Why Are Bots Unable to Check "I Am Not a Robot" Checkboxes?

iStock.com/Oleksandr Hruts
iStock.com/Oleksandr Hruts

Oliver Emberton:

How complicated can one little checkbox be? You can't even imagine!

For starters, Google invented an entire virtual machine—essentially a simulated computer inside a computer—just to run that checkbox.

That virtual machine uses Google's own language, which they then encrypt. Twice.

But this is no simple encryption. Normally, when you password protect something, you might use a key to decode it. Google’s invented language is decoded with a key that is changed by the process of reading the language, and the language also changes as it is read.

Google combines (or hashes) that key with the web address you’re visiting, so you can’t use a CAPTCHA from one website to bypass another. It further combines that with “fingerprints” from your browser, catching microscopic variations in your computer that a bot would struggle to replicate (such as CSS rules).

All of this is done just to make it hard for you to understand what Google is even doing. You need to write tools just to analyze it. (Fortunately people did just that).

It turns out that these checkboxes record and analyze a lot of data, including: Your computer’s timezone and time; your IP address and rough location; your screen size and resolution; the browser you’re using; the plugins you’re using; how long the page took to display; how many key presses, mouse clicks, and tap/scrolls were made; and ... some other stuff we don’t quite understand.

We also know that these boxes ask your browser to draw an invisible image [PDF] and send it to Google for verification. The image contains things like a nonsense font, which (depending on your computer) will fall back to a system font and be drawn very differently. They then add to this a 3D image with a special texture, which is drawn in such a way that the result varies between computers.

Finally, these seemingly simple little checkboxes combine all of this data with their knowledge of the person using the computer. Almost everyone on the Internet uses something owned by Google—search, mail, ads, maps—and as you know, Google Tracks All Of Your Things™️. When you click that checkbox, Google reviews your browser history to see if it looks convincingly human.

This is easy for them, because they’re constantly observing the behavior of billions of real people.

How exactly they check all this information is impossible to know, but they’re almost certainly using machine learning (or AI) on their private servers, which is impossible for an outsider to replicate. I wouldn’t be surprised if they also built an adversarial AI to try to beat their own AI, and have both learn from each other.

So why is all this hard for a bot to beat? Because now you’ve got a ridiculous amount of messy human behaviors to simulate, and they’re almost unknowable, and they keep changing, and you can’t tell when. Your bot might have to sign up for a Google service and use it convincingly on a single computer, which should look different from the computers of other bots, in ways you don’t understand. It might need convincing delays and stumbles between key presses, scrolling and mouse movements. This is all incredibly difficult to crack and teach a computer, and complexity comes at a financial cost for the spammer. They might break it for a while, but if it costs them (say) $1 per successful attempt, it’s usually not worth them bothering.

Still, people do break Google’s protection [PDF]. CAPTCHAs are an ongoing arms race that neither side will ever win. The AI technology that makes Google’s approach so hard to fool is the same technology that is adapted to fool it.

Just wait until that AI is convincing enough to fool you.

Sweet dreams, human.

This post originally appeared on Quora. Click here to view.

Why Are Shower Doors in Hotel Rooms Getting Smaller?

sl-f/iStock via Getty Images
sl-f/iStock via Getty Images

Shower doors are shrinking in posh hotels, and minimalism is to blame, Condé Nast Traveler reports.

In lieu of hanging shower curtains or providing full shower doors, many newer hotels are opting for glass panels that cover only half the length of the shower. That’s frustrating for many travelers, who complain the growing trend is inconvenient and leaves bathroom floors sopping wet and slippery after shower use.

According to Condé Nast Traveler, the half-door trend began in European hotels in the 1980s. “A lot of it comes down to people trying to design hotel rooms with limited space,” boutique hotel designer Tom Parker told the magazine. “It’s about the swing of the shower door, because it has to open outward for safety reasons, like [if] someone falls in the shower. You have to figure out where the door swing’s going to go, make sure it’s not [hitting] the main door. It’s just about clearances.” A smaller door also has the added benefit of making the space appear larger than it really is, according to the magazine.

The trend is also connected to the birth of minimalist “lifestyle hotels,” which cater to a younger, hipper clientele that gravitates toward sleek lines and modern design. Plus, half-size glass doors are easier to clean than shower curtains, which tend to trap bacteria and need to regularly be replaced, which can add up to significant additional costs for a hotel.

Theoretically, even half-door showers are designed to minimize water spillage. Designers try to level the floors in bathrooms so water doesn’t pool in random areas, and they place shower heads and knobs in areas that are more protected by glass paneling. And where design doesn’t work, hotels try to pick up the slack.

“Hotels tend to mitigate the risks by offering non-slip interior shower mats, cloth bath mats for stepping out of the shower, grab bars, [and] open showers or no-sill showers which avoid having to step up and over the ledge,” designer Douglas DeBoer, founder and CEO of Rebel Design Group, told Condé Nast Traveler.

But the half-door trend still has yet to gain much love from hotel guests. “The older generation much, much prefers having a shower door,” Parker told Condé Nast Traveler. “I’m like a 70-year-old man at heart anyway. I like [a shower door] if it’s in keeping with the style of the rest of the room.”

Have you got a Big Question you'd like us to answer? If so, let us know by emailing us at bigquestions@mentalfloss.com.

Does Pushing the Button at a Crosswalk Actually Do Anything?

Pressing this crosswalk button may or may not do something.
Pressing this crosswalk button may or may not do something.
David Tran/iStock via Getty Images

Since crosswalk signals rarely seem to give you the green light (or more accurately, the white, human-shaped light) right after you press the button, you may find yourself wondering if those buttons actually work. The potentially exasperating answer is this: It depends.

First and foremost, it’s important to understand that crosswalk buttons aren’t designed to have an immediate effect; they’re just supposed to tell the system that a person is waiting to cross. As CityLab explained, some systems won’t ever give pedestrians the crossing signal unless someone has pressed the button, while others are programmed to shorten the wait time for walkers when the button has been pressed. No matter what, the system still has to cycle through its other phases to give cars enough time to pass through the intersection, so you’ll probably still have to stand there for a moment.

During busy traffic times or under other extenuating circumstances, however, cities can switch the system to what’s known as “recall mode,” when pedestrian crossings are part of the cycle already and pressing the button quite literally changes nothing. Unfortunately, there’s no way to tell if a particular button is in recall mode, short of calling your city officials and asking an expert to come inspect it.

But if you feel like a button isn’t doing anything, there’s a pretty good chance it’s been permanently deactivated. As congestion has increased and the systems to manage it have become more advanced over the years, cities have moved away from using crosswalk buttons at all. In 2018, for example, CNN reported that only around 100 of New York City’s 1000 buttons were still functioning. Since actually removing the buttons from crosswalks would be a costly endeavor, cities have opted to leave them intact, just waiting to be pummeled by impatient pedestrians who don’t know any better.

What about 'close door' buttons on elevators, you ask? That depends, too.

Have you got a Big Question you'd like us to answer? If so, let us know by emailing us at bigquestions@mentalfloss.com.

SECTIONS

arrow
LIVE SMARTER