Giving the finger to those pesky bots!

08 Apr 2021ElxsyBotsSecurityFun

History

Back in 2009 when I wanted to tackle these annoying bots ruining my blog. I came up with ImHuman, visually selecting distinct images rather than trying to decipher alien captcha messages or entering door numbers from badly scanned textbooks to prove your humanness by Google and such.

I had provided a JSON API with full images, payloads, and local verification signatures for ease of use and speed. Unfortunately, I kept it to limited users back then as the bandwidth and storage weren't as plentiful or cheap as it was today. 

The only remaining parts are the web archive captures, from June 2009. You might want to highlight the page as the missing JS, CSS rendering causes black text on a black background and making it unreadable. The post highlights all the cases and permutation calculations etc.

You can see it in action from this historic iPhone2 screenshot.

The only surviving picture from ImHuman on first iphone

Now

As years passed, ReCaptcha and google caught up, ended up copying the tactics, getting more evil in the process.

Now I have to deal with the bots again. You ban them with IP lists but more spawns! They fail email verification but still create noise and traffic in the logs, wasting bandwidth, CPU, electricity that could be spent serving a genuine user faster and bit more greener.

I am not going to voluntarily allow google or another big tech to snoop on my users just because of their tool - and on top pay them for it! Apparently, it is paid for now. Maybe I should even file a rip-off lawsuit? ?

The Finger

I wanted to do something similar for verification now but with less amount of work and some attitude. I grabbed my phone, captured some pictures against a nightmare pattern chair for image processing, and here comes the finger verification.

Finger verification for 2025

That would be 2025

Finger verification for 2543

That would be 2543

Improvements

I know it is not as easy to use as my first implementation and permutation is tiny compared to ImHuman whilst the image processing and AI techniques have shot through the roof.

It can be further improved with random spacing, rotation, cropping as well as applying filters to composite images or changing levels.

By adding more data sets especially different skin tones the variety will greatly improve. It will be a fun community project and memoir to contribute also with your own hand ?

Conclusion

It is bespoke and good enough to deter the 99% and slow down the 1% - if they ever decide to bother with an already free and non-membership required services platform.

The most important part is I had fun giving the finger to the bots ?!

I think my future human users who decide to join us will enjoy the personal challenge too.

Techy Notes

The whole code is literally 3 lines. You can kill off your dependency on some big tech also with a couple of lines of code yourself?

Elixir Library and package https://github.com/ykurtbas/elixir-finger. You can easily port to other languages and contribute.