Asynchronous Trade - Secure w/ reCAPTCHA Checkbox Test to Mitigate Bots
|
I think GGG hit a home run with Content Patch 0.3.0 with the addition of Asynchronous Trading. However, I think when a Buyer clicks the Secure Item button to teleport to the Seller's hideout, the player should have to click a reCAPTCHA checkbox to continue. This would significantly curtail the number of bots using this new trading platform.
How does reCAPTCHA test with a single checkbox work? This reCAPTCHA test simply prompts the user to check a box next to the statement, "I'm not a robot." However, the test is not the actual action of clicking the checkbox, it's everything leading up to the checkbox click. This reCAPTCHA test takes into account the movement of the user's cursor as it approaches the checkbox. Even the most direct motion by a human has some amount of randomness on the microscopic level, tiny unconscious movements that bots can't easily mimic. If the cursor's movement contains some unpredictability, then the test decides that the user is probably legitimate.  Последняя редакция: CharlesJT#7681. Время: 21 авг. 2025 г., 13:50:09 Last bumped21 авг. 2025 г., 14:29:28
|
|
|
AI does CAPTCHA now.
|
|
" Asked ChapGPT question, "how can GGG make PoE2 Asynchronous Trading on website secure through reCAPTCHA tools?" Below is the response... 1. Prevent Bot Abuse on Trade Website * reCAPTCHA v2 or v3 can be added to the "Secure Item" button on the trade site to ensure only human users initiate teleportation to seller hideouts. * This helps block automated scripts from mass-buying or scraping listings. 2. Protect Merchant Tab Listings * When players list items via the website or in-game proxy merchant (Ange), reCAPTCHA can verify that the listing action is human-initiated. * This reduces risk of bots flooding the market with junk or overpriced items. 3. Rate-Limiting Trade Requests * reCAPTCHA v3 can silently score user behavior and flag suspicious patterns. * This allows GGG to throttle or block abusive traffic without disrupting normal gameplay. Последняя редакция: CharlesJT#7681. Время: 21 авг. 2025 г., 14:00:16
|
|
|
Prompt: Eli5 why click box captcha is trivial to bypass----
Because a “click box” CAPTCHA (the one where you just tick “I’m not a robot”) isn’t actually a test of your clicking—it’s just checking browser signals. Here’s why it’s trivial to bypass: JavaScript checks only: It looks at things like cookies, mouse movement, or if JavaScript runs normally—bots can easily emulate these. No challenge depth: Unlike image or puzzle CAPTCHAs, it doesn’t require solving a problem—just sending the expected request. Automation-ready: Tools like Selenium, Puppeteer, or headless browsers can click the box programmatically in one line of code. Predictable traffic: Bots can spoof “human” headers, TLS fingerprints, and timing to look like a normal user session. In short: it’s security theater—bots can mimic everything it checks, so the checkbox offers little real protection. -- lets also completely forget that Chatgpt is programmed to answer not with what is correct, but rather what the user will feel is correct and like. Последняя редакция: cyranis#7939. Время: 21 авг. 2025 г., 14:28:06
|
|
" More on this point, OP specified to ChatGPT that it must provide an answer that includes reCAPTCHA, so it will omit any solution outside of that criteria. Последняя редакция: Beavith#5056. Время: 21 авг. 2025 г., 15:11:50
|
|
