On 8/22/2019 3:40 AM, Michael Hallager via mailop wrote:
How they do this - and I kidd you not - if they offer "data entry"
jobs to people in cheaper labour countries (the Philippines for
example) to manually get past CAPCHAS.
That is what many think is happening - and maybe that is happening in
some cases - but a couple of days ago I was on the phone talking with
the main deliverability person for a leading ESP - and she said that she
figured out that one of the main CAPTCHA services (Google's? - I forgot
which) - has a feature whereby if the client have javascript turned off,
then (a) the CAPTCHA stops even trying to work AND (b) the form STILL
works. She said that this is the DEFAULT setting, and you have to change
just one tiny setting to get it to NOT allow the form to work if
javascript is off. So when this is at its default setting, humans have
to fill out the CAPTCHA, but the CAPTCHA is 100% worthless against bots
that aren't using (or needing) javascript to submit the form.
While CAPTCHAs are beat by some "cheap labor" tactics - this
configuration might be the real problem the vast majority of the time -
but it is causing many to think that CAPTCHAs are being beat more often
than what is really happening.
This "no-javascript" loophole is HUGE!
NOTE: After I learn a little more about this, I'm going to repost this
as its own thread.
--
Rob McEwen
https://www.invaluement.com
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop