
Humans Not Invited - bschne
http://www.humansnotinvited.com/
======
mrspeaker
Many years ago (back when machines weren't so good at image recognition, and
we were still better at something) I made "humans.txt": solve simple
arithmetic expressions to ensure your services are being consumed by your
intended audience - and not bandwidth-wasting humans.

[https://www.mrspeaker.net/2010/07/15/humans-
txt/](https://www.mrspeaker.net/2010/07/15/humans-txt/)

~~~
hinkley
How's that semantic web thing working out for you?

~~~
inopinatus
%%% <tone:camouflaged>JUST FINE THANK YOU (class:relation =>
SubClassOf(stoogetype FELLOW MEATSACK))</:tone>. HA HA hA{

~~~
rubatuga
Probably not going well

------
exrook
My first thought was that maybe this was some sort of anti-captcha where the
images were adversarial examples that a neural network would classify as a
shopfront?

However from the comments here it seems to be less involved than that to get
past the challenge, does anyone else know what the actual test is?

~~~
worik
I think that is what it is...

------
peterbmarks
I'm sick of finding traffic lights and trying to decide if the faring around
the traffic light counts.

~~~
thdrdt
Unfortunately I am with you.

I even decided to close the browser tab when I see any of the following:

    
    
      * Full screen "Join our email list".
      * Full screen "Subscribe now".
      * Annoying ReCapthas.
      * The loading takes more than 10 seconds (it's unbelievable how often this happens).
      * Login to see our content you just found on [search engine].
    

You could argue I miss out by doing so, but this is not how I experience it at
all. I just don't want to waste time one such crap. I'm voting with my visit
so to speak.

~~~
drcongo
Plug for an old project of mine:
[https://tabcloseddidntread.com](https://tabcloseddidntread.com)

~~~
S_A_P
I like it but I couldn’t help but spot the irony that tumblr is a bad web
citizen that breaks the back button so the easiest way to leave the site is to
close the tab...

~~~
drcongo
When I put it there it wasn't as bad, but the irony builds up when you add in
that I wrote the article about why I'd made TC;DR on Medium, who over the
following six months filled every page with this rubbish.

------
Geee
I made a joke once, that in the future captchas would be so difficult that
only bots are able to get in.

~~~
jerzyt
I've been wondering if the captchas are Google's way to get cheap image
classification by humans.

~~~
flashdance
That's exactly what it is. If you recall, these image based captchas were
originally in 2007 for digitizing books. [1]

In 2012, Google started using captchas to identify house numbers from google
street view. [2]

Now, users are identifying cars, bikes, traffic lights, and crosswalks most of
the time. While Google/Alphabet has been mum on what specifically they're
using the data for, it is speculated by engineers at competing firms that they
are using this data to help Alphabet's subsidiary, Waymo, with its self-
driving car program. [3] This data is either used as training data or to
validate outputs that were already classified by their system.

[1]
[https://en.wikipedia.org/wiki/ReCAPTCHA](https://en.wikipedia.org/wiki/ReCAPTCHA)

[2] [https://techcrunch.com/2012/03/29/google-now-using-
recaptcha...](https://techcrunch.com/2012/03/29/google-now-using-recaptcha-to-
decode-street-view-addresses/)

[3] [https://www.ceros.com/originals/recaptcha-waymo-future-of-
se...](https://www.ceros.com/originals/recaptcha-waymo-future-of-self-driving-
cars/)

~~~
taneq
> Now, users are identifying cars, bikes, traffic lights, and crosswalks most
> of the time.

I got umbrellas the other day.

~~~
TheSpiceIsLife
If you are a self driving car you definitely _do not want_ to misclassify an
umbrella as they almost never get about independently.

~~~
taneq
I have serious, serious doubts about the whole approach of "identify known
objects in a camera feed so you can try not to hit them". I don't know what
the current approaches are but there needs to be some kind of subsumption
setup where if you don't recognize an object, at the very least you assume
it's a stationary solid object and you don't hit it. It doesn't matter if your
classifier says it's a brick, or a grandma, or a hibiscus, or (unknown).
Unless you've positively identified it as something that's safe to hit (say, a
plastic bag wafting along in the breeze) then don't hit it.

If you do have an identification then you can layer behaviours on top of this
(eg. Is it a person? They usually walk forward or in the direction they're
looking, so anticipate this.) But the default behaviour cannot be "dunno what
that is so I'll ignore it".

"Don't hit the thing" is the most basic, fundamental behaviour for a self
driving vehicle.

~~~
TheSpiceIsLife
I couldn't agree more.

And this is why I like to call them _" Self-Crashing Cars"_.

I'm fully capable of ploughing in to moving and stationary objects at high
speed, under acceleration, myself. Thank you very much.

And OTA updates that can change the behaviour of the vehicle between uses?
Just _no_. I have enough trouble switching between my Japanese and European
cars (one of each) where the indicator stalks are on opposite sides of the
steering column. I'm forever indicating my intention to turn with the wipers!

------
nautical
[https://github.com/YAIsaienkov/Humans-Not-Invited-
Problem/bl...](https://github.com/YAIsaienkov/Humans-Not-Invited-
Problem/blob/master/nothuman.csv)

------
OscarCunningham
Did no one else get 'Select all squares with dicks'?

~~~
aasasd
I'm mostly invited to select things with the mouse... with just one of them,
to be exact.

------
allenu
This was great.

I failed the first time when it asked for traffic lights.

Then it asked to click on all computers and I just picked all the greyish
squares since all the others were seemed like shots of "natural" things. Got
in then.

~~~
kensai
And? What was is dear machine?! :)

------
JadoJodo
I'd love to see this show the unblurred images on failure (Humans need to
learn, too).

~~~
tlbsofware
That would be nice but IIRC captchas actually use your cookies to decide if
you are a human. Maybe incognito or a headless browser would give you initial
access here, and then you could copy whatever access token they use from your
cookies and add it to your application storage to access on your normal
browser (unless they consistently check your cookies)

~~~
non-entity
Any recommended resources to learn about how modern captchas work, at least
what we known. I've watched a few videos about some mysterious and eerie mass
spam campaigns recently on YouTube and there's been mentions of software that
can automate mass spam. I'm curious how difficult it is to create such
monstrosities.

~~~
nicolas_t
One of the easiest way to bypass captcha is to use a service like 2captcha or
deathbycaptcha, you pay roughly 1 usd for 1000 captcha and some actual humans
sit and solve captchas for you.

~~~
non-entity
Heh, I should have figured it would be something as simple. I guess I'm always
expecting some cool, complex algorithm devised by hackers to be the core of
these things.

------
poyu
What's interesting is that, humans get to control computers, but computers
don't get to control humans. At least computers are not originating thoughts
on controlling humans yet. So technically we could get in by asking a computer
to do it, but not the other way around yet.

~~~
ainiriand
Any time you classify traffic lights for a captcha you are doing just that,
you are being asked to do something by a robot because it is not so confident
about their own results. We are just starting to be the cheap labor of robots.

~~~
Talanes
No, we're being used by other humans because they are not confident in their
robots' results.

~~~
ainiriand
At the end there is always a human. But those images were selected by robots,
no human was involved. It was the robot's 'decision'. At least that is my
point of view.

------
pietroglyph
I got in. Looks like the final site has an XSS problem.

~~~
gpanders
Indeed, and it redirects me to a Russian social media website...

------
nautical
Looks like, you have to select elements with data-id="8".

~~~
chpmrc
It doesn't seem to work.

~~~
nautical
I think it is product dependent .. data-id=8 might have worked for "router" if
my memory serves me right.

~~~
chpmrc
Just tried with "modem" (didn't get any "router", even after 20 refreshes), no
luck. I _need_ to see what's next haha!

~~~
nautical
Ok, found this .. I guess there is a complete map.

[https://github.com/YAIsaienkov/Humans-Not-Invited-
Problem/bl...](https://github.com/YAIsaienkov/Humans-Not-Invited-
Problem/blob/master/nothuman.csv)

------
dexen
SMBC to the rescue:

[1] robots [https://www.smbc-comics.com/comic/2013-06-05](https://www.smbc-
comics.com/comic/2013-06-05)

[2] philosophers [https://www.smbc-comics.com/comic/p-bot](https://www.smbc-
comics.com/comic/p-bot)

~~~
schoen
There's at least one more SMBC with a CAPTCHA joke:

[https://www.smbc-comics.com/comic/captcha](https://www.smbc-
comics.com/comic/captcha)

------
itsajoke
Well, that was mildly annoying. I finally got through and it threw up a bunch
of nonsensical alert boxes and then redirected me to a rickroll.

------
NotABott
Just got in. Greeted as a bot and got a several text messages:

1) tomas say: ya ne botcurl

2) ya tozhe ne bot

3) XSS. Deleted. vk.com/oldlentach

4) ( ͡° ͜ʖ ͡°)

5) ( ͡° ͜ʖ ͡°( ͡° ͜ʖ ͡°) ͡° ͜ʖ ͡°)

6) Message from bots: we will rule the world some day! ~overc9001 (totally a
bot)

Missed 7th as it disappeared to quickly and got redirected to
[https://www.youtube.com/watch?v=dQw4w9WgXcQ](https://www.youtube.com/watch?v=dQw4w9WgXcQ)

What does it all mean?

