HACKER Q&A
📣 evilsaloon

Non-Intrusive Human Verification?


With the existence of SMS receiving services and click farms that bypass Google's latest captcha (I'm not even going to mention how easy it is to "click" on email links), services have started implementing more and more elaborate ways to detect bots, at a detriment to regular, everyday users.

If I were developing a new service, how could I verify my users in a non-intrusive way? Forcing SMS verification only slightly reduces the bot problem and alienates new users, and asking users to, say, manually email me to enable access is completely unsustainable. Is it even possible to keep bots out in a sustainable way that respects the end user?

  👤 powera Accepted Answer ✓
It is possible to verify that a user is a specific human.

It is not possible to verify that a user is a vague-but-unique human. Between bots, account farming, etc. it is simply not possible any more.

Legal and other requirements may prevent you from checking a drivers' license, national ID card, credit card ... but that is the only approach that can work.