I don't know.. It seems stupid easy to me.
Try something like "Type the third and fifth letters of the word elephant into the box below" with instagram filter applied. A bunch of variations for the first part like "the following word" and "the word in parenthesis".
Basically, I can't think of a way to come up with something ez that defeats it. You would have to train a neural net specifically on these images because normally neural nets are bad at instagram filter removal unless trained on it. Plus you can slow down/ban/mess with requests based on cookies.
There are basically infinite solutions. Would take a couple of days to implement and would be really fun. I guarantee you: if your site gets maybe 30k visitors a week, nobody would bother spending a month cracking your captcha when there are much easier targets out there.
Finally, you can make it super annoying to actually find where the image is by converting to svg and messing with html structure/compose image in JS. Now they're going to be forced to run a headless browser, take screenshots of the captcha page and finding the image within the page.
If they take the pay-per-captcha approach, I don't think anti-captcha and the like would make it too ez. Still days of work to set up something really brittle.
> Try something like "Type the third and fifth letters of the word elephant into the box below" with instagram filter applied.
That was a common captcha technique a decade ago. It didn't last.
> Basically, I can't think of a way to come up with something ez that defeats it.
You're mistaking your inexperience with the field and its methods for difficulty in solutions.
> Finally, you can make it super annoying to actually find where the image is by converting to svg and messing with html structure/compose image in JS.
This isn't hard to defeat. SVG is really no harder than PNG or JPEG to deal with, and if you are programatically altering it, it's trivial to figure out the purpose of the JS and re-implement it, and pass in whatever randomized variables change it. Or just use node, and scrape it from the page and run it as delivered.
> Now they're going to be forced to run a headless browser, take screenshots of the captcha page and finding the image within the page.
That's trivial. Far more trivial now than it was in the past, actually. There's plenty of systems around to run headless browsers. Some are to ease testing for developers, some are specifically designed for and marketed to people that want to do things just like this. Worst case, you use electron and make your own browser to do it.
Basically, I can't think of a way to come up with something ez that defeats it. You would have to train a neural net specifically on these images because normally neural nets are bad at instagram filter removal unless trained on it. Plus you can slow down/ban/mess with requests based on cookies.
There are basically infinite solutions. Would take a couple of days to implement and would be really fun. I guarantee you: if your site gets maybe 30k visitors a week, nobody would bother spending a month cracking your captcha when there are much easier targets out there.
Finally, you can make it super annoying to actually find where the image is by converting to svg and messing with html structure/compose image in JS. Now they're going to be forced to run a headless browser, take screenshots of the captcha page and finding the image within the page.
If they take the pay-per-captcha approach, I don't think anti-captcha and the like would make it too ez. Still days of work to set up something really brittle.