn't complete all 12 "tests", each one I looked at seemd to have one of the 6 pictures having a duplicate icon.

But yes definitely harder than the: "Does this image have a cross walk?" Or "Does this image have a lamppost?" Which I assume are pretty easily ML solvable now.


Oh that makes a lot of sense now


I don't have, I've received newly generated puzzles in next rounds


https://www.reddit.com/r/softwaregore/comments/rtgrw8/micros...

they have had similarly insane captcha before for some reason


My advice is to create the account on a mobile phone or potentially with an emulator/browser emulation via inspect element. While I haven't tried the latter, the former worked on the first set of images - I didn't even have to go through five of them for one attempt. They were also in color, which helped expedite things even more.

Truly one of the worst implementations EVER on a major service, Arkose Labs deserves an unflattering spot in some sort of internet Hall of Shame.


4chan's new captcha is cute and easy to use. I don't think it'll be effective all that long tho.


Someone made a userscript that auto-solved it with like 80% accuracy on day-0.


Looks like the kind of thing a computer would be good at.. And something someone with any type of attention type problem will suck at (my brain just melted)


Hard captchas are becoming more and more common. This this case you just purchased a game so the captcha shouldn't be necessary.

I remember using Yandex set to English I would get cryillic captchas. I didn't know how to identify or enter these characters. Support told me that I had to switch from the .ru site (that all of the emails direct me to) to the .com site to get an English captcha.


> I've just bought a game on steam and had to create MS account in order to play it

This would be a hard no for me even before I got to the captcha.


What is this trying to solve? Not NLP, or image classification.

It is significantly harder than Rosetta Zoo [0] or similar projects.

[0] https://www.zooniverse.org/projects/ellenjj/rosetta-zoo/clas...


Is it worth leaving services like this? Seems like an indicator that whatever service I'm using has little respect for my time if they can't figure out a better way to keep the bots away. I have bank accounts that throw me a captcha even though I have MFA enabled and an extremely strong password. Seems like they are just being obtuse.


The fundamental problem is, that captchas need to be generated - what you would need is a captcha generator generator.

That way, a human could figure out how the specifically generated generator works within a certain amount of shots, before it changes to a different sample of captcha generator.


I think Robinhood has started requiring these on every single trade online. They also have one where you have to select the image where the dice in the picture add up to some number (it's really poorly worded though). They take forever. It basically has made me stop using their site.


> It basically has made me stop using their site.

The presence of a captcha at all makes me rethink whether or not I really need to access the site.

If I really need it, I'll do the captcha. If the captcha is too problematic, though, or if I have to do one more than once, then I'll skip the site entirely. I can't think of an online service I need so badly that I'll put up with that nonsense.


I was incredibly frustrated at this the other day. I spent about 30 minutes making an account for my work.


The two identical objects are not identical, but only similar.

E.g. middle column, second row image: I think the lower left square has two onigiri rice balls. Their shapes are not exactly the same, and they are black/white inverses.

No other square has a pair of objects which are similar to that extent.


this is called irony.. prove you're not a robot by performing these robotic tasks for us.


They need your feedback, ask for a refund and they will simplify the puzzle.


I'd like to issue a charge back.

Did you ask the vendor?

I tried, but I couldn't pass their captcha, so they refused to consider my request.

(Also, it is odd that they have paying customers pass a captcha. There are services that use humans to solve captchas for computers. They charge way less than the price of a video game per solution. Surely, a successful credit card transaction is a better "this is a human" signal than a captcha.)


Not in the age of scalper bots designed to buy the latest hot pair of sneakers, console, GPU etc. the second it goes on sale.


Looks like they really don't want any feedback to me.


seems almost like playing dobble

https://en.m.wikipedia.org/wiki/Dobble


Aoe?


[flagged]


hmm

I think older people / less tech-savy

I didn't want to bring attention to it because I can't play the game or something, but because I wonder whether anti-bot war isn't going into some crazy direction, whether they aren't too hard to solve for humans.

For example I don't really see my parents solving those and I swear they aren't robots.

Especially when the lose streak makes you have to complete 20(!) of them during a single attempt - https://i.imgur.com/ESQvRb8.png


> Especially when the lose streak makes you have to complete 20(!) of them during a single attempt

At a certain point the only ones willing to have their time disrespected that way will be the bots. Maybe their plan is to detect bots by annoying and driving away all the actual humans.


Hey, your thread was at the top of Ask HN, and it just disappeared a moment ago.


That does tend to happen to negative Microsoft stories/comments here.

Pet theory: Their employees or partner developers aren't quite as mellow as e.g. Googlers when it comes to allowing criticism on HN.

I think it's a weakness that HN allows this to happen by means of flagging.


Idk what happened, it disappeard from /news too

Maybe @dang knows


You could email the admin team hn@ycombinator.com


Step outside of your neurotypical, able-bodied bubble and you will find out who cares.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: