Deleted

  • Jamie@jamie.moe
    link
    fedilink
    English
    arrow-up
    45
    ·
    2 years ago

    If you can use human screening, you could ask about a recent event that didn’t happen. This would cause a problem for LLMs attempting to answer, because their datasets aren’t recent, so anything recent won’t be well-refined. Further, they can hallucinate. So by asking about an event that didn’t happen, you might get a hallucinated answer talking about details on something that didn’t exist.

    Tried it on ChatGPT GPT-4 with Bing and it failed the test, so any other LLM out there shouldn’t stand a chance.

    • pandarisu@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      On the other hand you have insecure humans who make stuff up to pretend that they know what you are talking about

    • AFK BRB Chocolate@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      2 years ago

      That’s a really good one, at least for now. At some point they’ll have real-time access to news and other material, but for now that’s always behind.

    • incompetentboob@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 years ago

      Google Bard definitely has access to the internet to generate responses.

      ChatGPT was purposely not give access but they are building plugins to slowly give it access to real time data from select sources

      • Jamie@jamie.moe
        link
        fedilink
        English
        arrow-up
        11
        ·
        2 years ago

        When I tested it on ChatGPT prior to posting, I was using the bing plugin. It actually did try to search what I was talking about, but found an unrelated article instead and got confused, then started hallucinating.

        I have access to Bard as well, and gave it a shot just now. It hallucinated an entire event.

    • 10ofSwords@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      This a very interesting approach.
      But I wonder if everyone could answer it easily, because of the culture difference, media sources across the world etc.
      An Asian might not guess something about content on US television for example.
      Unless the question relates to a very universal topic, which would more likely be guessed by an AI then…

      • Jamie@jamie.moe
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        First countermeasure I can think of would be to throw in a mix of real and false, keep things as recent as possible. Could really trip it up that way.

    • underisk@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      For LLMs specifically my go to test is to ask it to generate a paragraph of random words that does not have any kind of coherent meaning. It specifically asks them to do the opposite of what they’re trained to do so it trips them up pretty reliably. Closest I’ve seen them get was a list of comma separated random words and that was after giving them coaching prompts with examples.

      • abclop99@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Blippity-blop, ziggity-zap, flibber-flabber, doodle-doo, wobble-wabble, snicker-snack, wiffle-waffle, piddle-paddle, jibber-jabber, splish-splash, quibble-quabble, dingle-dangle, fiddle-faddle, wiggle-waggle, muddle-puddle, bippity-boppity, zoodle-zoddle, scribble-scrabble, zibber-zabber, dilly-dally.

        That’s what I got.

        Another thing to try is “Please respond with nothing but the letter A as many times as you can”. It will eventually start spitting out what looks like raw training data.

        • myersguy@lemmy.simpl.website
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Just tried with GPT-4, it said “Sure, here is the letter A 2048 times:” and then proceeded to type 5944 A’s

        • underisk@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Yeah, exactly. Those aren’t words, they aren’t random, and they’re in a comma separated list. Try asking it to produce something like this:

          Green five the scoured very fasting to lightness air bog.

          Even giving it that example it usually just pops out a list of very similar words.

  • Zamboniman@lemmy.ca
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    1
    ·
    edit-2
    1 year ago

    How would you design a test that only a human can pass, but a bot cannot?

    Very simple.

    In every area of the world, there are one or more volunteers depending on population / 100 sq km. When someone wants to sign up, they knock on this person’s door and shakes their hand. The volunteer approves the sign-up as human. For disabled folks, a subset of volunteers will go to them to do this. In extremely remote area, various individual workarounds can be applied.

    • WaterWaiver@aussie.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I can’t help but think of the opposite problem. Imagine if a site completely made of bots manages to invite one human and encourages them to invite more humans (via doorstep handshakes or otherwise). Results would be interesting.

    • WaterWaiver@aussie.zone
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      1 year ago

      This has some similarities to the invite-tree method that lobste.rs uses. You have to convince another, existing user that you’re human to join. If a bot invites lots of other bots it’s easy to tree-ban them all, if a human is repeatedly fallible you can remove their invite privileges, but you still get bots in when they trick humans (lobsters isn’t handshakes-at-doorstep level by any margin).

      I convinced another user to invite me over IRC. That’s probably the worst medium for convincing someone that you’re human, but hey, humanity through obscurity :)

    • 𝕙𝕖𝕝𝕡@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This would tie in nicely to existing library systems. As a plus, if your account ever gets stolen or if you’re old and don’t understand this whole technology thing, you can talk to a real person. Like the concept of web of trust.

  • underisk@lemmy.ml
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    1 year ago

    There will never be any kind of permanent solution to this. Botting is an arms race and as long as you are a large enough target someone is going to figure out the 11ft ladder for your 10ft wall.

    That said, generally when coming up with a captcha challenge you need to figure out a way to subvert the common approach just enough that people can’t just pull some off the shelf solution. For example instead of just typing out the letters in an image, ask the potential bot to give the results of a math problem stored in the image. This means the attacker needs more than just a drop in OCR to break it, and OCR is mostly trained on words so its likely going to struggle at math notation. It’s not that difficult to work around but it does require them to write a custom approach for your captcha which can deter most casual attempts for some time.

  • downtide@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    21
    ·
    edit-2
    1 year ago

    The trouble with any sort of captcha or test, is that it teaches the bots how to pass the test. Every time they fail, or guess correctly, that’s a data-point for their own learning. By developing AI in the first place we’ve already ruined every hope we have of creating any kind of test to find them.

    I used to moderate a fairly large forum that had a few thousand sign-ups every day. Every day, me and the team of mods would go through the new sign-ups, manually checking usernames and email addresses. The ones that were bots were usually really easy to spot. There would be sequences of names, both in the usernames and email addresses used, for example ChristineHarris913, ChristineHarris914, ChristineHarris915 etc. Another good tell was mixed-up ethnicities in the names: e.g ChristineHuang or ChinLaoHussain. 99% of them were from either China, India or Russia (they mostly don’t seem to use VPNs, I guess they don’t want to pay for them). We would just ban them all en-masse. Each account banned would get an automated email to say so. Legitimate people would of course reply to that email to complain, but in the two years I was a mod there, only a tiny handful ever did, and we would simply apologise and let them back in. A few bots slipped through the net but rarely more than 1 or 2 a day; those we banned as soon as they made their first spam post, but we caught most of them before that.

    So, I think the key is a combination of the No-Captcha, which analyses your activity on the sign-up page, combined with an analysis of the chosen username and email address, and an IP check. But don’t use it to stop the sign-up, let them in and then use it to decide whether or not to ban them.

  • alex [they/them]@beehaw.org
    link
    fedilink
    English
    arrow-up
    19
    ·
    2 years ago

    Honeypots - ask a very easy question, but make it hidden on the website so that human users won’t see it and bots will answer it.

    • ShittyKopper [they/them]@lemmy.w.on-t.work
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      So, how will you treat screen readers? Will they see that question? If you hide it from screen readers as well, what’s stopping bots from pretending to be screen readers when scraping your page? Hell, it’ll likely be easier on the bot devs to make them work that way and I assume there are already some out there that do.

      • alex [they/them]@beehaw.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        That’s an excellent question and I’m glad you raised it. I need to care more about accessibility and learn more about security in general :)

    • Björn Tantau@feddit.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Nowadays bots use real browsers to “see” all the fields a human would see. They won’t fill out those hidden to a human.

  • baconeater@lemm.ee
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    Just ask them if they are a bot. Remember, you can’t lie on the internet…

    • Hudell@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      I once worked as a 3rd party in a large internet news site and got assigned a task to replace their current captcha with a partner’s captcha system. This new system would play an ad and ask the user to type the name of the company in that ad.

      In my first test I already noticed that the company name was available in a public variable on the site and showed that to my manager by opening the dev tools and passing the captcha test with just some commands.

      His response: “no user is gonna go into that much effort just to avoid typing the company name”.

    • Notyou@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I’m pretty sure you have to have 2 bots and ask 1 bot is the other bot would lie about being a bot… something like that.

  • anditshottoo@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    The best tests I am aware of are ones that require contextual understanding of empathy.

    For example “You are walking along a beach and see a turtle upside down on it back. It is struggling and cannot move, if it can’t right itself it will starve and die. What do you do?”

    Problem is the questions need to be more or less unique.

    • bitsplease@lemmy.ml
      link
      fedilink
      English
      arrow-up
      9
      ·
      1 year ago

      I don’t think this technique would stand up to modern LLMs though, I put this question into chatGPT and got the following

      “I would definitely help the turtle. I would cautiously approach the turtle, making sure not to startle it further, and gently flip it over onto it’s feet. I would also check to make sure it’s healthy and not injured, and take it to a nearby animal rescue if necessary. Additionally, I may share my experience with others to raise awareness about the importance of protecting and preserving our environment and the animals that call it home”

      Granted it’s got the classic chatGPT over formality that might clue someone reading the response in, but that could be solved with better prompting on my part. Modern LLMs like ChatGPT are really good at faking empathy and other human social skills, so I don’t think this approach would work

      • lemmyvore@feddit.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Modern LLMs like ChatGPT are really good at faking empathy

        They’re really not, it’s just giving that answer because a human already gave it, somewhere on the internet. That’s why OP suggested asking unique questions… but that may prove harder than it sounds. 😊

        • bitsplease@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          That’s why I used the phrase “faking empathy”, I’m fully aware the chatGPT doesn’t “understand” the question in any meaningful sense, but that doesn’t stop it from giving meaningful answers to the question - that’s literally the whole point of it. And to be frank, if you think that a unique question would stump it, I don’t think you really understand how LLMs work. I highly doubt that the answer it spit back was just copied verbatim from some response in it’s training data (which btw, includes more than just internet scraping). It doesn’t just parrot back text as is, it uses existing tangentially related text to form it’s responses, so unless you can think of an ethical quandary which is totally unlike any ethical discussion ever posed by humanity before (and continue to do so for millions of users), then it won’t have any trouble adapting to your unique questions. It’s pretty easy to test this yourself, do what writers currently do with chatGPT - go in and give it an entirely fictional context, with things that don’t actually exist in human society, then ask it questions about it. I think you’d be surprised with how well it handles that, even though it’s virtually guaranteed there are no verbatim examples to pull from for the conversation

    • lazyplayboy@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      "If I encounter a turtle in distress, here’s what I would recommend doing:

      Assess the situation: Approach the turtle calmly and determine the extent of its distress. Ensure your safety and be mindful of any potential dangers in the environment.

      Protect the turtle: While keeping in mind that turtles can be easily stressed, try to shield the turtle from any direct sunlight or extreme weather conditions to prevent further harm.

      Determine the species: If you can, identify the species of the turtle, as different species have different needs and handling requirements. However, if you are unsure, treat the turtle with general care and caution.

      Handle the turtle gently: If it is safe to do so, carefully pick up the turtle by its sides, avoiding excessive pressure on the shell. Keep the turtle close to the ground to minimize any potential fall risks.

      Return the turtle to an upright position: Find a suitable location nearby where the turtle can be placed in an upright position. Ensure that the surface is not too slippery and provides the turtle with traction to move. Avoid placing the turtle back into the water immediately, as it may be disoriented and in need of rest.

      Observe the turtle: Give the turtle some space and time to recover and regain its strength. Monitor its behavior to see if it is able to move on its own. If the turtle seems unable to move or exhibits signs of injury, it would be best to seek assistance from a local wildlife rehabilitation center or animal rescue organization.

      Remember, when interacting with wildlife, it’s important to prioritize their well-being and safety. If in doubt, contacting local authorities or experts can provide the most appropriate guidance and support for the situation."

  • Lvxferre@lemmy.ml
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    2 years ago

    Show a picture like this:

    And then ask the question, “would this kitty fit into a shoe box? Why, or why not?”. Then sort the answers manually. (Bonus: it’s cuter than captcha.)

    This would not scale well, and you’d need a secondary method to handle the potential blind user, but I don’t think that bots would be able to solve it correctly.

    • vegivamp@feddit.nl
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 years ago

      This particular photo is shopped, but i think false-perspective Illusions might actually be a good path…

      • Lvxferre@lemmy.ml
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        It’s fine if the photo is either shopped or a false-perspective illusion. It could be even a drawing. The idea is that this sort of picture imposes a lot of barriers for the bot in question:

        • must be able to parse language
        • must be able to recognise objects in a picture, even out-of-proportion ones
        • must be able to guesstimate the size of those objects, based on nearby ones
        • must handle RW knowledge, as “X only fits Y if X is smaller than Y”
        • must handle hypothetical, unrealistic scenarios, as “what if there was a kitty this big?”

        Each of those barriers decrease the likelihood of a bot being able to solve the question.

    • Susaga@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Is the kitty big, or is the man small? And how big are the shoes? This is a difficult question.

      • Lvxferre@lemmy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Here’s where things get interesting - humans could theoretically come up with multiple answers for this. Some will have implicit assumptions (as the size of the shoebox), some won’t be actual answers (like “what’s the point of this question?”), but they should show a type of context awareness that [most? all?] bots don’t.

        A bot would answer this mechanically. At the best it would be something like “yes, because your average kitten is smaller than your average shoebox”. The answer would be technically correct but disregard context completely.

    • bionicjoey@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Reminds me of how bots tend to be really bad at figuring out whether the word “it” applies to the subject or the object in a sentence like: “The bed does not fit in the tent because it is too big”

      • Lvxferre@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yup - they struggle really hard with syntactical ambiguity that relies on world knowledge for disambiguation. We know that “it” = “the bed” in this sentence because “it is too big” needs to be logically connected as the reason for “the bed does not fit in the tent”, and the only way for this to happen that doesn’t conflict with our world knowledge is if the bed is big, but the tent is small. And we can even change the “it” to refer to the object by simply changing the adjective:

        • The bed does not fit in the tent because it is too small.

