Will bots ever pass security checks?

wegs

Matter and Pixie Dust
Valued Senior Member
I didn’t feel like logging into LinkedIn earlier to look up a former colleague, so I had to “verify” that I’m not a bot by going through a quick security check (you know “check the boxes that show traffic lights, etc”)

I wonder - when will bots be able to pass security checks? With all of the incredible advances in hacking technology, one might imagine that we’re already there. So, how does LinkedIn know for sure that I’m not a bot?
 
So, how does LinkedIn know for sure that I’m not a bot?
It's a matter of numbers.
So far, it's working. If the number of hacked accounts begins to rise, they will have to implement a more sophisticated security system.

Like Cheetahs and Gazelles in Africa, security and hacking are locked in a runaway evolution - each trying to stay ahead of the other.
 
So, how does LinkedIn know for sure that I’m not a bot?
https://phys.org/news/2020-07-quantum-loop-unveils-blueprint-virtually.html
Quantum loop: US unveils blueprint for 'virtually unhackable' internet
US officials and scientists have begun laying the groundwork for a more secure "virtually unhackable" internet based on quantum computing technology.

At a presentation Thursday, Department of Energy (DOE) officials issued a report that lays out a blueprint strategy for the development of a national quantum internet, using laws of quantum mechanics to transmit information more securely than on existing networks.

The agency is working with universities and industry researchers on the engineering for the initiative with the aim of creating a prototype within a decade.

In February, scientists from DOE's Argonne National Laboratory and the University of Chicago created a 52-mile (83-kilometer) "quantum loop" in the Chicago suburbs, establishing one of the longest land-based quantum networks in the nation.

The aim is to create a parallel, more secure network based on quantum "entanglement," or the transmission of sub-atomic particles.

"One of the hallmarks of quantum transmissions is that they are exceedingly difficult to eavesdrop on as information passes between locations," according to the Energy Department statement.
more at link....................
<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>
So not impossible, but extremely difficult.
 
I didn’t feel like logging into LinkedIn earlier to look up a former colleague, so I had to “verify” that I’m not a bot by going through a quick security check (you know “check the boxes that show traffic lights, etc”)

I wonder - when will bots be able to pass security checks?
They already have. It's a bit of an arms race right now - as soon as a bot can pass it, they make a harder one. (One of these days they'll make it so hard that humans can't pass them . . . .)
 
I didn’t feel like logging into LinkedIn earlier to look up a former colleague, so I had to “verify” that I’m not a bot by going through a quick security check (you know “check the boxes that show traffic lights, etc”)

I really dislike that particular form of security check. There's nothing wrong with my vision and there's nothing wrong with my screen, yet every second or third time I encounter this one, I'll have to do it twice. Or even three times. Sometimes it looks as though there might be a traffic light (or bicycle...) at the corner or edge of the frame, but the images are of such poor quality that you can't really tell. They look like crops of Google maps images in which the driver was going too fast or something. I'm probably wrong, but I get the sense that the images are not vetted by humans. Has anyone else experienced this?
 
...I get the sense that the images are not vetted by humans.
Logically, they must have been vetted by humans. Otherwise it means there is some AI out there that can figure the correct answer. Which would immediately make it obsolete as a human litmus test.
 
I think the concept must be that there is some AI that does well enough with clear images (think Google image search) so they must degrade the image to the point where humans can figure it out but where current image search technology can't.

By the way, can you find the frog in my avatar?
 
I think the concept must be that there is some AI that does well enough with clear images (think Google image search)
I think Google Image Search uses metadata associated with images.
I doubt there is any AI that knows what a "frog" looks like.
 
I really dislike that particular form of security check. There's nothing wrong with my vision and there's nothing wrong with my screen, yet every second or third time I encounter this one, I'll have to do it twice. Or even three times. Sometimes it looks as though there might be a traffic light (or bicycle...) at the corner or edge of the frame, but the images are of such poor quality that you can't really tell. They look like crops of Google maps images in which the driver was going too fast or something. I'm probably wrong, but I get the sense that the images are not vetted by humans. Has anyone else experienced this?
Yes. I’ve experienced it, and it’s annoying. I find it especially annoying when I’m attempting to log in to a particular site and it’s doubting my identity. Whoever “it” is.
 
