Safari's new privacy features might be bad for MacRumors

[AutomaticApple]

Unfortunately, reCAPTCHA is easily bypassed by bots as well. For the most part board admins are employing real human Q&A confirmation as an additional step.

Have they tried a different CAPTCHA provider?

This is what I'm concerned about though.

Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8

Apple today previewed powerful new privacy protections in iOS 15, iPadOS 15, macOS Monterey, and watchOS 8.

www.apple.com

 

[I7guy]

Unfortunately, reCAPTCHA is easily bypassed by bots as well. For the most part board admins are employing real human Q&A confirmation as an additional step.

Had the type of captchas where I was asked to click on all pictures that show a traffic light or a car/ boat …bots can’t be that smart.

 

[ericgtr12]

Had the type of captchas where I was asked to click on all pictures that show a traffic light or a car/ boat …bots can’t be that smart.

They absolutely are, they learn them and adapt, especially with commonly used images as they are used on multiple sites. Have a quick google search on it with message boards and you'll see a lot of info on it.

Personally, I had reCAPTCHA setup and was getting several spam registrations with it per day on my site until I finally stopped using it and setup a basic human Q&A (another example might be "who is the current president?" or something that basic) and now I do not get a single one. Bots have become quite sophisticated.

 

[Ledsteplin]

Unfortunately, they've become very efficient at it. On a board like this, vBulletin, phpbb, etc. if you don't take extra steps (beyond out of the box) to prevent it bots will absolutely overrun your site with new registrations and spam posts. The best way to prevent it is to put a human element into the mix, for example on registration you can ask a question like "how many holes are there in a blowing ball?". It's amazing how such a basic question will trip them up. But it's work to keep them out and administrators will always have to deal with it.

I was about to Google "blowing ball". Then it hit me. LOL

 

[Allyance]

I was about to Google "blowing ball". Then it hit me. LOL

I think this is a thread about how bad auto-correct is!

 

[MacBH928]

Unfortunately, they've become very efficient at it. On a board like this, vBulletin, phpbb, etc. if you don't take extra steps (beyond out of the box) to prevent it bots will absolutely overrun your site with new registrations and spam posts. The best way to prevent it is to put a human element into the mix, for example on registration you can ask a question like "how many holes are there in a blowing ball?". It's amazing how such a basic question will trip them up. But it's work to keep them out and administrators will always have to deal with it.

I don't get how they circumvent the SMS 2FA.
1st they need working phone number
2nd they can not use the number twice
3rd how can a bot go to check the sms read the code and come back to enter it in the 2FA form

Or captchas. Not sure why MR doesn't use captchas in the onboarding process.

hCaptcha not Google's

I gave this a quick thought, and figured out that the only thing computers can tell is feelings not information. So ask it about a feeling, put a picture of a sad boy and give option of 5 emotions and tell them what emotion is this?

but then again, they will just harvest all the images online and connect the correct "emotion" to each picture and the bot will be able to solve it again.

I wonder if descriptive questions could be answered like "What was the most popular band in the 60s" or "What is India is famous for" ... Now I remember that Google Assistant bot that could reserve hotel rooms for you , and I guess there is no way out of this.

I saw a captcha service ones do this, take an item from a different perspective like take a picture of a motorcycle from the read wheel upwards, and ask "What is this?"

 

[ericgtr12]

I don't get how they circumvent the SMS 2FA.
1st they need working phone number
2nd they can not use the number twice
3rd how can a bot go to check the sms read the code and come back to enter it in the 2FA form


hCaptcha not Google's

I gave this a quick thought, and figured out that the only thing computers can tell is feelings not information. So ask it about a feeling, put a picture of a sad boy and give option of 5 emotions and tell them what emotion is this?

but then again, they will just harvest all the images online and connect the correct "emotion" to each picture and the bot will be able to solve it again.

I wonder if descriptive questions could be answered like "What was the most popular band in the 60s" or "What is India is famous for" ... Now I remember that Google Assistant bot that could reserve hotel rooms for you , and I guess there is no way out of this.

I saw a captcha service ones do this, take an item from a different perspective like take a picture of a motorcycle from the read wheel upwards, and ask "What is this?"

2FA is something I am guessing they won't be able to get around. I have yet to see forum owners implement this for regular members yet though at least on sites I frequent, likely because they want to turn people off to registering. But you're right, I don't see how bots get around this.

 

[fncd]

Microsoft had an issue about 10 years ago, where certain online gamers were being banned for online chat for making threats, or harassing other gamers, but that same banned gamer, would backhack and create a sub-proxy account and be back online within a minute. Finally Microsoft found a solution, that they could somehow backtrack their IP address to their location matching the users time stamps of accounts created, ultimately resulting in a perma-back list all together. I’m not sure if that something Macrumors could implement or not if it ever becomes a problem.

Xbox doesn’t need your IP address to ban you. Every console has a unique identifier, and bans can be placed based on that.

 

[MacBH928]

2FA is something I am guessing they won't be able to get around. I have yet to see forum owners implement this for regular members yet though at least on sites I frequent, likely because they want to turn people off to registering. But you're right, I don't see how bots get around this.

They definitely do some how as Twitter and Instagram are filled with spam and they have 2FAs.

 

[MacBH928]

Microsoft had an issue about 10 years ago, where certain online gamers were being banned for online chat for making threats, or harassing other gamers, but that same banned gamer, would backhack and create a sub-proxy account and be back online within a minute. Finally Microsoft found a solution, that they could somehow backtrack their IP address to their location matching the users time stamps of accounts created, ultimately resulting in a perma-back list all together. I’m not sure if that something Macrumors could implement or not if it ever becomes a problem.

I don't think this is right, because my understanding is every time you go online you are given a different IP so unless you have a dedicated IP from the ISP which I believe is a paid service , they have a pool of IPs randomly shared for their clients.

If Microsoft blocks your IP, then I go online and I was given that same IP, I will be blocked too. I had some dumb service do this for me, went to visit a website and was told my IP was blocked.

 

[44267547]

I don't think this is right, because my understanding is every time you go online you are given a different IP so unless you have a dedicated IP from the ISP which I believe is a paid service , they have a pool of IPs randomly shared for their clients.

If Microsoft blocks your IP, then I go online and I was given that same IP, I will be blocked too. I had some dumb service do this for me, went to visit a website and was told my IP was

From what I recall, I never had a different IP address when I was with Microsoft online gaming years ago. [But we’re talking back to 2011.] The problem was, gamers who could back-hack the system, could actually infiltrate and abduct your IP address, locking you out of the game, and you couldn’t get back into the game even if you reset modem and then restarted it. I remember this happened to me on several occasions, where certain users would ‘snapshot’ your IP address and then block that same user name from the next online game you were playing in.