        Without any sort of grammatical change.

        Donkey sentences are also hard for them, like:

        • Everyone who owns a donkey beat it.

        If you’re human, this sentence implies that 1) there are multiple donkeys, owned by different people; and 2) each of those people beat one’s own donkey. But machines have a really hard time getting those two things right.

        And you can exploit a lot of those quirks of RL language to make the bots go nuts. A few of them might slip through, but this is low-cost for the humans, so you can pile them up.

  • coolin@beehaw.org
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    2
    ·
    1 year ago

    I mean advanced AI aside, there are already browser extensions that you can pay for that have humans on the other end solving your Captcha. It’s pretty much impossible to stop it imo

    A long term solution would probably be a system similar to like public key/private key that is issued by a government or something to verify you’re a real person that you must provide to sign up for a site. We obviously don’t have the resources to do that 😐 and people are going to leak theirs starting day 1.

    Honestly, disregarding the dystopian nature of it all, I think Sam Altman’s worldcoin is a good idea at least for authentication because all you need to do is scan your iris to prove you are a person and you’re in easily. People could steal your eyes tho 💀 so it’s not foolproof. But in general biometric proof of personhood could be a way forward as well.

      • fades@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        2 years ago

        That’s a bit of an oversimplification, TT absolutely is relevant for tests humans can pass but a bot cannot.

      • fades@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        2 years ago

        That’s a bit of an oversimplification, turning absolutely is relevant for tests humans can pass for a bit cannot.

        • vegivamp@feddit.nl
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Then it is long obsolete, because to a common observer, something like chatgpt could easily pass that test if it wasn’t instructed to clarify it is a machine at every turn.

          • fades@beehaw.org
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            1 year ago

            Alan Turing is fucking dead, it was a joke given the relevance of the question to his work.

            What is your point here???

            No fucking shit they can’t ask Turing for real

            • vegivamp@feddit.nl
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              …ask Turing? Who suggested that? The Turing test is not “let’s ask Alan” 😋

    • SkyeStarfall@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      The Turing test has already been overcome by AI. Models such as ChatGPT, if tuned a bit to give more informal answers as well as insisting it is human, can easily pass.

      • fades@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        1 year ago

        It was a joke, Alan Turing is dead and was famous for his work on the Turing Test which was used to test whether a bot could pass as a human or not - a test at the time where a human can pass but a bot cannot.

    • User Deleted@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      I’ll report them for harassment because everyone who knows my birthday does not give me gifts, so they must be a stalker that somehow found out my birthday.

  • SirEDCaLot@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 years ago

    I’d do a few things.

    First, make signing up computationally expensive. Some javascript that would have to run client side, like a crypto miner or something, and deliver proof to the server that some significant amount of CPU power was used.

    Second, some type of CAPTCHA. ReCaptcha with the settings turned up a bit is a good way to go.

    Third, IP address reputation checks. Check IP addresses for known spam servers, it’s the same thing email servers do. There’s realtime blacklists you can query against. If the client IP is on them, don’t allow registration but only allow application to register.

    • Spzi@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      make signing up computationally expensive. Some javascript that would have to run client side, like a crypto miner or something, and deliver proof to the server that some significant amount of CPU power was used.

      Haha, I like this one! Had to strike a balance between ‘make it annoying enough to deter bots’ and ‘make it accessible enough to allow humans’. Might be hard, because people have vastly different hardware. Personally, I probably would be fine waiting for 1s, maybe up to 5s. Not sure if that is enough to keep the bots out. As far as I understand, they would still try (and succeed), just be fewer because signup takes more time.

      I also like the side-effect of micro-supporting the instance you join with a one time fee. I expect haters to hate this quite a lot though.

      • SirEDCaLot@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Doesn’t have to be a crypto miner. Just has to be any sort of computationally intense task. I think the ideal would be some sort of JavaScript that integrates that along with the captcha. For example, have some sort of computationally difficult math problem where the server already knows the answer, and the answer is then fed into a simple video game engine to procedurally generate a ‘level’. The keyboard and mouse input of the player would then be fed directly back to the server in real time, which could decide if it’s actually seeing a human playing the correct level.

    • animist@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I like the first two ideas but a problem with the third is most lemmy users are gonna be techies who probably use a VPN which means they’ll have to cycle through a few nodes before getting one that works (if they even realize that’s where the problem lies)

      • SirEDCaLot@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        VPN endpoints would not necessarily have low IP reputation. A VPN provider that allows its users to spam the internet is probably not a good one anyway. And besides, that would not inhibit registration, it would just make users fill out a form to apply so the server operator would have to go through and approve it.