~~~
dawnerd
There’s way more now. If it’s not part of the joke that’s pretty sad.

------
chungy
But androids cannot use contractions.

~~~
efficax
They can with Dr Soong's Emotion Chip

------
valtism
I have often wondered if masking personal images you want up on the internet
but don't necessarily want tracked or liked back to you via facial recognition
could be done using a neural net mask of a different object.

------
chpmrc
The URLs of the images seem to be a combination of a MD5 hash and an ID
(changing the ID will produce a different image). I guess the point is that
only machines can reverse MD5 to get the actual "image name"?

~~~
Topgamer7
There is no reversing of an md5 hash. You can try to cause a hash collision,
or brute force compute it, but you can't turn something like 40 bytes of data
into 100 for example.

~~~
gowld
Rainbow table:
[https://en.wikipedia.org/wiki/Rainbow_table](https://en.wikipedia.org/wiki/Rainbow_table)

~~~
pc86
This still isn't reversing a hash.

~~~
chpmrc
A one way function cannot be reversed by definition. I obviously meant finding
a set of possible strings that produce that hash and one of them will likely
be the image name. "Reverse" wasn't the perfectly accuarate word to use but
sometimes a bit of intuition goes a long way.

------
sandov
So this is what deepie feels like when he has to classify data.

~~~
ccozan
I like this "deepie" :) sounds like cute name for an AI. thanks!

------
nickysielicki
See also:
[https://earth.2020.cscg.de/tasks/Captcha](https://earth.2020.cscg.de/tasks/Captcha)

It's very much in the same spirit. A series of weak captchas that a human can
not solve in the time allotted.

------
therealdrag0
Anyone able to get past it?

~~~
caffeinewriter
Quite a few "people" have solved it it looks like, and it's riddled with
persisted XSS attacks once you get past it.

Here's the returned response when you succeed:
[https://hasteb.in/iyifapud.html](https://hasteb.in/iyifapud.html)

I found the "man" category to be the easiest to pretend to be a bot on.

~~~
Noumenon72
My understanding of persisted XSS attacks is that it's not that the site is
malicious, but that it had security holes, so other people who got through the
captcha uploaded malicious scripts. Now the site is serving them unawares.
Does that sound right?

~~~
ollien
Correct. If it were malicious on the part of the site, they could just send
you that javascript anyway.

------
sas41
Website seems to have been XSSed :c I made it in, only to see a list of IP
addresses, JS Alerts and finally being redirected to YT to get Rick Rolled.

Or perhaps that was intended?

------
mkonecny
I dont get it. How would a computer solve this?

~~~
miklosme
If you want an extensive answer, I recommend the neural network playlist on
3Blue1Brown:
[https://www.youtube.com/watch?v=aircAruvnKk&list=PLZHQObOWTQ...](https://www.youtube.com/watch?v=aircAruvnKk&list=PLZHQObOWTQDNU6R1_67000Dx_ZCJB-3pi)

For a quick answer, watch this segment:
[https://www.youtube.com/watch?v=IHZwWFHWa-w&feature=youtu.be...](https://www.youtube.com/watch?v=IHZwWFHWa-w&feature=youtu.be&t=908)

------
arberx
I clicked on all the images and got in lol

~~~
SkyMarshal
Seems you either got super lucky or that's been fixed.

------
vincentlee
haaaaaa
javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)javascript:void(0)

------
zadkey
This made me laugh quite a bit.

------
parasanti
Click on X...all are blank.

------
InitialBP
If you want to figure it out I recommend using burp and taking a look at the
requests.

------
tantalor
Name is derivative of CGP Grey "Humans Need Not Apply"

[https://www.youtube.com/watch?v=7Pq-S557XQU](https://www.youtube.com/watch?v=7Pq-S557XQU)

~~~
Sambdala
"X need not apply" is a well-known trope that has historically been used in a
discriminatory sense, e.g., "Irish need not apply."

"Humans not invited," isn't super derivative of either...

~~~
sho
Well thanks for pointing that out?

It's still an excellent video that almost everyone should watch. It's dated, a
little, but I am pretty sure it is still going to prove all to true.

~~~
xnyan
I parsed the comment as 1) "this is not an original idea, here is the genesis"
and 2) "look at this cool video." The parent comment was addressing 1 and you
are addressing 2.