I didn't say they knew what a frog looks like.
I know. I did. Not important.

The point remains: to set up a security test in the first place, one must first determine the correct answer and action: to-wit, "Cells A1, B2 ad B3 contain frogs. This user has selected A1, B2,B3 and thus is surely human. Let them in.".

If these tests were initially set up by AI - i.e. an AI could tell frog from non-frog to set the conditions of the test - that means, by definition, that an AI posing as a user can also pass the security test and gain access.

Which would make it useless as a security test.

The whole point is to make a test that an AI can't solve - and therefore can't set up in the first place - because it can't figure out the 'pass' conditions.

Therefore, the test must be set up by a human.
 
I hate those wiggly letters and number checks. I have trouble discerning their upper and lower case letters, like O, V, W, X and Z.
 
The whole point is to make a test that an AI can't solve - and therefore can't set up in the first place - because it can't figure out the 'pass' conditions.
Actually, all that is needed is something that requires a reasonably good AI to solve, assumption being that your average punter won't be running a deep-learning supercomputer setup.

Oh, and I think google image search uses deep learning, not just image tags. It can recognise frogs in pictures. It's not 100% accurate, but pretty good. There are lots of similar image recognition AI systems out there.
 
Clearly, the most effective security check is the one in which you check a box that says, "I'm not a robot." Obviously, no bot could pass that one.
 
Actually, all that is needed is something that requires a reasonably good AI to solve, assumption being that your average punter won't be running a deep-learning supercomputer setup.

Oh, and I think google image search uses deep learning, not just image tags. It can recognise frogs in pictures. It's not 100% accurate, but pretty good. There are lots of similar image recognition AI systems out there.

Bearing this in mind, I am still entertaining my hypothesis (re: the security type described in OP) that computers, not humans, are vetting the images.
 
Tangentially--and analogically, I guess--I've been putzing around with this stem-isolation software of late:
In a nutshell
We are releasing "); background-size: 1px 1px; background-position: 0px calc(1em + 1px);">Spleeter to help the research community in Music Information Retrieval (MIR) leverage the power of a state-of-the-art source separation algorithm. It comes in the form of a Python Library based on "); background-size: 1px 1px; background-position: 0px calc(1em + 1px);">Tensorflow, with pretrained models for 2, 4 and 5 stems separation. Spleeter will be presented and live-demoed at the 2019 "); background-size: 1px 1px; background-position: 0px calc(1em + 1px);">ISMIR conference in Delft.

A brief overview of source separation
While not a broadly known topic, the problem of source separation has interested a large community of music signal researchers for a couple of decades now. It starts from a simple observation: music recordings are usually a mix of several individual instrument tracks (lead vocal, drums, bass, piano etc..). The task of music source separation is: given a mix can we recover these separate tracks (sometimes called stems)? This has many potential applications: think remixes, upmixing, active listening, educational purposes, but also pre-processing for other tasks such as transcription.
https://deezer.io/releasing-spleeter-deezer-r-d-source-separation-engine-2b88985e797e

The results are almost--almost, but not quite--useable. *

And, if you're too lazy and/or stupid and/or you simply don't feel like bothering there's this:

https://colab.research.google.com/g...2/spleeter-multi-source-separation-demo.ipynb

Pretty much the auditory equivalent of what is being discussed here--and accessible even to idjits.

Edit: * On reflection, I almost did "use" it. There was some sibilance on a track for a reissue thingie that was quite bothersome. However, the recording itself had multiple points of origin (cassette 4-track, 1/2", AND hard drive), so working from the original "masters" was impossible (I'm hardly the most organized). The isolation of vocals was actually pretty damn good, but then the sibilance kinda grew on me.
 
Last edited:
Back
Top